Lucene search
+L

61 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3260

Malicious code in bioql PyPI...

7.7CVSS7.8AI score0.00598EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/17 8:13 a.m.9 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to improper Input Validation due to kube-controller-manager (CVE-2024-0793)

Summary Potential vulnerabilities in kube module CVE-2024-0793 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-0793 DESCRIPTION: A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lackin...

7.7CVSS7.5AI score0.00598EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2024/12/11 9:5 a.m.9 views

Denial Of Service (DoS)

Kube-controller-manager is vulnerable to denial of service. The vulnerability is due to a missing .spec.behavior.scaleUp block in the HPA YAML file, causing kube-controller-manager pods to enter a restart loop and disrupt service availability. It allows an attacker to trigger a DoS by deploying t...

7.7CVSS6.4AI score0.00598EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2024/11/17 11:15 a.m.41 views

CVE-2024-0793

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn...

7.7CVSS0.00598EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/17 10:45 a.m.37 views

CVE-2024-0793 Kube-controller-manager: malformed hpa v1 manifest causes crash

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn...

7.7CVSS0.00598EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/17 10:45 a.m.26 views

CVE-2024-0793 Kube-controller-manager: malformed hpa v1 manifest causes crash

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn...

7.7CVSS6.5AI score0.00598EPSS
Exploits0References5
OSV
OSV
added 2024/11/17 10:45 a.m.2 views

CVE-2024-0793 Kube-controller-manager: malformed hpa v1 manifest causes crash

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn...

7.7CVSS7AI score0.00598EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.10 views

PT-2024-15825 · Unknown +1 · Kube-Controller-Manager +1

Name of the Vulnerable Software and Affected Versions: kube-controller-manager affected versions not specified Description: A flaw was found in kube-controller-manager, causing a denial of service due to KCM pods going into restart churn when the initial application of a HPA config YAML lacks a...

9.8CVSS6.5AI score0.99999EPSS
Exploits25References150
RedHat Linux
RedHat Linux
added 2024/03/20 1:54 a.m.25 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.53 packages and security update

Red Hat OpenShift Container Platform release 4.12.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

7.7CVSS6.9AI score0.00598EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/02/17 3:21 a.m.2 views

SUSE CVE-2024-0793

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn...

4.4CVSS7.5AI score0.00598EPSS
Exploits0References13
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.7 views

kube-controller-manager Input Validation Error Vulnerability

kube-controller-manager is a kube-controller-manager component configuration API for Kubernetes open source. A security vulnerability exists in kube-controller-manager. An attacker exploited the vulnerability to cause a denial of service on the system...

7.7CVSS6.6AI score0.00598EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.27 views

Oracle Linux 7 : kubernetes-cni-plugins / kubernetes-cni / kubernetes / olcne (ELSA-2020-5727)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5727 advisory. - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in...

6.5CVSS6.5AI score0.03679EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.37 views

Oracle Linux 7 : grafana / kubernetes-cni / kubernetes-cni-plugins / kubernetes / kubernetes / olcne (ELSA-2020-5726)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5726 advisory. - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in...

8.2CVSS6.5AI score0.99856EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.32 views

Oracle Linux 7 : kubernetes / kubeadm-ha-setup / kubernetes-cni / kubernetes-cni-plugins (ELSA-2020-5725)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5725 advisory. - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in...

6.3CVSS6.5AI score0.03679EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.5 views

SUSE CVE-2020-8566

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects v1.19.3, v1.18.10, v1.17.13...

4.7CVSS6.9AI score0.0052EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.35 views

Server Side Request Forgery (SSRF) in Kubernetes

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

6.3CVSS5.9AI score0.03679EPSS
Exploits0References9Affected Software1
RedHat Linux
RedHat Linux
added 2021/02/24 2:45 p.m.6 views

kubernetes: Ceph RBD adminSecrets exposed in logs when loglevel >= 4

A flaw was found in kubernetes. If the logging level is to at least 4, and Ceph RBD is configured as a storage provisioner, then Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims...

5.5CVSS6.8AI score0.0052EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2020/12/09 12:0 a.m.4 views

Secret leaks in logs for vSphere Provider kube-controller-manager

...

5.5CVSS7AI score0.00505EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2020/12/07 12:0 a.m.61 views

Inclusion of Sensitive Information in Log Files

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims...

5.5CVSS2.3AI score0.0052EPSS
Exploits0References1Affected Software1
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2020/10/15 10:0 p.m.4 views

Secret leaks in kube-controller-manager when using vSphere provider

CVSS Rating: 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Medium In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. Am I vulnerable? If you are using VSphere as a clo...

5.6CVSS6.5AI score0.00505EPSS
Exploits0Affected Software1
Rows per page
Query Builder