RHCOS 4 / 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. - dnspython: denial of service in stub resolver CVE-2023-29483 - golang: net/http/cookiejar: incorrect forwarding of sensitive...

EUVD-2023-2862

Malicious code in bioql PyPI...

CVE-2023-47630

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

SUSE-SU-2024:2383-1 Security update for skopeo

This update for skopeo fixes the following issues: - CVE-2024-3727: Added missing image digest verification bsc1224123...

SUSE: Security Advisory (SUSE-SU-2024:2383-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Insufficient Verification Of Data Authenticity

github.com/kyverno/kyverno is vulnerable to Insufficient Verification Of Data Authenticity. The vulnerability allows an attacker to control the digest of images used by Kyverno users. To exploit this issue, the attacker would need to compromise the registry from which Kyverno fetches its images...

GHSA-3HFQ-CX9J-923W Attacker can cause Kyverno user to unintentionally consume insecure image

An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno fetch their images from. The attacker could then return a vulnerable image to the the user and leverage th...

CVE-2023-47630

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

Design/Logic Flaw

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

CVE-2023-47630

CVE-2023-47630 (Kyverno) affects the Kyverno policy engine for Kubernetes. The issue allows an attacker to influence the digest of images Kyverno users fetch, by corrupting the registry the users rely on. If the attacker can manipulate the registry (or the user’s image fetch path), they could ser...

CVE-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.51 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.50 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.59 bug fix and security update

Red Hat OpenShift Container Platform release 4.7.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.3 packages and security update

Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.47 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.30 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.30 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.56 security and bug fix update

Red Hat OpenShift Container Platform release 4.7.56 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...