K8s Vulnerabilities

CUPS: Unraveling a Critical Vulnerability Chain in Unix Printing Systems

A series of critical vulnerabilities has been uncovered in the Common Unix Printing System (CUPS),...

CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive

Introduction Attention: a new Kubernetes vulnerability was uncovered by André Storfjord Kristiansen (@dev-bio on GitHub)...

Yet another reason why the xz backdoor is a sneaky b@$tard

(We are talking about the xz/libzma backdoor identified with CVE-2024-3094) Summary of the OpenSSH XZ...

Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users

Read our update: Yet another reason why the xz backdoor is a sneaky b@$tard On...

Kubernetes Vulnerabilities Roundup 2023

Kubernetes vulnerabilities: 2023 roundup

Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software...

Under the hood of CVE patching

Addressing Common Vulnerabilities and Exposures, known as CVE patching, is a practice of applying updates...

Three new NGINX ingress controller vulnerabilities reported and how they affect Kubernetes

CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from the...

cve-2023-3676

Kubelet vulnerabilities on Windows nodes: CVE-2023-3676, CVE-2023-3955 and CVE-2023-3893

Kubernetes security: three new interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes...

CVE-2022-47633

CVE-2022-47633: Kyverno’s container image signature verification can be bypassed by a malicious registry or proxy

Security researchers at ARMO have found a high-severity vulnerability in the Kyverno admission controller container...

2022 Kubernetes Vulnerabilities – Main Takeaways 

All the main K8s vulnerabilities from 2022 consolidated into one article. Read all about it...

CVE-2022-39328: Unauthorized access to arbitrary endpoints in Grafana codebase

Grafana Labs published a security advisory for a new critical vulnerability in its open-source product....

Upcoming Critical OpenSSL Vulnerability

Upcoming Critical OpenSSL Vulnerability

This blog covers a developing story and it will be updated as new information and...

slack_logos

Continue to Slack

Get the information you need directly from our experts!

new-messageContinue as a guest