Kubernetes 1.x < 1.10.11 / 1.11.x < 1.11.5 / 1.12.x < 1.12.3 API Server Privilege Escalation

The version of Kubernetes installed on the remote host is version 1.x prior to 1.10.11, 1.11.x prior to 1.11.5, or 1.12.x prior to 1.12.3, and thus, is affected by a remote, unauthenticated privilege escalation vulnerability. Note that a successful attack requires that an API extension server is...

Critical: Red Hat Security Advisory: OpenShift Container Platform 3.10 security update

An update is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Tapplock Smart Lock Insecure Direct Object Reference

The server http://api.tapplock.com/ which servers as the api server for the tapplock smart lock is vulnerable to multiple authorization bypasses allowing horizontal escalation of privileges which could lead to the disclosure of all the info of all users and total compromise of every lock. The...

Buffer overflow

The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, userid, and token fields in data/data/com.ohmibod.remote2/sharedprefs/OMB.xml...

CVE-2017-14487

The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, userid, and token fields in data/data/com.ohmibod.remote2/sharedprefs/OMB.xml...

CVE-2017-14487

What is affected: OhMiBod Remote app for Android and iOS (Android/iOS platforms) using the OhMiBod API server. Vulnerability details: An attacker can impersonate a user by sniffing network traffic for search responses and then editing the username, user_id, and token fields stored in data/data/co...

Circle with Disney Token Routing Vulnerability(CVE-2017-12085)

Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...

Starbucks: Full Api Access and Run All Functions via Starbucks App

The tested application is Starbucks Turkey Android App. https://play.google.com/store/apps/details?id=com.starbucks.tr&hl=en All these things are made without any login. I did not login the app. 1. I tried to intercept traffic between starbucks app and server with burp suite. I could not be...

CVE-2016-5392

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

CVE-2016-5392

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

CVE-2016-5392

The CVE-2016-5392 vulnerability affects Red Hat OpenShift Enterprise 3.2 deployments where the Kubernetes API server’s watch cache allows a remote, authenticated user who knows other project names to disclose sensitive project and user information. The root cause is an input validation error in t...

Unspecified Vulnerability in Google Kubernetes API Server

Google Kubernetes is an open source Docker container cluster management system. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A security vulnerability in Google Kubernetes' API server allows remote...

CVE-2016-1905

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

Design/Logic Flaw

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

CVE-2016-1905

Technical details are not publicly available in the provided documents; no explicit affected products, impact specifics, or remediation are described beyond the initial description. Monitor for updates from connected sources.

CVE-2016-1905

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

CVE-2016-1905

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

Improper Access Control

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update

Red Hat OpenShift Enterprise release 3.1.1 is now available with updates to packages that fix several security issues, bugs and introduce feature enhancements. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

CVE-2015-5250

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...