25 matches found
EUVD-2024-1098
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-8557
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own...
Linux Distros Unpatched Vulnerability : CVE-2025-0426
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint...
GO-2025-3646 CNCF K3s Kubernetes kubelet configuration exposes credentials in github.com/k3s-io/k3s
CNCF K3s Kubernetes kubelet configuration exposes credentials in github.com/k3s-io/k3s. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
Authentication Bypass
github.com/k3s-io/k3s is vulnerable to unintended unauthenticated access. The vulnerability is due to a Kubernetes kubelet configuration change that, in some cases, sets ReadOnlyPort to 10255, allowing unauthenticated access and potential exposure of credentials...
CVE-2025-46599
CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...
GHSA-864F-7XJM-2JP2 CNCF K3s Kubernetes kubelet configuration exposes credentials
CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...
CVE-2025-46599
CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...
CVE-2025-46599
CVE-2025-46599 affects CNCF K3s 1.32 before 1.32.4-rc1+k3s1. The issue is a kubelet configuration change that, in some scenarios, leaves ReadOnlyPort at 10255, potentially allowing unauthenticated access and exposure of credentials. The CVE’s public details indicate the impact is credentials expo...
k3s 安全漏洞
k3s is a lightweight Kubernetes open source from k3s. A security vulnerability exists in k3s versions prior to 1.32 to 1.32.4-rc1+k3s1 that stems from a kubelet configuration change that could lead to unauthenticated access to the ReadOnlyPort port...
CVE-2025-46599
CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes kubelet (CVE-2024-10220)
Summary A vulnerability in Kubernetes kubelet that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-10220 DESCRIPTION: Kubernetes kubelet could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper...
Linux Distros Unpatched Vulnerability : CVE-2024-10220
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29...
CVE-2024-10220 Arbitrary command execution through gitRepo volume
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
CVE-2024-10220
CVE-2024-10220 – Kubernetes kubelet command execution via gitRepo volumes . Affects kubelet up to version 1.28.11 and 1.29.0–1.29.6 and 1.30.0–1.30.2. The issue allows arbitrary command execution through specially crafted gitRepo volumes in kubelet. Root cause: path traversal in how gitRepo volum...
CVE-2024-10220 Arbitrary command execution through gitRepo volume
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
CVE-2024-10220 Arbitrary command execution through gitRepo volume
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
PT-2024-8475 · Kubernetes +1 · Kubernetes Kubelet +2
Name of the Vulnerable Software and Affected Versions: Kubernetes kubelet versions through 1.28.11 Kubernetes kubelet versions from 1.29.0 through 1.29.6 Kubernetes kubelet versions from 1.30.0 through 1.30.2 Description: The issue allows arbitrary command execution via specially crafted gitRepo...
Security Bulletin: IBM Automation Decision Services for August 2024 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-5321...