33 matches found
CVE-2025-64171
A cross-namespace authorization flaw has been identified in the MARIN3R operator’s DiscoveryServiceCertificate resource. The flaw occurs because the operator mistakenly treats certain inputs as valid, bypassing Kubernetes Role-Based Access Control RBAC. When a user has permission to create...
CVE-2025-64171
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...
CVE-2025-64171
CVE-2025-64171 MARIN3R is a cross-namespace secret access vulnerability in the MARIN3R operator. In versions ≤ 0.13.3, DiscoveryServiceCertificate could bypass RBAC, allowing a user who can create DiscoveryServiceCertificate resources in one namespace to indirectly read Secrets in other namespace...
CVE-2025-64171 MARIN3R: Cross-Namespace Vulnerability in the Operator
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...
EUVD-2025-37859
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...
CVE-2025-64171 MARIN3R: Cross-Namespace Vulnerability in the Operator
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...
CVE-2025-64171 MARIN3R: Cross-Namespace Vulnerability in the Operator
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...
marin3r 安全漏洞
marin3r is a lightweight CRD-based kubernetes control panel open-sourced by Red Hat 3scale SRE. A security vulnerability exists in marin3r 0.13.3 and earlier versions, which stems from a cross-namespace secret access vulnerability in DiscoveryServiceCertificate that could lead to bypassing RBAC a...
MARIN3R: Cross-Namespace Vulnerability in the Operator
Summary Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces. Affected Versions All versions prior to v0.13.4 Patched Versions v0.13.4 and later Impact Users with permission to create...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the getIssuerCertificate function. An attacker can gain unauthorized access to Secrets in other namespaces by bypassing RBAC restrictions. This is only exploitable if the attacker has permission to create...
PT-2025-45114
Name of the Vulnerable Software and Affected Versions MARIN3R versions 0.13.3 and below Description MARIN3R, a lightweight, CRD based envoy control plane for kubernetes, contains a flaw where a cross-namespace secret access issue exists in the DiscoveryServiceCertificate component. This allows...
MARIN3R: Cross-Namespace Vulnerability in the Operator
Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces...
EUVD-2011-2616
Malware in sbrugna...
EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2025-1616)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain...
K000151130: GnuTLS vulnerability CVE-2024-12243
Security Advisory Description A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote...
EulerOS 2.0 SP11 : libtasn1 (EulerOS-SA-2025-1364)
According to the versions of the libtasn1 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn...
CVE-2024-12243
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...
CVE-2024-12243
CVE-2024-12243 affects GnuTLS (which uses libtasn1 for ASN.1 DER processing). The issue is an inefficient DER decoding algorithm in libtasn1 that can cause excessive resource consumption when processing certain certificates, enabling remote DoS by sending a crafted certificate and making GnuTLS u...
Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / edk2 / hvloader / openssl (CVE-2024-6119)
The version of cloud-hypervisor-cvm / edk2 / hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6119 advisory. - Issue summary: Applications performing certificate name checks e.g....
PT-2024-5929
Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 3.0.15 IBM AIX affected versions not specified Description The issue is related to a denial of service in X.509 name checks. Applications performing certificate name checks, such as TLS clients checking server...