AZL-70586 CVE-2025-52881 affecting package kubernetes for versions less than 1.30.10-18

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

EUVD-2022-1238

Malicious code in bioql PyPI...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a cri-o security vulnerability (CVE-2024-9676)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the cri-o component which a remote authenticated attacker could exploit to cause a denial of service condition. CVE-2024-9676 Vulnerability Details CVEID: CVE-2024-9676 Description: Podman, Buildah and CRI-O a...

GO-2025-3566 ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx

ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

Linux Distros Unpatched Vulnerability : CVE-2017-1002102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI...

Linux Distros Unpatched Vulnerability : CVE-2017-1002101

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a runc security vulnerability (CVE-2024-21626)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the runc component where an attacker could gain unauthorized access to the host filesystem CVE-2024-21626. Vulnerability Details CVEID: CVE-2024-21626 Description: Open Container Initiative runc could allow a...

PT-2023-6920 · Unknown +2 · Kubernetes +2

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.28.4 Kubernetes versions prior to 1.27.8 Kubernetes versions prior to 1.26.11 Kubernetes versions prior to 1.25.16 Description: A security issue was discovered in Kubernetes where a user that can create pods and...

AZL-31693 CVE-2023-44487 affecting package kubernetes for versions less than 1.28.3-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

CVE-2023-39347

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

SUSE CVE-2019-11244

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2021-25737)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that could allow a user to redirect pod traffic to private networks on a node CVE-2021-25737 Vulnerability Details CVEID: CVE-2021-25737 Description: Kubernetes could allow a remote...

AZL-44445 CVE-2019-11254 affecting package podman for versions less than 5.6.1-2

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Python security vulnerability (CVE-2019-10160)

Summary IBM Cloud Kubernetes Service is vulnerable to CVE-2019-10160 Python security vulnerability which could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling. Vulnerability Details CVE-ID: CVE-2019-10160 Description: Python...

kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

PT-2018-9619 · Kubernetes · Kubernetes

Name of the Vulnerable Software and Affected Versions: Kubernetes versions 1.5.x through 1.9.5 Description: The issue concerns the insecure handling of tar data by the kubectl cp command, which can lead to the overwrite of arbitrary local files. This is a result of how the command manages data...

PT-2015-6842 · Red Hat +2 · Red Hat Openshift Enterprise +2

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to the fixed version Red Hat OpenShift Enterprise version 3.0 Description: A directory traversal issue exists due to improper handling of crafted object type names before they are passed to etcd. This allows attacker...