Linux Distros Unpatched Vulnerability : CVE-2025-59303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update...

SUSE-SU-2025:4232-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin bsc1251827 Other fixes: - Install file in krb5.conf.d to include sssd krb5 config snippets bsc1244325...

Security update for sssd

This update for sssd fixes the following issues: CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin bsc1251827 Other fixes: Install file in krb5.conf.d to include sssd krb5 config snippets bsc1244325 Patch...

SUSE SLES15 Security Update : sssd (SUSE-SU-2025:4182-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4182-1 advisory. - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plug...

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

Incomplete Filtering of Special Elements

Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the config-snippets feature flag. An attacker can access sensitive environment variables, including the Kubernetes service account token secret, by injecting arbitrary HAProxy directives. Note...

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

EUVD-2025-33296

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

PT-2025-41287

Name of the Vulnerable Software and Affected Versions HAProxy Kubernetes Ingress Controller versions prior to 3.1.13 HAProxy Enterprise Kubernetes Ingress Controller versions prior to 3.0.16-ee1 HAProxy Enterprise Kubernetes Ingress Controller versions prior to 1.11.13-ee1 HAProxy Enterprise...

CVE-2025-59303

HAProxy Kubernetes Ingress Controller (before 3.1.13) is vulnerable when the config-snippets feature flag is enabled: it can accept user-provided config snippets from users with create/update permissions, potentially leaking an ingress token secret. Fixed versions are HAProxy Kubernetes Ingress C...

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...