277 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-8561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests...
PT-2025-33645 · Undefined · Undefined
🚨 URGENT: Kubernetes admins must patch CVE-2025-02383 SUSE-2025-02383-2 ✅ Affects: kube-apiserver v1.26.x ✅ Risk: Moderate-severity RBAC bypass. ✅ Fix: Apply SUSE patches NOW + validate with kube-bench. Read more: 👉 https://t.co/VRCE9nkHn3 https://t.co/ukAF3LWe56...
PT-2025-33265
Name of the Vulnerable Software and Affected Versions: kube-apiserver versions 1.31.11 and earlier kube-apiserver versions 1.32.7 and earlier kube-apiserver versions 1.33.3 and earlier Description: Compromised nodes can delete themselves and relabel via OwnerReferences. An attacker who has gained...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the toolsUploaderHandler function. An attacker can execute arbitrary code and compromise the integrity, confidentiality, and availability of the system by uploading malicious binaries through an authenticated...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /log endpoint. An attacker can access sensitive debug log messages by authenticating with valid user credentials, even without proper authorization. Remediation Upgrade github.com/juju/juju/apiserver to...
kubernetes1.32-apiserver-1.32.6-1.1 on GA media (moderate)
kubernetes1.32-apiserver-1.32.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:15236-1 Rating: moderate Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2025-22872 SUSE : 6.3...
OPENSUSE-SU-2025:15236-1 kubernetes1.32-apiserver-1.32.6-1.1 on GA media
These are all security issues fixed in the kubernetes1.32-apiserver-1.32.6-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2025:15234-1 kubernetes1.30-apiserver-1.30.14-1.1 on GA media
These are all security issues fixed in the kubernetes1.30-apiserver-1.30.14-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2025-26210 · Unknown · Kubernetes
Name of the Vulnerable Software and Affected Versions: kube-apiserver versions 1.32.0 through 1.32.5 kube-apiserver versions 1.33.0 through 1.33.1 Description: The issue allows a compromised node to create mirror pods, accessing unauthorized dynamic resources, potentially leading to privilege...
CVE-2023-32187
An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port TCP 6443 cause denial of service. This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0...
CVE-2022-39383
KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're...
SUSE CVE-2025-32963
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
GO-2025-3637 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS in github.com/minio/operator
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS in github.com/minio/operator. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
CVE-2025-32963
MinIO Operator STS (Kubernetes IAM) flaw: before v7.1.0, the spec.audiences default could be the Kubernetes API server, allowing replay to internal systems. Root cause: unscoped audiences enable trust beyond intended scope. Impact: tokens could be replayed to other components; mitigated only by p...
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary jQuery is used by IBM Robotic Process Automation for Cloud Pak as part of Abbyy CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2020-23064. Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2020-8552. Go Go-Yam...
kubernetes1.29-apiserver-1.29.15-1.1 on GA media (moderate)
kubernetes1.29-apiserver-1.29.15-1.1 on GA media Announcement ID: openSUSE-SU-2025:14924-1 Rating: moderate Cross-References: CVE-2025-1767 CVSS scores: CVE-2025-1767 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2025-1767 SUSE : 8.5...
GO-2025-3547 Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes
Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes...
Kubernetes kube-apiserver Vulnerable to Race Condition
A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...