Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-016823)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016823 advisory. A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching...

EUVD-2025-25937

Malicious code in bioql PyPI...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2025-5187)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that may allow node users to delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. CVE-2025-5187. Vulnerability Details CVEID:...

Privilege Escalation

Kubernetes is vulnerable to Privilege Escalation. The vulnerability is due to improper access control because node users can patch their node object with an OwnerReference to a cluster-scoped resource, leading to unintended node deletion via garbage collection...

OESA-2025-2284 kubernetes security update

Container cluster management. Security Fixes: A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference...

OESA-2025-2282 kubernetes security update

Container cluster management. Security Fixes: A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference...

SUSE CVE-2025-5187

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently delete...

CVE-2025-5187

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently delete...

DEBIAN-CVE-2025-5187

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently delete...

CVE-2025-5187

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently delete...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the NodeRestriction admission controller. An attacker can cause unauthorized deletion of node objects by patching them with an OwnerReference to a cluster-scoped resource, resulting in the node being deleted...

CVE-2025-5187

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently delete...

Fedora 41 : kubernetes1.31 (2025-a1ec5a674c)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a1ec5a674c advisory. - Update to release v1.31.12 - Resolves: rhbz2388412 - Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - Upstream fix Tenabl...

Fedora 41 : kubernetes1.33 (2025-51e8d5ec56)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-51e8d5ec56 advisory. - Update to release v1.33.4 - Resolves: rhbz2388412 - Fixes CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - Upstream fixes Tenable h...

Incorrect Authorization

github.com/projectcapsule/capsule is vulnerable to Incorrect Authorization. The vulnerability is caused due to the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant i.e., namespaces without the ownerReference field. This can lead to an attacker gaining contro...

PT-2024-28629 · Capsule · Capsule

Name of the Vulnerable Software and Affected Versions: Capsule versions 0.7.0 and earlier Description: The issue allows a tenant-owner to patch any arbitrary namespace that has not been taken over by a tenant, thereby gaining control of that namespace. This is possible because namespaces without...