222 matches found
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: cilium-fips, terraform-provider-kubernetes, promxy, ksops, flux-image-automation-controller, rancher-webhook-fips, crossplane-provider-sql-fips, tekton-pipelines, kpt, kubernetes-dashboard-metrics-scraper-fips, gh, render-template, cilium-envoy, gitlab-cng,...
SUSE CVE-2025-47284
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a...
CVE-2025-22872 affecting package kube-vip-cloud-provider for versions less than 0.0.10-4
CVE-2025-22872 affecting package kube-vip-cloud-provider for versions less than 0.0.10-4. A patched version of the package is available...
CVE-2024-51744 affecting package kube-vip-cloud-provider for versions less than 0.0.2-22
CVE-2024-51744 affecting package kube-vip-cloud-provider for versions less than 0.0.2-22. A patched version of the package is available...
CVE-2025-30204 vulnerabilities
Vulnerabilities for packages: git-sync, nuclei, scorecard, chezmoi, kubernetes, skaffold, falcosidekick, oauth2-proxy, prometheus, tekton-chains, sqlexporter, ko, opencost, octo-sts, grafana-mimir, restic, terraform-provider-azurerm, distribution, rancher, crossplane-provider-family-azure,...
GHSA-MH63-6H87-95CP vulnerabilities
Vulnerabilities for packages: git-sync, nuclei, scorecard, chezmoi, kubernetes, skaffold, falcosidekick, oauth2-proxy, prometheus, tekton-chains, sqlexporter, ko, opencost, octo-sts, grafana-mimir, restic, terraform-provider-azurerm, distribution, rancher, crossplane-provider-family-azure,...
CVE-2025-27144 affecting package kube-vip-cloud-provider for versions less than 0.0.2-20
CVE-2025-27144 affecting package kube-vip-cloud-provider for versions less than 0.0.2-20. A patched version of the package is available...
GHSA-7WRW-R4P8-38RX vulnerabilities
Vulnerabilities for packages: local-static-provisioner, stakater-reloader, aws-flb-firehose, kserve, git-lfs, kubernetes-csi-external-resizer, nri-cassandra, mods, kubewatch, spiffe-helper, distribution, yq, runc, kpt, wireguard-go, pdfcpu, rabbitmq-messaging-topology-operator, lazydocker, swagge...
[SECURITY] Fedora 40 Update: rust-afterburn-5.7.0-3.fc40
A simple cloud provider agent...
[SECURITY] Fedora 41 Update: rust-afterburn-5.7.0-3.fc41
A simple cloud provider agent...
CVE-2024-45338 affecting package kube-vip-cloud-provider for versions less than 0.0.10-3
CVE-2024-45338 affecting package kube-vip-cloud-provider for versions less than 0.0.10-3. A patched version of the package is available...
The vulnerabilities of vSphere CPI (Cloud Provider Interface) and vSphere CSI (Container Storage Interface), which are software platforms for deploying containers in a production environment, allow attackers to exploit them to disclose sensitive information.
The vulnerability of vSphere CPI Cloud Provider Interface and vSphere CSI Container Storage Interface, two components of the software platform for container deployment in a production environment, is related to insufficient protection of registration data. Exploiting this vulnerability can allow ...
CVE-2024-38834
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations...
CVE-2024-38834
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations...
CVE-2024-38834
CVE-2024-38834 is a stored cross-site scripting vulnerability in VMware Aria Operations. The issue allows a malicious actor with editing access to cloud provider settings or views to inject scripts, leading to stored XSS in the product. The vulnerability is documented across multiple sources (NVD...
VMware Aria Operations 安全漏洞
VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations, which stems from the possibility that a malicious actor capable of editing a...
PT-2024-8792 · Vmware · Vmware Aria Operations
Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. This vulnerability can be exploited by a malicious actor with editing access to...
CVE-2022-45157 Exposure of vSphere's CPI and CSI credentials in Rancher
A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...
SUSE CVE-2022-45157
A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...
CVE-2024-28180 affecting package kube-vip-cloud-provider for versions less than 0.0.2-19
CVE-2024-28180 affecting package kube-vip-cloud-provider for versions less than 0.0.2-19. A patched version of the package is available...