RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3811 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - kubernetes: Incomplete fixes...

RHCOS 3 : kubernetes (RHSA-2016:0351)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0351 advisory. - server: patch operation should use patched object to check admission control CVE-2016-1905 - server: build config to a strategy th...

GHSA-CQRX-3M42-5P5W vulnerabilities

Vulnerabilities for packages: howdy-yall, grafana-operator, argo-rollouts, tailscale, mage, falco-no-driver, azurefile-csi, fuse-overlayfs-snapshotter, knative-eventing, newrelic-nri-statsd, prometheus, cadvisor, tetragon, opencost, gitleaks, http-echo, istio, prometheus-operator, nri-mssql,...

CLEANSTART-2026-CD92481 Within HostnameError

Multiple security vulnerabilities affect the kubernetes package. Within HostnameError. See references for individual vulnerability details...

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2025:02423-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02423-2 advisory. - CVE-2021-25743: Escape terminal special characters in kubectl output bsc1194400. - CVE-2023-2431: Prevent pods to bypass the...

GHSA-7C64-F9JR-V9H2 vulnerabilities

Vulnerabilities for packages: nri-discovery-kubernetes, aws-sigv4-proxy-fips, cilium-certgen, jaeger-operator, nri-discovery-kubernetes-fips, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, skaffold, glow, nova-fips, podman, terraform-provider-sendgrid, grafana-rollout-operator,...

GHSA-QW9X-CQR3-WC7R vulnerabilities

Vulnerabilities for packages: sriov-network-device-plugin, falco-no-driver, buildah, node-feature-discovery, nvidia-container-toolkit, k3s, grafana-alloy, podman, kubernetes, rancher-agent...

EUVD-2019-2942

Malware in sbrugna...

GHSA-9548-QRRJ-X5PJ vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.11-sdk, airflow-core, text-generation-inference, py3.10-vllm-cuda-11.8, py3-vllm-cuda-12.4, request-1276, py3-cassandra-medusa, dask-kubernetes...

CVE-2025-49520

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...

Fedora 43 : kubernetes1.32 (2025-4df998d449)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4df998d449 advisory. Automatic update for kubernetes1.32-1.32.6-1.fc43. Changelog Thu Jun 19 2025 Bradley G Smith - 1.32.6-1 - Update to release v1.32.6 - Resolves:...

TencentOS Server 4: kubernetes (TSSA-2024:0867)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0867 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Exploit for CVE-2025-1974

README Talk is cheap, just look at the code. Detailed can be...

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat

April "In the Trend of VM" 14: vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. Post on Habr rus Digest on the PT website rus A total of 11 trending vulnerabilities: Elevation of Privilege - Windo...

Exploit for CVE-2025-1097

Exploit for Ingress NGINX - IngressNightmare This project pr...

K000150538: Kubernetes ingress-nginx vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, and CVE-2025-24514

Security Advisory Description CVE-2025-1097 also known as IngressNightmare A security issue was discovered in ingress-nginx https : //github . com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary cod...

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

openSUSE Security Advisory (SUSE-SU-2024:3097-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...