13 matches found
IBM Turbonomic prometurbo agent elevation of privilege vulnerability
The IBM Turbonomic prometurbo agent is a component in IBM Turbonomic Application Resource Management that is used to manage resource configurations. An elevation of privilege vulnerability exists in IBM Turbonomic prometurbo agent. The vulnerability stems from an excessive cluster-wide permission...
CVE-2026-6389
IBM Turbonomic Prometurbo agent (application resource management) versions 8.16.0–8.17.6 expose cluster‑wide permissions, including unrestricted read access to all secrets. This enables an attacker with operator/service account access to exfiltrate credentials, escalate privileges, and potentiall...
containerd affected by a local privilege escalation via wide permissions on CRI directory
...
CVE-2025-12103
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the creation of a ServiceAccount with cluster-level privileges during deployment of a namespace-scoped custom resource. An attacker can gain elevated cluster-wide permissions by impersonating the...
PT-2024-24920 · Software House · Software House Ccure 9000
Name of the Vulnerable Software and Affected Versions: Software House C•CURE 9000 affected versions not specified Description: The issue arises when the Software House C•CURE 9000 installer utilizes unnecessarily wide permissions under certain circumstances. Recommendations: At the moment, there ...
CVE-2022-3162 Unauthorized read of Custom Resources
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
CVE-2021-28099
In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...
PT-2021-17743 · Netflix · Netflix Oss Hollow
Name of the Vulnerable Software and Affected Versions: Netflix OSS Hollow affected versions not specified Description: The issue allows an attacker to pre-create directories with wide permissions since the Files.existsparent check is performed before creating the directories. Furthermore, the use...
[SECURITY] [DLA 1429-1] sssd security update
Package : sssd Version : 1.11.7-3+deb8u1 CVE ID : CVE-2018-10852 Debian Bug : 902860 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD us...
CVE-2018-10852
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...
Debian Security Advisory DSA 2376-1 (ipmitool)
The remote host is missing an update to ipmitool announced via advisory DSA 2376-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
DSA-2376-2 ipmitool - insecure pid file
Bulletin has no description...