7 matches found
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: azcopy-fips, kubernetes-event-exporter-fips, json-exporter-fips, mig-parted, helm-diff, prometheus-operator, secretgen-controller-fips, wgcf, kyverno-policy-reporter-plugins-trivy, terraform-provider-pagerduty-fips, aws-eks-pod-identity-agent,...
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: hubble-ui, osv-scanner, cosign, smarter-device-manager, timoni, flux-source-controller, kubecolor, newrelic-nri-statsd, prometheus-pushgateway, dive, wait-for-port, flux-notification-controller, grpcurl, kyverno-policy-reporter-kyverno-plugin, snyk-cli, k3d,...
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: wgcf, prometheus-alertmanager-fips, confluent-common-docker, oauth2-proxy, bank-vaults, prometheus-redis-exporter-fips, nri-prometheus, certificate-transparency-fips, vault, scorecard, terraform-docs, timestamp-authority-fips, etcd, cert-manager-webhook-pdns-fips,...
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: prometheus-operator, wgcf, gitsign, prometheus-alertmanager-fips, kubeadm-controlplane-controller, supercronic, nsc, confluent-common-docker, oauth2-proxy, bank-vaults, prometheus-redis-exporter-fips, rabbitmq-cluster-operator, nri-prometheus, k8ssandra-operator-fips...
OSV-2021-1192 Segv on unknown address in arrow::DefaultBackend
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37927 Crash type: Segv on unknown address Crash state: arrow::DefaultBackend arrow::PoolBuffer::MakeUnique arrow::AllocateBuffer...
OSV-2021-1189 Segv on unknown address in arrow::DefaultBackend
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37915 Crash type: Segv on unknown address Crash state: arrow::DefaultBackend arrow::defaultmemorypool arrow::ipc::IpcReadOptions::Defaults...
Exposed Endpoints
github.com/kubernetes/ingress-nginx is uses publicly exposed endpoints. The prometheus metrics and healthz of the Kubernetes defaultbackend can be accessed by a remote attacker using a port-forward request to access the publicly accessible metrics...