8580 matches found
CVE-2026-10609
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
CVE-2026-10609 Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
CVE-2026-10609
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
CVE-2026-10609
The vulnerability CVE-2026-10609 affects the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, enabling a delegated editor to exfiltrate...
EUVD-2026-38448
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
CVE-2026-10609
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
GHSA-WJV4-X9W8-WM3H vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-PHWJ-RPRQ-35PP vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-9CV2-CFXC-V4V2 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-5V8H-3H3Q-446P vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-WFPW-MMFH-QQ69 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-P67V-3W7G-WJG7 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-8678-W3JW-XFC2 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-5PRR-V3J2-97MH vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
Malicious code in zod-pino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81e8a23a71a5288646495c50a46c2814ffc0668d9c24ed04e1abd9e8758b5ea2 Package is published under the name 'zod-pino' suggesting a Zod/Pino logging integration but the shipped contents are unrelated to that purpose. The...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Container Storage Interface (CSI) are now fixed in Storage Scale Container Native 5.2.3.8 / CSI 2.14.7 and Storage Scale Container Native 6.0.1.0 / CSI 3.1.0 or higher
Summary The following vulnerabilities, which can affect IBM Storage Scale Container Storage Interface CSI CVE-2026-9167 are now fixed in Storage Scale Container Native 5.2.3.8 / CSI 2.14.7 or higher and Storage Scale Container Native 6.0.1.0 / CSI 3.1.0 or higher. Vulnerability Details...
CVE-2026-12725
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...
CVE-2026-12725
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...
EUVD-2026-38278
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...
ROOT-APP-MAVEN-CVE-2021-45105 CVE-2021-45105 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root
Root has patched CVE-2021-45105 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...