Lucene search
K

20 matches found

Cvelist
Cvelist
added 2026/06/25 11:23 p.m.44 views

CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00149EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:23 p.m.7 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00149EPSS
Exploits0References3
OSV
OSV
added 2026/04/06 7:45 a.m.3 views

BIT-CILIUM-OPERATOR-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References7
OSV
OSV
added 2026/03/26 8:33 p.m.4 views

GO-2026-4856 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium

Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References6
OSV
OSV
added 2026/03/26 4:48 p.m.6 views

GHSA-HXV8-4J4R-CQGV Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Impact Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

Cilium 安全漏洞

Cilium is an open-source software developed by Cilium contributors. It is used to provide and transparently protect network connections and load balancing between application workloads, such as application containers or processes. Versions of Cilium from 1.18.0 to 1.18.5 contain security...

6.1CVSS5.8AI score0.00126EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2509

Malicious code in bioql PyPI...

9CVSS8.9AI score0.0046EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0945

Malicious code in bioql PyPI...

7.3CVSS7.3AI score0.00552EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.7 views

CVE-2023-27595

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...

9.8CVSS6.7AI score0.00734EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/04/23 12:0 a.m.15 views

Ubuntu: Security Advisory (USN-7444-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.3AI score0.01463EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 6:30 p.m.9 views

GHSA-R56H-J38W-HRQQ Kubernetes kube-apiserver Vulnerable to Race Condition

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

3.1CVSS7.2AI score0.00301EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/03/20 6:30 p.m.12 views

Kubernetes kube-apiserver Vulnerable to Race Condition

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

3.1CVSS7.2AI score0.00301EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/03/20 5:15 p.m.10 views

CVE-2024-7598

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

3.1CVSS0.00301EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

Kubernetes 安全漏洞

Kubernetes K8s is an open source system from Kubernetes Open Source for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes that stems from a network policy that can be bypassed during namespace deletion, causing network...

3.1CVSS5.2AI score0.00301EPSS
Exploits0References4
Veracode
Veracode
added 2024/10/18 7:53 a.m.4 views

Network Policy Bypass

github.com/cilium/cilium is vulnerable to Network Policy Bypass. The vulnerability is due to the inherent design of ICMP traffic handling in conjunction with specific network policy settings in Cilium, allows ICMP Echo Requests to bypass intended restrictions...

7.1AI score
Exploits0
Veracode
Veracode
added 2023/03/22 4:35 a.m.12 views

Improper Handling Of Exceptional Conditions

github.com/cilium/cilium is vulnerable to Improper Handling of Exceptional Conditions. The vulnerability is due to Cilium startup, a remote attacker is able to cause disruption to newly established connections during the short period where eBPF programs are not attached to the host resulting in t...

9.8CVSS8.7AI score0.00734EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2023/03/22 3:10 a.m.19 views

Network Policy Bypass

github.com/cilium/cilium is vulnerable to Network Policy Bypass. The library may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host, which allows a remote attacker to bypass network policies when IPv6 routing is enabled and NodePorts a...

7.3CVSS6.9AI score0.00552EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/17 7:56 p.m.3 views

CVE-2023-27594 Cilium vulnerable to potential network policy bypass when routing IPv6 traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

4.2CVSS7.2AI score0.00552EPSS
Exploits0References4
OSV
OSV
added 2023/03/17 6:22 p.m.18 views

GHSA-8FG8-JH2H-F2HC Potential network policy bypass when routing IPv6 traffic

Impact Under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network polici...

4.2CVSS6AI score0.00552EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/05/21 2:32 p.m.38 views

Network policy may be bypassed by some ICMP Echo Requests

Impact Under certain conditions, ICMP Echo Request sent to a Cilium endpoint from an actor may bypass a network policy which disallows access from the actor to the endpoint, but allows from the endpoint to the actor. This does NOT apply to UDP and TCP traffic. The actor is either a pod or a clust...

0.4AI score
Exploits0References2Affected Software1
Rows per page
Query Builder