664 matches found
CVE-2023-41332
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...
CVE-2022-25629
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page Annotation Text Column...
GHSA-9PP5-9C7G-4R83 Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
PT-2025-22336 · Spring · Spring Security Aspects
Name of the Vulnerable Software and Affected Versions: Spring Security Aspects affected versions not specified Description: The issue concerns Spring Security Aspects not correctly locating method security annotations on private methods, potentially causing an authorization bypass. This can affec...
The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx, related to errors in processing Ingress object annotations, allows a hacker to execute arbitrary code.
The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx is related to errors in processing Ingress object annotations. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx, related to errors in processing Ingress object annotations, allows a hacker to execute arbitrary code.
The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx is related to errors in processing Ingress object annotations. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx, related to errors in processing Ingress object annotations, allows a hacker to execute arbitrary code.
The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx is related to errors in processing Ingress object annotations. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
SUSE-SU-2025:20278-1 Security update for helm
This update for helm fixes the following issues: - Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates - Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: chec...
Security update for helm
This update for helm fixes the following issues: Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: check...
[SECURITY] Fedora 42 Update: php-tcpdf-6.9.1-1.fc42
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
GO-2025-3568 ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx
ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...
Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes
On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....
CVE-2025-1098
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-url annotation which can be used to inject configuration into nginx. Remediation Upgrade github.com/kubernetes/ingress-nginx/internal/ingress/annotations/auth to version 1.11.5, 1.12.1, 4.11.5,...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation through the mirror-target and mirror-host annotations. Remediation Upgrade github.com/kubernetes/ingress-nginx/rootfs/etc/nginx/template to version 1.11.5, 1.12.1, 4.11.5, 4.12.1 or higher. References - GitHub...