rpm package
suse/kubernetes1.23&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
pkg:rpm/suse/kubernetes1.23&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33814 | Hig | 7.5 | < 1.23.17-150300.7.17.1 | 1.23.17-150300.7.17.1 | May 7, 2026 | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. | |
| CVE-2026-35469 | Hig | — | < 1.23.17-150300.7.17.1 | 1.23.17-150300.7.17.1 | Apr 16, 2026 | spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, | |
| CVE-2025-22872 | Med | 6.5 | < 1.23.17-150300.7.12.1 | 1.23.17-150300.7.12.1 | Apr 16, 2025 | The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul | |
| CVE-2024-0793 | Hig | 7.7 | < 1.23.17-150300.7.12.1 | 1.23.17-150300.7.12.1 | Nov 17, 2024 | A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn. | |
| CVE-2024-3177 | Low | 2.7 | < 1.23.17-150300.7.12.1 | 1.23.17-150300.7.12.1 | Apr 22, 2024 | A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. T | |
| CVE-2023-2431 | Low | 3.4 | < 1.23.17-150300.7.12.1 | 1.23.17-150300.7.12.1 | Jun 16, 2023 | A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in un | |
| CVE-2021-25743 | Low | 3.0 | < 1.23.17-150300.7.12.1 | 1.23.17-150300.7.12.1 | Jan 7, 2022 | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. |
- affected < 1.23.17-150300.7.17.1fixed 1.23.17-150300.7.17.1
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
- affected < 1.23.17-150300.7.17.1fixed 1.23.17-150300.7.17.1
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count,
- affected < 1.23.17-150300.7.12.1fixed 1.23.17-150300.7.12.1
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul
- affected < 1.23.17-150300.7.12.1fixed 1.23.17-150300.7.12.1
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
- affected < 1.23.17-150300.7.12.1fixed 1.23.17-150300.7.12.1
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. T
- affected < 1.23.17-150300.7.12.1fixed 1.23.17-150300.7.12.1
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in un
- affected < 1.23.17-150300.7.12.1fixed 1.23.17-150300.7.12.1
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.