6359 matches found
Siemens Insights Hub Private Cloud
SUMMARY Insights Hub Private Cloud is affected by multiple vulnerabilities in Ingress NGINX Controller for Kubernetes. These vulnerabilities could lead to arbitrary code execution in the context of the ingress-nginx controller, or disclosure of Secrets accessible to the controller, or denial of...
Kubernetes Ingress NGINX Controller Arbitrary Code Execution
Ingress NGINX Controller for Kubernetes versions before 1.11.5, and 1.12.x before 1.12.1 suffer from a critical remote code execution vulnerability. Successful exploitation allows an unauthenticated attacker with access to the pod network to achieve remote code execution RCE in the controller's...
Arbitrary Code Execution (ACE)
k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper input validation in the auth-tls-match-cn Ingress annotation, which allows attackers to inject arbitrary Nginx configuration...
Arbitrary Code Execution (ACE)
k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper access control, allowing an unauthenticated attacker with access to the pod network to execute arbitrary code in the context of the ingress-nginx controller...
Arbitrary Code Execution (ACE)
k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE . The vulnerability is due to improper handling of mirror-target and mirror-host annotations, allowing arbitrary configuration injection into nginx...
Directory Traversal
k8s.io/ingress-nginxx is vulnerable to Directory traversal. The vulnerability is due to the ingress-nginx Admission Controller including attacker-provided data in a filename, allowing traversal within the container...
Arbitrary Code Execution (ACE)
k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation and sanitization of user-supplied input in the auth-url Ingress annotation, allowing attackers to inject arbitrary nginx configuration directives...
Ubuntu: Security Advisory (USN-7285-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7285-2 nginx vulnerability
USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this...
USN-7285-2: nginx vulnerability
USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this...
Kubernetes Ingress NGINX Controller Arbitrary Code Execution (CVE-2025-1974)
Binary data kubernetescve-2025-1974.nbin...
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind...
Exploit for CVE-2025-1974
CVE-2025-1974: Kubernetes Ingress Nginx Controller 취약점 분석 및 Po...
Ingress-Nginx Admission Controller RCE Escalation
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
AlmaLinux 9 : nginx:1.22 (ALSA-2025:3261)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:3261 advisory. nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 Tenable has extracted the preceding description block directly from the AlmaLinux...
SUSE CVE-2025-1097
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
SUSE CVE-2025-1098
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...
SUSE CVE-2025-1974
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
SUSE CVE-2025-24514
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
SUSE CVE-2025-24513
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...