Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.65 security and extras update

Red Hat OpenShift Container Platform release 4.15.65 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.42 security and extras update

Red Hat OpenShift Container Platform release 4.18.42 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

EUVD-2021-2002

Malware in sbrugna...

EUVD-2023-2468

Malicious code in bioql PyPI...

EUVD-2022-42593

Malicious code in bioql PyPI...

EUVD-2023-1049

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-8559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied...

PT-2025-33265

Name of the Vulnerable Software and Affected Versions: kube-apiserver versions 1.31.11 and earlier kube-apiserver versions 1.32.7 and earlier kube-apiserver versions 1.33.3 and earlier Description: Compromised nodes can delete themselves and relabel via OwnerReferences. An attacker who has gained...

PT-2025-26210 · Unknown · Kubernetes

Name of the Vulnerable Software and Affected Versions: kube-apiserver versions 1.32.0 through 1.32.5 kube-apiserver versions 1.33.0 through 1.33.1 Description: The issue allows a compromised node to create mirror pods, accessing unauthorized dynamic resources, potentially leading to privilege...

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary jQuery is used by IBM Robotic Process Automation for Cloud Pak as part of Abbyy CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2020-23064. Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2020-8552. Go Go-Yam...

GO-2025-3547 Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes

Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes...

Kubernetes kube-apiserver Vulnerable to Race Condition

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

openSUSE: Security Advisory for kubernetes1.23 (SUSE-SU-2024:3341-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHSA-2019:2989 Red Hat Security Advisory: OpenShift Container Platform 3.10 atomic-openshift kube-apiserver security update

Bulletin has no description...

GO-2022-0907 Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes

Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes...

GO-2023-1891 Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes

Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes...

The vulnerability of the kube-apiserver component, a software component for managing clusters of virtual machines in Kubernetes, allows a attacker to increase their privileges.

The vulnerability of the kube-apiserver component, which is part of the Kubernetes cluster management software, relates to the redirection of requests for updates to arbitrary resources. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

ROS-20240805-05

Vulnerability in kube-apiserver component of virtual machine cluster management software tool Kubernetes is related to redirection to malicious resources during proxied update requests. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Kubernetes kube-apiserver [ CVE-2024-3177]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Kubernetes kube-apiserver, caused by a flaw when using containers, init containers, and ephemeral containers with the envFrom field populated CVE-2024-3177. Kubernetes...

kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

A flaw was found in Kubernetes' kube-apiserver. This flaw allows authenticated users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated...