20 matches found
CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip
A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...
CVE-2026-13318
A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...
BIT-CILIUM-OPERATOR-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
GO-2026-4856 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium
Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium...
GHSA-HXV8-4J4R-CQGV Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Impact Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments...
Cilium 安全漏洞
Cilium is an open-source software developed by Cilium contributors. It is used to provide and transparently protect network connections and load balancing between application workloads, such as application containers or processes. Versions of Cilium from 1.18.0 to 1.18.5 contain security...
EUVD-2023-2509
Malicious code in bioql PyPI...
EUVD-2023-0945
Malicious code in bioql PyPI...
CVE-2023-27595
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...
Ubuntu: Security Advisory (USN-7444-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-R56H-J38W-HRQQ Kubernetes kube-apiserver Vulnerable to Race Condition
A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...
Kubernetes kube-apiserver Vulnerable to Race Condition
A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...
CVE-2024-7598
A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...
Kubernetes 安全漏洞
Kubernetes K8s is an open source system from Kubernetes Open Source for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes that stems from a network policy that can be bypassed during namespace deletion, causing network...
Network Policy Bypass
github.com/cilium/cilium is vulnerable to Network Policy Bypass. The vulnerability is due to the inherent design of ICMP traffic handling in conjunction with specific network policy settings in Cilium, allows ICMP Echo Requests to bypass intended restrictions...
Improper Handling Of Exceptional Conditions
github.com/cilium/cilium is vulnerable to Improper Handling of Exceptional Conditions. The vulnerability is due to Cilium startup, a remote attacker is able to cause disruption to newly established connections during the short period where eBPF programs are not attached to the host resulting in t...
Network Policy Bypass
github.com/cilium/cilium is vulnerable to Network Policy Bypass. The library may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host, which allows a remote attacker to bypass network policies when IPv6 routing is enabled and NodePorts a...
CVE-2023-27594 Cilium vulnerable to potential network policy bypass when routing IPv6 traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...
GHSA-8FG8-JH2H-F2HC Potential network policy bypass when routing IPv6 traffic
Impact Under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network polici...
Network policy may be bypassed by some ICMP Echo Requests
Impact Under certain conditions, ICMP Echo Request sent to a Cilium endpoint from an actor may bypass a network policy which disallows access from the actor to the endpoint, but allows from the endpoint to the actor. This does NOT apply to UDP and TCP traffic. The actor is either a pod or a clust...