UBUNTU-CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

CVE-2025-9566

Vulnerability (CVE-2025-9566) affects the podman component. The issue arises when using the kube play command with a volume mount from a Secrete or a ConfigMap whose volume contains a symbolic link to a host file path; an attacker can cause the host file to be overwritten. The attack is limited t...

CVE-2025-9566 Podman: podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

CVE-2025-9566 Podman: podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

podman kube play symlink traversal vulnerability

Impact The podman kube play command can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file. This allows a malicious container to write to arbitrary files on the host BUT the attacker only controls the target...

GHSA-WP3J-XQ48-XPJW podman kube play symlink traversal vulnerability

Impact The podman kube play command can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file. This allows a malicious container to write to arbitrary files on the host BUT the attacker only controls the target...

GHSA-W54X-XFXG-4GXQ NeuVector process with sensitive arguments lead to leakage

Impact When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation. For example, java -cp /app ... Djavax.net.ssl.trustStorePassword= The command with the password appears in the NeuVector security event. To prevent this, NeuVector uses the...

PT-2025-35111

Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.4.6 Description: NeuVector process handling can lead to the leakage of sensitive arguments, such as passwords, within security event logs. The software uses regular expressions to detect and redact sensitive data...

SUSE CVE-2017-1002102

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

CVE-2023-44392

Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, configmap-reload, litefs, mods, argo-workflows, aws-flb-cloudwatch, cert-manager-webhook-pdns, croc, kapp, tfsec, skopeo, cosign, prometheus-blackbox-exporter, kserve, hello-world-golang, wireguard-go, pdfcpu, sftpgo, cloudnative-pg,...

GHSA-679V-HH23-H5JH vulnerabilities

Vulnerabilities for packages: configmap-reload-fips, falco, smarter-device-manager-fips, metrics-server, kind...

PT-2025-36328

Name of the Vulnerable Software and Affected Versions podman versions 4.0.0 through 5.6.1 Description A vulnerability exists in podman where an attacker can use the kube play command to overwrite host files. This occurs when the kube file contains a Secret or a ConfigMap volume mount, and that...

CVE-2023-32191

When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin...

CVE-2023-32191

When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin...

CVE-2023-32191 rke's credentials are stored in the RKE1 Cluster state ConfigMap

When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin...

CVE-2023-32191 rke's credentials are stored in the RKE1 Cluster state ConfigMap

When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin...

rke 安全漏洞

rke is an extremely simple, lightning fast Kubernetes installer open-sourced by Rancher. There is a security vulnerability in rke that stems from credentials being stored in a ConfigMap with information that allows a non-administrative user to be upgraded to administrator...

Malicious code in platform-harness-ecr-configmap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7812939dfec5496e941d5bd252e8f536d2b2e38984c285fd5881230dd705d928 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...