Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.9.0 release.

Red Hat Developer Hub 1.9.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.4 release.

Red Hat Developer Hub 1.7.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

EUVD-2022-2602

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.1 release.

Red Hat Developer Hub 1.7.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.4 release.

Red Hat Developer Hub 1.6.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

Low: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.3 bugfix release

Red Hat Developer Hub 1.3.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

SUSE-RU-2024:4213-1 Recommended update for helm

helm was updated to fix the following issues: Update to version 3.16.3: fix: fix label name Fix typo in pkg/lint/rules/chartfiletest.go Increasing the size of the runner used for releases. fixhooks: correct hooks delete order Bump github.com/containerd/containerd from 1.7.12 to 1.7.23 Update to...

DEBIAN-CVE-2024-45310

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

What’s New in InsightVM and Nexpose: Q3 2023 in Review

A lot of new and exciting product updates this quarter to help customers continue driving better security outcomes. We are thrilled to launch a new vulnerability risk scoring strategy this quarter along with upgrades like improved UI for the Engine Pool page, more policy coverage, and more. Let’s...

istio security update

istio 1.16.4-1 - Added Oracle specific files for 1.16.4-1 kubernetes 1.25.7-2 - libct/cg: add misc controller to v1 drivers upstream runc patch olcne 1.6.1-9 - Updated the CVE ID's in Istio-1.16.4 changelog entry 1.6.1-8 - Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6...

SUSE-SU-2023:0326-1 Security update for podman

This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: Bugfixes - Fixed a deadlock between the podman ps and podman container inspect commands Misc - Updated the containers/image library to v5.23.1 4.3.0: Features - A new command, podman generate spec, has...

SUSE-SU-2023:0187-1 Security update for podman

This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: Bugfixes - Fixed a deadlock between the podman ps and podman container inspect commands Misc - Updated the containers/image library to v5.23.1 4.3.0: Features - A new command, podman generate spec, has...

SUSE-SU-2022:3666-1 Security update for helm

This update for helm fixes the following issues: helm was updated to version 3.9.4: CVE-2022-36055: Fixed denial of service through string value parsing bsc1203054. Updating the certificates used for testing Updating index handling helm was updated to version 3.9.3: - CVE-2022-1996: Updated...

SUSE-SU-2022:3312-1 Security update for libcontainers-common

This update for libcontainers-common fixes the following issues: libcontainers-common was updated: - common component was updated to 0.44.0. - storage component was updated to 1.36.0. - image component was updated to 5.16.0. - podman component was updated to 3.3.1. 3.3.1: Bugfixes: - Fixed a bug...

GHSA-7H24-4X4C-69MF Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin

A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...

Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin

A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...