15 matches found
SUSE CVE-2026-4342
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...
CVE-2026-4342
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...
EUVD-2026-13343
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...
CVE-2026-4342 ingress-nginx comment-based nginx configuration injection
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
PT-2026-6670
Name of the Vulnerable Software and Affected Versions ingress-nginx affected versions not specified Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can result ...
CVE-2026-24512
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: deferring partition scanning. We need to prevent the partition scanning from occurring within the controller’s scanwork context. If a path error occurs here, I/O will wait until a path becomes available or all pat...
AZL-54604 CVE-2024-53093 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scanwork context. If a path error occurs here, the IO will wait until a path becomes available or all paths are...
Debian Security Advisory DSA 1055-1 (mozilla-firefox)
The remote host is missing an update to mozilla-firefox announced via advisory DSA 1055-1. Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code. Since Mozilla and Firefox share the same...
Debian DSA-1053-1 : mozilla - programming error
Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...
FreeBSD : firefox -- denial of service vulnerability (e2476979-da74-11da-a67b-0013d4a4a40e)
A Mozilla Foundation Security Advisory reports for deleted object reference when designMode='on' Martijn Wargers and Nick Mott each described crashes that were discovered to ultimately stem from the same root cause : attempting to use a deleted controller context when designMode was turned on. Th...
Firefox < 1.5.0.3 iframe.contentWindow.focus() Overflow
The installed version of Firefox may allow a malicious site to crash the browser and potentially to run malicious code when attempting to use a deleted controller context. Successful exploitation requires that 'designMode' be turned on. C Tenable Network Security, Inc. include"compat.inc"; if...
Deleted object reference when designMode="on" — Mozilla
Martijn Wargers and Nick Mott each described crashes that were discovered to ultimately stem from the same root cause: attempting to use a deleted controller context when designMode was turned on. This generally results in crashing the browser, but in theory references to deleted objects can be...
Buffer overflow
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller contex...