Five vulnerabilities have been discovered within the Ingress NGINX Controller for Kubernetes. NGINX Ingress Controller is a tool used in Kubernetes environments to manage and route external traffic to services within the cluster.
Ingress Controller acts as a reverse proxy and load balancer, supporting various protocols like WebSocket, gRPC, TCP, and UDP, and also provides features such as content-based routing and TLS/SSL termination. CVE-2025-1974 – ingress-nginx admission controller RCE escalation CVE-2025-1974 is a critical ‘improper isolation or compartmentalisation’ vulnerability with a CVSSv3 score of 9.8. An unauthenticated attacker with access to the pod network could execute arbitrary code within the ingress-nginx controller.
Read more…
Source: NHS Digital
Related:
- Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files
March 20, 2018
You have always been warned not to share remote access to your computer with untrusted people for any reason—it’s a basic cybersecurity advice, and common sense, right? But what if, I say you should not even trust anyone who invites or offer you full remote access to their computers. A critical vulnerability has been discovered in Microsoft’s Windows ...
- AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon
March 20, 2018
MD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices ‘in the coming weeks.’ According to CTS-Labs researchers, critical vulnerabilities (RyzenFall, MasterKey, Fallout, and Chimera) that affect AMD’s Platform Security ...
- Spring break! Critical vuln in Pivotal framework’s Data parts plugged
March 5, 2018
Pivotal’s Spring Data REST project has a serious security hole that needs patching. Pivotal’s Spring Framework is a popular platform for building web apps. Spring Data REST is a collection of additional components for devs to build Java applications that offer RESTful APIs to underlying Spring Data repositories. These interfaces are widely used. Read more… Source: The Register
- Bug in HP Remote Management Tool Leaves Servers Open to Attack
March 1, 2018
Hewlett Packard Enterprise has patched a vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a crippling on vulnerable datacenters under some conditions. The vulnerability (CVE-2017-8987) ...
- Massive Malspam Campaign Targets Unpatched Systems
February 27, 2018
Cybercriminals are leveraging a recently patched critical Adobe Flash Player vulnerability in a massive spam campaign targeting unpatched computers. According to the research firm Morphisec, cybercriminals are blasting spam messages that urge recipients to click a link to download a Word document. And when a victim opens the document and enables macros, malware attempts to exploit an ...
- Smart meters could leave British homes vulnerable to cyber attacks, experts have warned
February 18, 2018
New smart energy meters that the Government wants to be installed in millions of homes will leave householders vulnerable to cyber attacks, ministers have been warned. The intelligence agency GCHQ is said to have raised concerns over the security of the meters, which could enable hackers to steal personal details and defraud consumers by tampering with ...