CVE-2025-22871 vulnerabilities

Vulnerabilities for packages: slsa-verifier, litestream, ctop, kwok, cni-plugins, malcontent, chartmuseum, ingress-nginx-controller, goreleaser, kubeadm-controlplane-controller, kubernetes-csi-external-resizer, step, trust-manager, filebrowser, fluent-operator, newrelic-nri-statsd, gobump,...

GHSA-G9PC-8G42-G6VQ vulnerabilities

Vulnerabilities for packages: slsa-verifier, litestream, ctop, kwok, cni-plugins, malcontent, chartmuseum, ingress-nginx-controller, goreleaser, kubeadm-controlplane-controller, kubernetes-csi-external-resizer, step, trust-manager, filebrowser, fluent-operator, newrelic-nri-statsd, gobump,...

CVE-2025-22871 vulnerabilities

Vulnerabilities for packages: rabbitmq-cluster-operator, prometheus-nats-exporter, amazon-k8s-cni-fips, google-osconfig-agent, spiffe-helper-fips, ingress-nginx-controller-fips, local-path-provisioner, flux-helm-controller-fips, ip-masq-agent, wgcf, cert-manager-webhook-pdns, ctop, mailpit,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: slsa-verifier, bom, ctop, kwok, dataplaneapi, cni-plugins, ip-masq-agent, gobuster, newrelic-infra-operator, minio, chartmuseum, docker-credential-ecr-login, nri-prometheus, tflint, render-template, wire-go, kubeflow-katib, goreleaser, kubeadm-controlplane-controller...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: slsa-verifier, bom, ctop, kwok, dataplaneapi, cni-plugins, ip-masq-agent, gobuster, newrelic-infra-operator, minio, chartmuseum, docker-credential-ecr-login, nri-prometheus, tflint, render-template, wire-go, kubeflow-katib, goreleaser, kubeadm-controlplane-controller...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: falcoctl, kaniko, slsa-verifier, rekor, fulcio, ctop, kwok, ip-masq-agent, newrelic-infra-operator, falcosidekick, cilium-cli, minio, trivy, chartmuseum, crossplane-provider-gcp, nri-prometheus, spicedb, tflint, atlantis, guac, kubeflow-katib, goreleaser,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: slsa-verifier, bom, ctop, kwok, dataplaneapi, cni-plugins, ip-masq-agent, gobuster, newrelic-infra-operator, minio, chartmuseum, docker-credential-ecr-login, nri-prometheus, tflint, render-template, wire-go, kubeflow-katib, goreleaser, kubeadm-controlplane-controller...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: prometheus-node-exporter, bank-vaults-fips, falco, cosign, dive, metrics-server, kots, aws-efs-csi-driver, chartmuseum, falcoctl, sigstore-scaffolding, kube-state-metrics-fips, pulumi-language-yaml, buildkitd, flux, minio, stakater-reloader, gke-gcloud-auth-plugin,...

Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

A new security flaw has been disclosed in the Google Cloud Platform's GCP Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a...

Internet Bug Bounty: CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution

An improper input validation vulnerability was discovered in the Apache Airflow Google Provider, affecting versions before 8.10.0. Attackers could modify existing connection configuration information to execute malicious commands or create arbitrary files, leading to denial of service...

Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution

An improper input validation vulnerability was discovered in Apache Airflow Google Provider before version 8.10.0, which could allow an attacker to execute remote commands on the victim's machine by modifying the existing connection configuration information. The vulnerability was discovered by X...

Remote Code Execution (RCE)

apacheairflowprovidersgoogle is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation for th cloud sql provider parameter in the downloadsqlproxyifneeded function of cloudsql.py which allows an attacker to upload and execute malicious code on the system...

CVE-2023-25691 Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

CVE-2023-25691 Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

Fedora: Security Advisory for golang-github-googlecloudplatform-cloudsql-proxy (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-7.fc36

The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...

Fedora: Security Advisory for golang-github-googlecloudplatform-cloudsql-proxy (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-6.fc35

The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...

Fedora: Security Advisory for golang-github-googlecloudplatform-cloudsql-proxy (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-6.fc36

The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...