22 matches found
SUSE CVE-2025-64715
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...
EUVD-2024-0947
Malicious code in bioql PyPI...
EUVD-2024-0762
Malicious code in bioql PyPI...
EUVD-2023-1449
Malicious code in bioql PyPI...
EUVD-2024-1011
Malicious code in bioql PyPI...
EUVD-2024-2669
Malicious code in bioql PyPI...
EUVD-2024-2630
Malicious code in bioql PyPI...
EUVD-2024-2192
Malicious code in bioql PyPI...
EUVD-2023-2423
Malicious code in bioql PyPI...
EUVD-2023-1875
Malicious code in bioql PyPI...
CVE-2024-25630
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...
CVE-2023-41333
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...
BIT-CILIUM-OPERATOR-2025-32793 Cilium packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...
CVE-2025-32793
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...
BIT-HUBBLE-RELAY-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
BIT-CILIUM-2025-30163 Node based network policies may incorrectly allow workload traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...
BIT-CILIUM-OPERATOR-2025-30163 Node based network policies may incorrectly allow workload traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...
CVE-2025-30163
CVE-2025-30163 affects Cilium’s node-based network policies: policies using fromNodes/toNodes may incorrectly permit traffic to/from non-node endpoints sharing the same labels. Affected versions are Cilium v1.16.0–v1.16.7 and v1.17.0–v1.17.1; the issue is fixed in v1.16.8 and v1.17.2. Root cause:...
CVE-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
CVE-2023-30851 Potential HTTP policy bypass when using header rules in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be...