CVE-2026-42506 affecting package multus for versions less than 4.0.2-8

CVE-2026-42506 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...

CVE-2026-39821 affecting package multus for versions less than 4.0.2-8

CVE-2026-39821 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...

CVE-2026-27136 affecting package multus for versions less than 4.0.2-8

CVE-2026-27136 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...

CVE-2025-47911 affecting package multus for versions less than 4.0.2-7

CVE-2025-47911 affecting package multus for versions less than 4.0.2-7. A patched version of the package is available...

CVE-2025-58190 affecting package multus for versions less than 4.0.2-7

CVE-2025-58190 affecting package multus for versions less than 4.0.2-7. A patched version of the package is available...

CVE-2025-58190 affecting package multus for versions less than 4.0.2-10

CVE-2025-58190 affecting package multus for versions less than 4.0.2-10. A patched version of the package is available...

CVE-2025-47911 affecting package multus for versions less than 4.0.2-10

CVE-2025-47911 affecting package multus for versions less than 4.0.2-10. A patched version of the package is available...

AZL-76965 CVE-2025-58190 affecting package multus for versions less than 4.0.2-10

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-77040 CVE-2025-58190 affecting package multus 4.0.2-6

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-76962 CVE-2025-47911 affecting package multus for versions less than 4.0.2-10

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-77036 CVE-2025-47911 affecting package multus 4.0.2-6

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

CLEANSTART-2026-EW68942 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the multus-cni-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

CLEANSTART-2026-DD39330 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the multus-cni-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

Azure Linux 3.0 Security Update: multus (CVE-2020-28852)

The version of multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28852 advisory. - In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage whil...

Azure Linux 3.0 Security Update: cni / containernetworking-plugins / keda / multus (CVE-2021-38561)

The version of cni / containernetworking-plugins / keda / multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-38561 advisory. - golang.org/x/text/language in golang.org/x/text before 0.3.7 can...

Azure Linux 3.0 Security Update: multus (CVE-2020-28851)

The version of multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28851 advisory. - In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: sqlexporter, glow, openbao-fips, gpu-operator, docker-cli-fips, buildkitd, cass-operator, spark-operator-fips, vault-csi-provider, gosu, velero, external-secrets-operator, helm-fips, authservice, kubernetes-fips, docker-credential-gcr,...

CVE-2025-22872 affecting package multus for versions less than 4.0.2-8

CVE-2025-22872 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...

CVE-2025-22872 affecting package multus for versions less than 4.0.2-5

CVE-2025-22872 affecting package multus for versions less than 4.0.2-5. A patched version of the package is available...

AZL-60568 CVE-2025-22872 affecting package multus for versions less than 4.0.2-8

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...