137 matches found
CVE-2025-59360
CVE-2025-59360 concerns Chaos Mesh’s Chaos Controller Manager. The killProcesses mutation (and related mutations like cleanIptables/cleanTcs) is reported vulnerable to OS command injection, enabling unauthenticated in-cluster attackers to perform remote code execution across the Kubernetes cluste...
PT-2025-37476
Name of the Vulnerable Software and Affected Versions Chaos Controller Manager affected versions not specified Description The cleanIptables mutation is susceptible to OS command injection. This allows unauthenticated in-cluster attackers to potentially execute remote code across the cluster...
PT-2025-37474
Name of the Vulnerable Software and Affected Versions Chaos Mesh affected versions not specified Description A command injection flaw exists in Chaos Mesh’s cleanTcs mutation. This flaw allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. The...
PT-2025-37475
Name of the Vulnerable Software and Affected Versions Chaos Controller Manager affected versions not specified Description The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. This allows unauthenticated in-cluster attackers to perform remote code executio...
Linux Distros Unpatched Vulnerability : CVE-2020-8555
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side...
Linux Distros Unpatched Vulnerability : CVE-2020-8563
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controll...
CVE-2025-5072
Resource leak vulnerability in ASR180x、ASR190x in conmgr allows Resource Leak Exposure.This issue affects FalconLinux、Kestrel、LapwingLinux: before v1536...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to improper Input Validation due to kube-controller-manager (CVE-2024-0793)
Summary Potential vulnerabilities in kube module CVE-2024-0793 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-0793 DESCRIPTION: A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lackin...
USN-7449-2 linux-hwe-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7452-1 linux-gcp-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
CVE-2025-22871 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, bazelisk, skopeo, nri-postgresql, opentofu, kserve-rest-proxy, cert-manager-istio-csr, kubernetes-csi-livenessprobe, gh, ini-file, s5cmd, falcosidekick, thanos-operator, minio-operator, newrelic-nri-kube-events, modelmesh-runtime-adapter,...
GHSA-G9PC-8G42-G6VQ vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, bazelisk, skopeo, nri-postgresql, opentofu, kserve-rest-proxy, cert-manager-istio-csr, kubernetes-csi-livenessprobe, gh, ini-file, s5cmd, falcosidekick, thanos-operator, minio-operator, newrelic-nri-kube-events, modelmesh-runtime-adapter,...
USN-7407-1 linux-hwe-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
Denial Of Service (DoS)
Kube-controller-manager is vulnerable to denial of service. The vulnerability is due to a missing .spec.behavior.scaleUp block in the HPA YAML file, causing kube-controller-manager pods to enter a restart loop and disrupt service availability. It allows an attacker to trigger a DoS by deploying t...
CVE-2024-0793
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn...
CVE-2024-0793
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn...
CVE-2024-0793 Kube-controller-manager: malformed hpa v1 manifest causes crash
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn...
CVE-2024-0793 Kube-controller-manager: malformed hpa v1 manifest causes crash
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.37 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Improper Privilege Management
github.com/openshift/openshift-controller-manager is vulnerable to Improper Privilege Management. The vulnerability is due to misuse of elevated privileges during the build process, where the git-clone container is run with a privileged security context, allowing an attacker to provide a crafted...