21 matches found
SUSE CVE-2026-27112
Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in...
CVE-2026-27112
Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in...
PT-2026-20879
Name of the Vulnerable Software and Affected Versions Kargo versions 1.7.0 through 1.7.7 Kargo version 1.8.11 Kargo version 1.9.3 Description Kargo manages and automates the promotion of software artifacts. The batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API...
EUVD-2021-2608
Malware in sbrugna...
CVE-2024-10846
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
CVE-2024-10846
Summary: CVE-2024-10846 affects the compose-go library. The vulnerability occurs in versions v2.10–v2.4.0 of the compose-go component when an authorized user sends malicious YAML payloads, causing the library to consume excessive memory and CPU cycles during YAML parsing (as used by Docker Compos...
PT-2025-1609 · Docker +1 · Docker Compose +1
Name of the Vulnerable Software and Affected Versions: compose-go versions v2.10 through v2.4.0 Docker Compose versions v2.27.0 through v2.29.7 Description: The issue allows an authorized user who sends malicious YAML payloads to cause excessive memory and CPU cycle consumption while parsing YAML...
YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML (CVE-2019-11254)
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...
Excessive Platform Resource Consumption within a Loop in Kubernetes
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...
GHSA-PMQP-H87C-MR78 XML Entity Expansion and Improper Input Validation in Kubernetes API server
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2019-11254)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could lead to a denial of service vulnerability from malicious YAML payloads CVE-2019-11254 Vulnerability Details CVEID: CVE-2019-11254 Description: Kubernetes is vulnerable to a denia...
RHEL 7 / 8 : OpenShift Container Platform 4.5 (RHSA-2020:2413)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2413 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
kubernetes: Denial of service in API server via crafted YAML payloads by authorized users
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11 atomic-openshift security update
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
AZL-44445 CVE-2019-11254 affecting package podman for versions less than 5.6.1-2
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...
CVE-2019-11254
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...
CVE-2019-11254
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. Mitigation Prevent unauthenticated or unauthorized...
Debian DSA-2715-1 : puppet - code execution
It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially crafted payload to execute arbitrary code on the puppet master. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
Debian Security Advisory DSA 2715-1 (puppet - code execution)
It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master. OpenVAS Vulnerability Test $Id: deb2715.nasl 6611 2017-07-07 12:07:20Z...