LightLLM 代码问题漏洞

LightLLM is an open-source language model inference and service framework developed by ModelTC. Versions of LightLLM 1.1.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from unauthenticated or improperly authenticated WebSocket endpoints exposed by PD master nodes, whi...

SUSE CVE-2025-13888

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

EUVD-2025-203383

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the processing of ArgoCD Custom Resources. A namespace admin can gain elevated privileges and execute arbitrary workloads with root access on master nodes by crafting malicious custom resources after...

CVE-2025-13888

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

CVE-2025-13888

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

CVE-2025-13888 Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

PT-2025-51238

Name of the Vulnerable Software and Affected Versions OpenShift GitOps affected versions not specified Description A security issue exists in OpenShift GitOps where namespace administrators can create malicious ArgoCD Custom Resources CRs. These CRs can deceive the system into granting the...

EUVD-2019-2220

Malware in sbrugna...

CVE-2024-5480

A vulnerability in PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

CVE-2024-5480

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

UBUNTU-CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

CVE-2024-5480

Removed by vendor...

Default credentials

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS I...

CVE-2019-10200

CVE-2019-10200 affects OpenShift Container Platform 4. By default, users who can create pods may schedule workloads on master nodes. If such pods use hostNetwork on a master node, they can retrieve credentials for the master AWS IAM role, potentially granting management access to AWS resources an...

Unauthorized Access

github.com/openshift/cluster-kube-apiserver-operator allows unauthorized access. Users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master...

kubeadm-ha-setup security update

0.0.2-1.0.52 - OLCNE-678 Restore fails when trying to restore after a failed update 0.0.2-1.0.51 - OLCNE-667 Minor version update doesn't update kubeadm on all master nodes 0.0.2-1.0.50 - Make k8s 1.14 specific changes 0.0.2-1.0.49 - OLCNE-668 Remove 1.10 and 1.11 version since they are...

CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS I...