15 matches found
EUVD-2022-1122
Malicious code in bioql PyPI...
SUSE CVE-2020-13597
Clusters using Calico version 3.14.0 and below, Calico Enterprise version 2.8.2 and below, may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node's IPv6 interface due to the node accepting route...
CVE-2024-33522
In vulnerable versions of Calico v3.27.2 and below, Calico Enterprise v3.19.0-1, v3.18.1, v3.17.3 and below, and Calico Cloud v19.2.0 and below, an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. T...
Calico 安全漏洞
Tigera Calico is an open source cybersecurity solution for container, virtual machine, and host workloads from Tigera USA. A security vulnerability exists in Calico, Calico Enterprise, and Calico Cloud. An attacker could exploit the vulnerability to execute arbitrary binaries with elevated...
CVE-2023-41378
In certain conditions for Calico Typha v3.26.2, v3.25.1 and below, and Calico Enterprise Typha v3.17.1, v3.16.3, v3.15.3 and below, a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake call is performed inside the main server...
Design/Logic Flaw
In certain conditions for Calico Typha v3.26.2, v3.25.1 and below, and Calico Enterprise Typha v3.17.1, v3.16.3, v3.15.3 and below, a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake call is performed inside the main server...
CVE-2023-41378
The CVE-2023-41378 issue affects Calico Typha (v3.26.2, v3.25.1 and below) and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below). The vulnerability arises because the TLS Handshake() is performed inside the main server loop without a timeout, allowing an unclean TLS handshake to block...
CVE-2022-28224
Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...
Input validation
Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...
CVE-2022-28224 Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature
Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...
CVE-2022-28224
CVE-2022-28224 affects Calico across clusters using Calico ≤ 3.22.1 and Calico Enterprise ≤ 3.12.0. The issue allows a privileged attacker to set a floating IP annotation on a pod without the feature being enabled, due to insufficient validation, potentially intercepting and rerouting traffic to ...
Tigera Calico 输入验证错误漏洞
Tigera Calico is an open source network security solution for container, virtual machine and host workloads from US-based Tigera. A security vulnerability exists in Tigera Calico version 3.22.1 and earlier, and Calico Enterprise version 3.12.0 and earlier, which stems from vulnerability to route...
CVE-2020-13597
Clusters using Calico version 3.14.0 and below, Calico Enterprise version 2.8.2 and below, may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route...
Information disclosure
Clusters using Calico version 3.14.0 and below, Calico Enterprise version 2.8.2 and below, may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route...
CVE-2020-13597
Calico and Calico Enterprise clusters are affected (Calico ≤ 3.14.0; Calico Enterprise ≤ 2.8.2). The root cause is improper validation of IPv6 router advertisements, allowing a compromised privileged pod to reconfigure the node’s IPv6 interface because the node accepts route advertisements by def...