82 matches found
Fedora 42 : kustomize (2025-a887e86abc)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a887e86abc advisory. Update to 5.8.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...
BIT-FLUX-2022-24878 Improper path handling in Kustomization files allows for denial of service
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...
BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...
BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...
GHSA-447V-2QG4-H8HC vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
GHSA-CXQ7-XW9V-RCV3 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
GHSA-FRHW-MQJ2-WXW2 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
GHSA-JWMF-CHVC-RF92 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
GHSA-7WWX-XJ66-R44X vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
GHSA-9GCR-GP5F-JW27 vulnerabilities
Vulnerabilities for packages: knative-operator-fips, beats-fips, smarter-device-manager, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy, prometheus-alertmanager-fips,...
CVE-2025-61724 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy, prometheus-alertmanager-fips,...
CVE-2025-61723 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
CVE-2025-58188 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
CVE-2025-58189 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
CVE-2025-58183 vulnerabilities
Vulnerabilities for packages: knative-operator-fips, beats-fips, smarter-device-manager, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy, prometheus-alertmanager-fips,...
CVE-2025-47912 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
GHSA-RJCG-56PH-3QVG vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
GHSA-QH38-484V-W52X vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy, prometheus-alertmanager-fips,...
GHSA-WCW9-47FP-RRFR vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy, prometheus-alertmanager-fips,...
EUVD-2022-3043
Malicious code in bioql PyPI...