7 matches found
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: terraform-provider-azapi-fips, dex, newrelic-nri-kube-events-fips, sigstore-scaffolding, src, mongo-tools, blob-csi-fips, kind, aws-otel-collector-fips, clickhouse-operator, external-dns, net-kourier, step-issuer, crossplane-provider-aws-kinesis-fips, victoriametrics...
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, aactl, regclient, kyverno-policy-reporter-ui, sonobuoy, spegel, step-ca, pombump, skopeo, kubernetes-csi-livenessprobe, certificate-transparency, dgraph, external-dns, kube-bench, cadvisor, smarter-device-manager,...
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: dex, src, mongo-tools, kind, dive, external-dns, harbor-scanner-trivy, cadvisor-fips, atlantis, helm-fips, kpt, prometheus-adapter-fips, q, step-ca-fips, go-licenses, helm, sops, git-lfs, skaffold, cert-manager-webhook-pdns, crane, harbor-registry-fips, flannel,...
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: dex, kubeflow-katib, sigstore-scaffolding, src, mongo-tools, kind, istio-cni, dive, external-dns, step-issuer, kube-logging-operator, kots, harbor-scanner-trivy, terraform-provider-google, cadvisor-fips, atlantis, helm-fips, kpt, kuberay-operator, weaviate, restic, q...
OSV-2021-1192 Segv on unknown address in arrow::DefaultBackend
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37927 Crash type: Segv on unknown address Crash state: arrow::DefaultBackend arrow::PoolBuffer::MakeUnique arrow::AllocateBuffer...
OSV-2021-1189 Segv on unknown address in arrow::DefaultBackend
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37915 Crash type: Segv on unknown address Crash state: arrow::DefaultBackend arrow::defaultmemorypool arrow::ipc::IpcReadOptions::Defaults...
Exposed Endpoints
github.com/kubernetes/ingress-nginx is uses publicly exposed endpoints. The prometheus metrics and healthz of the Kubernetes defaultbackend can be accessed by a remote attacker using a port-forward request to access the publicly accessible metrics...