7743 matches found
EUVD-2022-2280
Malicious code in bioql PyPI...
EUVD-2022-1885
Malicious code in bioql PyPI...
EUVD-2022-4542
Malicious code in bioql PyPI...
EUVD-2022-2324
Malicious code in bioql PyPI...
EUVD-2022-2332
Malicious code in bioql PyPI...
EUVD-2022-5321
Malicious code in bioql PyPI...
EUVD-2022-7030
Malicious code in bioql PyPI...
EUVD-2022-6350
Malicious code in bioql PyPI...
EUVD-2022-4547
Malicious code in bioql PyPI...
CVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning
Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...
GHSA-227X-7MH8-3CF6 Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning
Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...
CVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-59823
The CVE-2025-59823 issue affects Gardener extensions for AWS (<1.64.0), Azure (<1.55.0), OpenStack (<1.49.0), and GCP (
PT-2025-39386
Name of the Vulnerable Software and Affected Versions Project Gardener versions prior to 1.64.0 AWS providers Project Gardener versions prior to 1.55.0 Azure providers Project Gardener versions prior to 1.49.0 OpenStack providers Project Gardener versions prior to 1.46.0 GCP providers Description...
SUSE-SU-2025:20755-1 Security update for cloud-init
This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: + docs: provide example3 for PAM and sshpwauth behavior 27 + fix: Make hotplug socket writable only by root 25 CVE-2024-11584 + fix: Don't attempt to identify non-x86 OpenStack instances LP:...
Security update for cloud-init
This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: docs: provide example3 for PAM and sshpwauth behavior 27 fix: Make hotplug socket writable only by root 25 CVE-2024-11584 fix: Don't attempt to identify non-x86 OpenStack instances LP: 2069607...