377 matches found
GHSA-V53G-5GJP-272R vulnerabilities
Vulnerabilities for packages: cilium-cli, kubescape, k8sgpt, helm-operator, up, trivy, k9s, zot, flux-helm-controller, eksctl, chartmuseum, flux-source-controller, kots, kubevela, helm-push, zarf...
AZL-34355 CVE-2024-25620 affecting package cert-manager for versions less than 1.11.2-12
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the...
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: trivy, kubescape, cert-manager-fips, flux-helm-controller, up, chartmuseum, cert-manager, eksctl, kots, zarf, zot, cilium-cli, flux-source-controller, k8sgpt, helm-push, k9s, helm-operator, kubevela...
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: skaffold, k3s, helm-operator-fips, chartmuseum, dagger, docker-credential-gcr, eksctl, skopeo, datadog-agent-fips, zot, buildkitd, goreleaser, k9s, kubevela, cadvisor, helm, timoni, ctop, argo-workflows-fips, cri-tools, crane, kpt, datadog-agent, argo-workflows,...
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: skaffold, k3s, helm-operator-fips, chartmuseum, dagger, docker-credential-gcr, eksctl, skopeo, datadog-agent-fips, zot, buildkitd, goreleaser, k9s, kubevela, cadvisor, helm, timoni, ctop, argo-workflows-fips, cri-tools, crane, kpt, datadog-agent, argo-workflows,...
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: skaffold, kaniko, rancher-agent, grype, gitness, eksctl, zot, buildkitd, kubevela, helm, fuse-overlayfs-snapshotter, melange, ctop, flux-source-controller, k3d, trivy, kubescape, cert-manager-fips, newrelic-infrastructure-agent, cilium-cli, k8sgpt,...
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: tigera-operator-fips, kyverno-policy-reporter, kubeflow, kaf, trillian-fips, eksctl, skopeo, zot, kubeflow-pipelines, prometheus-bind-exporter, kubeflow-fips, gomplate, temporal-ui-server-fips, flux-kustomize-controller, metrics-server-fips, prometheus-mysqld-exporte...
AZL-34581 CVE-2023-48795 affecting package cert-manager for versions less than 1.12.12-1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
AZL-32195 CVE-2023-48795 affecting package cert-manager for versions less than 1.11.2-7
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
AZL-34585 CVE-2023-6337 affecting package cert-manager for versions less than 1.12.12-1
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of...
CVE-2023-46100 Cert manager has a use of uninitialized resource vulnerability
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource...
CVE-2023-46100 Cert manager has a use of uninitialized resource vulnerability
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource...
Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.12.1
cert-manager Operator for Red Hat OpenShift 1.12.1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.11.5
cert-manager Operator for Red Hat OpenShift 1.11.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2023-47108 vulnerabilities
Vulnerabilities for packages: kubescape, kubernetes-csi-external-resizer, cri-tools, k3s, kine, buildkitd, temporal, temporal-server, volume-modifier-for-k8s, metrics-server, docker-compose, kubernetes, kubevela, envoy-ratelimit...
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: skaffold, k3s, rancher-agent, chartmuseum, ctop, kpt, k3d, kubescape, slsa-verifier, falcoctl-fips, tekton-chains, aactl, bom, paranoia, scorecard, spire-server-fips, cert-manager, up, falco...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: kubescape, scorecard, kubeflow, cortex, slsa-verifier, dgraph, up, buildkitd, terraform-provider-sendgrid, src, kubevela, k3d, spark-operator, aactl, prometheus-blackbox-exporter, falco...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: aws-efs-csi-driver-fips, kubeflow, conftest-fips, dgraph, cortex, kiam, buildkitd, kubernetes-csi-livenessprobe-fips, kubevela, kubeflow-fips, prometheus-blackbox-exporter, prometheus-stackdriver-exporter, terraform-provider-sendgrid-fips, volume-modifier-for-k8s-fip...
GHSA-RCJV-MGP8-QVMR vulnerabilities
Vulnerabilities for packages: caddy, prometheus-adapter, k3s, rancher-webhook, kube-oidc-proxy, cert-manager, kubernetes-fips, metrics-server-fips, buildkitd, kubernetes, up, kubevela, rancher-webhook-fips...
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is available...