41 matches found
SUSE CVE-2021-25736
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...
GHSA-M38G-VWW2-MVGX Talos Linux has a local privilege escalation from untrusted workloads
Summary A vulnerability in the Linux kernel's algifaead subsystem CVE-2026-31431, "copy.fail" allows an unprivileged container workload to corrupt arbitrary file page-cache pages via the AFALG crypto interface and splice. On Talos Linux, this vulnerability can be chained into a complete node...
EUVD-2023-2624
Malicious code in bioql PyPI...
Security Bulletin: Astronomer with IBM is vulnerable to unintentional traffic forwarding due to kube-proxy (CVE-2021-25736)
Summary Kube-proxy is used by Astronomer with IBM as part of Kubernetes functionality. Vulnerability Details CVEID:CVE-2021-25736 DESCRIPTION: Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when t...
Linux Distros Unpatched Vulnerability : CVE-2020-8558
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent...
GO-2023-2159 Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes...
Misconfiguration Of LoadBalancer Service
github.com/kubernetes/kubernetes is vulnerable to Misconfiguration of LoadBalancer Service. The vulnerability is present in the proxier.go. In the context of Kube-proxy on Windows, there is an issue where it can inadvertently forward traffic to local processes that are listening on the same port ...
GHSA-35C7-W35F-XWGH Kube-proxy may unintentionally forward traffic
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port spec.ports.port as a LoadBalancer Service when the LoadBalancer controller does not set the status.loadBalancer.ingress.ip field. Clusters where the LoadBalancer controller sets the...
Kube-proxy may unintentionally forward traffic
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port spec.ports.port as a LoadBalancer Service when the LoadBalancer controller does not set the status.loadBalancer.ingress.ip field. Clusters where the LoadBalancer controller sets the...
CVE-2021-25736
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...
CVE-2021-25736
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...
Code injection
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...
CVE-2021-25736
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...
CVE-2021-25736
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...
CVE-2021-25736 Windows kube-proxy LoadBalancer contention
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...
CVE-2021-25736
CVE-2021-25736 affects Kube-proxy on Windows, where traffic can be forwarded to local processes listening on the same port as a LoadBalancer service if the LoadBalancer controller does not set the status.loadBalancer.ingress[].ip. Clusters where the ingress IP is set are unaffected. The provided ...
CVE-2021-25736 Windows kube-proxy LoadBalancer contention
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...
PT-2023-12075 · Unknown · Kube-Proxy
Name of the Vulnerable Software and Affected Versions: Kube-proxy versions affected versions not specified Description: The issue concerns Kube-proxy on Windows, which can unintentionally forward traffic to local processes listening on the same port spec.ports.port as a LoadBalancer Service. This...
Potential network policy bypass when routing IPv6 traffic
Impact Under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network polici...
SUSE CVE-2020-8558
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally...