AZL-34898 CVE-2023-5408 affecting package kubernetes for versions less than 1.29.1-2

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...

AZL-31786 CVE-2023-5408 affecting package kubernetes for versions less than 1.28.4-5

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...

Privilege escalation

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...

CVE-2023-5408 Openshift: modification of node role labels

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...

ovn: service monitor MAC flow is not rate limited

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured...

CVE-2023-41891

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

Design/Logic Flaw

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

CVE-2023-41891

FlyteAdmin’s list endpoints are vulnerable to SQL injection in versions prior to 1.1.124, where a malicious user can send REST requests with custom SQL statements as list filters. The attacker must have access to the FlyteAdmin installation (typically behind VPN or authenticated access). A patch ...

CVE-2023-41891 FlyteAdmin SQL Injection in List Filters

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

Vulnerability fixed in F5 BIG-IP

F5 has fixed a vulnerability in BIG-IP. A malicious person could exploit the vulnerability to execute arbitrary code on the system. For successful exploitation, the malicious party must have physical or LAN access have access to the physical management port of the vulnerable device, or have acces...

K000137365: BIG-IP Configuration utility authenticated SQL injection vulnerability CVE-2023-46748

Security Advisory Description An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility. CVE-2023-46748 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP...

K000137353: BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747

Security Advisory Description Undisclosed requests may bypass Configuration utility authentication. CVE-2023-46747 Impact This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary...

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane...

CVE-2023-44184 Junos OS and Junos OS Evolved: High CPU load due to specific NETCONF command

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon mgd process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU...

Juniper Networks Junos OS Security Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS that stems from a misauthorization vulnerability in CP packet...

K98334513: BIG-IP DNS TSIG key vulnerability CVE-2023-41253

Security Advisory Description When a BIG-IP DNS or BIG-IP LTM system is enabled with the DNS Services license, and a TSIG key is created, the key is logged in plaintext in the audit log. CVE-2023-41253 Impact An authenticated attacker with at least auditor role privileges can view the TSIG key in...

K06110200: BIG-IP and BIG-IQ TACACS+ audit log vulnerability CVE-2023-43485

Security Advisory Description When TACACS+ audit forwarding is configured on a BIG-IP or BIG-IQ system, shared secret is logged in plaintext in the audit log. CVE-2023-43485 Impact An authenticated attacker with at least auditor role privileges can view shared secret. There is no data plane...

K41072952: BIG-IP Appliance mode external monitor vulnerability CVE-2023-43746

Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary...

K20307245: BIG-IP tmsh vulnerability CVE-2023-45219

Security Advisory Description Exposure of Sensitive Information vulnerability exists in an undisclosed BIG-IP TMOS Shell tmsh command, which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. CVE-2023-45219 Impact An authenticated attack...

Fedora: Security Advisory for golang-github-envoyproxy-control-plane (FEDORA-2023-f122ea1b3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...