AZL-76868 CVE-2025-47911 affecting package cert-manager 1.12.15-4

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

CBL Mariner 2.0 Security Update: cert-manager / helm (CVE-2025-32387)

The version of cert-manager / helm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32387 advisory. - Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be...

Azure Linux 3.0 Security Update: helm (CVE-2025-32387)

The version of helm installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32387 advisory. - Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a...

CVE-2025-32387 affecting package cert-manager for versions less than 1.12.15-4

CVE-2025-32387 affecting package cert-manager for versions less than 1.12.15-4. A patched version of the package is available...

CVE-2025-32386 affecting package cert-manager for versions less than 1.12.15-4

CVE-2025-32386 affecting package cert-manager for versions less than 1.12.15-4. A patched version of the package is available...

CVE-2025-32386 affecting package cert-manager for versions less than 1.11.2-23

CVE-2025-32386 affecting package cert-manager for versions less than 1.11.2-23. A patched version of the package is available...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cert-manager

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cert-manager. Vulnerability Details CVEID:CVE-2024-36537 DESCRIPTION: cert-manager could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an insecure permissions flaw. By obtaining...

CVE-2024-51744 affecting package cert-manager for versions less than 1.11.2-22

CVE-2024-51744 affecting package cert-manager for versions less than 1.11.2-22. A patched version of the package is available...

CVE-2025-30204 affecting package cert-manager for versions less than 1.12.15-3

CVE-2025-30204 affecting package cert-manager for versions less than 1.12.15-3. A patched version of the package is available...

CVE-2025-22869 affecting package cert-manager for versions less than 1.12.15-2

CVE-2025-22869 affecting package cert-manager for versions less than 1.12.15-2. A patched version of the package is available...

CVE-2025-27144 affecting package cert-manager for versions less than 1.12.15-2

CVE-2025-27144 affecting package cert-manager for versions less than 1.12.15-2. A patched version of the package is available...

CVE-2025-22868 affecting package cert-manager for versions less than 1.12.15-2

CVE-2025-22868 affecting package cert-manager for versions less than 1.12.15-2. A patched version of the package is available...

Azure Linux 3.0 Security Update: cert-manager / influxdb / keda / libcontainers-common / packer (CVE-2024-6104)

The version of cert-manager / influxdb / keda / libcontainers-common / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6104 advisory. - go-retryablehttp prior to 0.7.7 did not sanitize urls...

CBL Mariner 2.0 Security Update: cert-manager (CVE-2024-12401)

The version of cert-manager installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12401 advisory. - A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data tha...

CVE-2024-45338 affecting package cert-manager for versions less than 1.11.2-17

CVE-2024-45338 affecting package cert-manager for versions less than 1.11.2-17. A patched version of the package is available...

CVE-2024-45337 affecting package cert-manager for versions less than 1.11.2-16

CVE-2024-45337 affecting package cert-manager for versions less than 1.11.2-16. A patched version of the package is available...

Denial Of Service (DoS)

github.com/cert-manager/cert-manager is vulnerable to Denial Of Service DoS. The vulnerability is due to the way cert-manager processes specially crafted invalid PEM data using the pem.Decode function in the standard library, allows an attacker who can modify PEM data read by cert-manager—such as...

PT-2024-27057 · Unknown · Cert-Manager

Name of the Vulnerable Software and Affected Versions: cert-manager version 1.14.4 Description: The issue is related to insecure permissions, allowing attackers to access sensitive data and escalate privileges by obtaining the service account's token. Recommendations: For cert-manager version...

AZL-34581 CVE-2023-48795 affecting package cert-manager for versions less than 1.12.12-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-34585 CVE-2023-6337 affecting package cert-manager for versions less than 1.12.12-1

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of...