Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-33190
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos before 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, ...
Sealos Project Sealos 4.2.1
Sealos Project Sealos
8.8
CVSSv3
CVE-2023-35165
AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and...
Amazon Aws Cloud Development Kit
7.5
CVSSv3
CVE-2023-2828
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the con...
Isc Bind
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Active Iq Unified Manager -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Netapp H300s Firmware -
5.5
CVSSv3
CVE-2023-2431
A security issue exists in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined...
Kubernetes Kubernetes
Fedoraproject Fedora 38
1 Github repository
5.3
CVSSv3
CVE-2023-34242
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining v...
Cilium Cilium
6.5
CVSSv3
CVE-2023-34969
D-Bus prior to 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to t...
Freedesktop Dbus
Fedoraproject Fedora 38
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2023-2878
Kubernetes secrets-store-csi-driver in versions prior to 1.3.3 discloses service account tokens in logs.
Kubernetes Secrets-store-csi-driver
3.3
CVSSv3
CVE-2023-2602
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
Libcap Project Libcap 2.66
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
7.8
CVSSv3
CVE-2023-2603
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
Libcap Project Libcap
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 11.0
1 Github repository
7.8
CVSSv3
CVE-2023-3027
The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created po...
Redhat Advanced Cluster Management For Kubernetes 2.6
Redhat Advanced Cluster Management For Kubernetes 2.7
Redhat Advanced Cluster Management For Kubernetes 2.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »