Lucene search
K

16 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Containerd

Containerd is a container runtime that is available as a daemon for Linux and Windows. A bug was discovered in Containerd prior to versions 1.6.1, 1.5.10, and 1.14.12. In these versions, containers launched through Containerd’s CRI implementation on Linux, with a specially crafted image...

7.5CVSS6.7AI score0.27392EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.284 views

Containerd 1.7.27 < 1.7.32 / 2.0.4 < 2.0.9 / 2.1.x < 2.2.4 / 2.3.x < 2.3.1 runAsNonRoot Bypass

The version of Containerd on the remote host is 1.7.27 prior to 1.7.32, 2.0.4 prior to 2.0.9, 2.1.x prior to 2.2.4, or 2.3.x prior to 2.3.1. It is, therefore, affected by a security bypass vulnerability. A bug was found in containerd where containers launched with a numeric User directive that...

7.3CVSS5.5AI score0.00019EPSS
Exploits1References2
OSV
OSV
added 2026/05/06 10:11 p.m.4 views

GHSA-Q98M-7W8C-W388 Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component

Summary Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows...

6.1CVSS6AI score0.00183EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 4:48 p.m.5 views

GHSA-HXV8-4J4R-CQGV Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Impact Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/16 8:45 p.m.8 views

Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of...

9.9CVSS5.8AI score0.00284EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2025/09/12 11:42 a.m.4 views

BIT-KYVERNO-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

7.1CVSS6.9AI score0.00261EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.12 views

CVE-2023-42814

Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch...

5.3CVSS6.8AI score0.00671EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:51 a.m.4 views

CVE-2023-33191

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity validate.podSecurity subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4...

8.8CVSS6.8AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:8 a.m.8 views

CVE-2023-47630

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

7.1CVSS7AI score0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.4 views

Kyverno 安全漏洞

Kyverno is a policy engine designed for Kubernetes that is open sourced by Kyverno. A security vulnerability exists in Kyverno versions prior to 1.14.0 that stems from mishandling of namespace selector errors, which could lead to bypassing security policies...

8.5CVSS6.3AI score0.00618EPSS
Exploits1References2
NVD
NVD
added 2024/10/29 3:15 p.m.15 views

CVE-2024-48921

Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this...

8.7CVSS0.00553EPSS
Exploits1References1
OSV
OSV
added 2024/10/29 2:14 p.m.9 views

CVE-2024-48921 Kyverno's PolicyException objects can be created in any namespace by default

Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this...

8.7CVSS7.6AI score0.00553EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/11/16 1:54 a.m.2 views

SUSE CVE-2023-47630

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

7.1CVSS7AI score0.00261EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/13 12:0 a.m.6 views

Kyverno security breach

Kyverno is a policy engine for Kubernetes open-sourced by Kyverno. A security vulnerability exists in versions prior to Kyverno v1.11.0. An attacker exploited the vulnerability to cause a denial of service on the system...

6.1CVSS6.5AI score0.00457EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/01 4:24 p.m.7 views

CVE-2023-34091 Kyverno resource with a deletionTimestamp may allow policy circumvention

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

6.5CVSS7.1AI score0.00497EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/30 6:6 a.m.7 views

CVE-2023-33191 kyverno seccomp control can be circumvented

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity validate.podSecurity subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4...

4.6CVSS8.7AI score0.00485EPSS
Exploits0References3
Rows per page
Query Builder