Lucene search
K

159 matches found

OSV
OSV
added 2026/06/11 12:37 a.m.6 views

CLEANSTART-2026-KN74022 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU

Security vulnerability affects the local-static-provisioner-fips package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

9.8CVSS5.5AI score0.0056EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 12:59 p.m.8 views

CLEANSTART-2026-RE02723 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32283, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 6.1.0-r0, 6.1.0-r1, 6.1.0-r2, 6.1.0-r3, 6.1.0-r4

Multiple security vulnerabilities affect the kubernetes-csi-external-provisioner-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.5AI score0.00765EPSS
Exploits4References91
OSV
OSV
added 2026/06/08 12:59 p.m.10 views

CLEANSTART-2026-WS85269 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32283, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 6.1.0-r0, 6.1.0-r1, 6.1.0-r2, 6.1.0-r3, 6.1.0-r4

Multiple security vulnerabilities affect the kubernetes-csi-external-provisioner-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS5.8AI score0.00765EPSS
Exploits4References91
F5 Networks
F5 Networks
added 2026/06/01 3:16 p.m.19 views

K000161495: Rancher Local Path Provisioner vulnerability CVE-2025-62878

Security Advisory Description A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. CVE-2025-62878 Impact There is no impact; F5 products...

9.9CVSS5.9AI score0.00581EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.9 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 5:16 p.m.11 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS0.00368EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:41 p.m.6 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 4:41 p.m.7 views

CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:41 p.m.13 views

EUVD-2026-32954

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:41 p.m.31 views

CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS0.00368EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:41 p.m.27 views

CVE-2026-44543

Local Path Provisioner (rancher/local-path-provisioner) is affected. Before version 0.0.36, a user with edit rights on the local-path-config ConfigMap can inject a malicious helperPod.yaml into the template used to create HelperPods during PVC provisioning/cleanup. The attacker-controlled templat...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Local Path Provisioner 安全漏洞

Local Path Provisioner is a Kubernetes local storage dynamic provisioning tool developed by Rancher. Versions of Local Path Provisioner prior to 0.0.36 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the helperPod.yaml template. Malicious users...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 4:15 p.m.4 views

GHSA-7FXV-8WR2-MFC4 Local Path Provisioner Vulnerable to HelperPod Template Injection

Impact A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC...

8.7CVSS6AI score0.00368EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/11 4:15 p.m.3 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment during the processing of the helperPod.yaml template. An attacker can gain unauthorized access to sensitive host files, read ServiceAccount tokens from other pods, access other tenants' volume data, or...

8.7CVSS5.4AI score0.00368EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 4:15 p.m.9 views

Local Path Provisioner Vulnerable to HelperPod Template Injection

Impact A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC...

8.7CVSS6AI score0.00368EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.10 views

PT-2026-39897

Name of the Vulnerable Software and Affected Versions local-path-provisioner versions prior to 0.0.36 Description A malicious user with permissions to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template. This template is used to crea...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References6
Wolfi
Wolfi
added 2026/05/09 2:21 a.m.29 views

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: ko, modelmesh-runtime-adapter, kubernetes-csi-external-attacher, tekton-pipelines, atlantis, bento, pvc-autoresizer, kubernetes-dashboard-auth, kuberlr, nri-kubernetes, redis-operator, croc, timestamp-authority, cis-operator, tekton-chains,...

7.5CVSS6.7AI score0.00565EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/09 1:17 a.m.31 views

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: nvidia-nsight-compute-13.0, cloud-sql-proxy, cilium-certgen, distribution, crossplane-provider-azure-storagesync, regclient, flannel-fips, crossplane-provider-aws-athena-fips, node-feature-discovery, prometheus-fips, go-slim, zot, ratify,...

7.5CVSS6.7AI score0.00565EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.9 views

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: k9s, kwok, infinispan-operator, kubeflow-pipelines, gitlab-runner, skaffold, trivy-operator, hubble, k3s, k8sgpt-operator, kubernetes-dashboard-api, velero, argo-cd, cilium, cluster-api, terraform-provider-kubernetes, rancher-fleet, headlamp, consul-k8s, rancher,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.7 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, aws-privateca-issuer, dbmate, stakater-reloader, supercronic, hubble, ingress-nginx-controller, nodetaint, nova, malcontent, rabbitmq-messaging-topology-operator, smokescreen, osv-scanner, victoriametrics-cluster,...

5.8AI score
Exploits0
Rows per page
Query Builder