242 matches found
CVE-2024-3154 vulnerabilities
Vulnerabilities for packages: grype, cadvisor, cadvisor-fips, kubernetes, opentelemetry-collector-contrib-fips, opentelemetry-collector-contrib, neuvector-scanner, buildah, kubernetes-fips, ctop, wolfictl...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: flux, kubeflow-fips, flux-notification-controller, fuse-overlayfs-snapshotter, kube-bench, conftest-fips, envoy-ratelimit-fips, fulcio, pulumi-kubernetes-operator, eksctl, opentofu, kube-state-metrics-fips, flux-helm-controller, guac, cloudflared,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: flux, kubeflow-fips, flux-notification-controller, fuse-overlayfs-snapshotter, kube-bench, conftest-fips, envoy-ratelimit-fips, fulcio, pulumi-kubernetes-operator, eksctl, opentofu, kube-state-metrics-fips, flux-helm-controller, guac, cloudflared,...
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: cadvisor, ctop, buildkitd, zarf, kaniko, podman, newrelic-infrastructure-agent, grype, skaffold, skopeo, kubescape, zot, datadog-agent, k3s, syft, kubernetes, k9s, trivy, runc, docker, wolfictl, k3d, kots, nerdctl...
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: trivy, buildkitd, zot, datadog-agent-fips, grype, podman, kubernetes, skaffold, skopeo, kaniko, cadvisor, docker, datadog-agent, nerdctl, newrelic-infrastructure-agent, kubernetes-fips, wolfictl, k3s, kubescape, k9s, kots, syft, k3d, ctop, zarf, runc...
The vulnerability of the _nginxCmd() function of the Nginx web server control software, specifically the strong-nginx-controller, allows attackers to execute arbitrary commands.
The vulnerability of the nginxCmd function of the Nginx web server control software exists because measures to neutralize specific elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
GHSA-5WJ4-WFFQ-3378 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
GHSA-FP9F-44C2-CW27 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
GHSA-5WJ4-WFFQ-3378 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2023-5043 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2023-5044 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2023-5044 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2023-5043 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
Ingress NGINX Controller Injection Vulnerability
Ingress NGINX Controller is a Kubernetes open source entry controller for Kubernetes. A security vulnerability exists in Ingress NGINX Controller. An attacker can exploit this vulnerability to execute arbitrary commands...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: coredns, conftest, sigstore-scaffolding, minio, kind, gitness, haproxy-ingress, spark-operator, flux-source-controller, wireguard-go, cosign, kubernetes-csi-livenessprobe, pulumi-language-dotnet, pulumi, flux-helm-controller, kubeflow-katib, nghttp2,...
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: coredns, conftest, sigstore-scaffolding, minio, kind, gitness, haproxy-ingress, spark-operator, flux-source-controller, wireguard-go, cosign, kubernetes-csi-livenessprobe, pulumi-language-dotnet, pulumi, flux-helm-controller, kubeflow-katib, nghttp2,...
CVE-2021-25748
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...
K14631834: NGINX Controller vulnerability CVE-2020-5863
Security Advisory Description In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other...
K45263486: NGINX Controller vulnerability CVE-2021-23020
Security Advisory Description The NAAS API keys are generated using an insecure pseudo-random string and hashing algorithm, which may lead to predictable keys. CVE-2021-23020 Impact Local attackers are able to potentially generate a valid user key. Security Advisory Status F5 Product Development...
K27205552: NGINX Controller vulnerability CVE-2020-5864
Security Advisory Description Communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. CVE-2020-5864 Impact This vulnerability enables a man-in-the-middle MITM attack that can intercept the communication channel and read/modify data in transit. Security...