Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover

Summary Vulnerabilities in the Python, Docker, and ICP such as a hole to obtain confidential information, denial of service, unauthorized access with high privileges, duplicate entries and CRLF injection, may affect IBM Spectrum Discover Vulnerability Details CVEID: CVE-2020-8566 DESCRIPTION:...

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix

The MITRE ATT&CK® for Containers matrix was published today, establishing an industry knowledge base of attack techniques associated with containerization and related technologies that are increasingly more ubiquitous in the current computing landscape. Microsoft is happy to have contributed and...

kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider

A flaw was found in kubernetes. Clusters running on VSphere, using VSphere as a cloud provider a with logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log...

CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

UBUNTU-CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

CVE-2020-8563 Secret leaks in logs for vSphere Provider kube-controller-manager

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

Containerd Bug Exposes Cloud Account Credentials

A security vulnerability can be exploited to coerce the containerd cloud platform into exposing the host’s registry or users’ cloud-account credentials. Containerd bills itself as a runtime tool that “manages the complete container lifecycle of its host system, from image transfer and storage to...

CVE-2020-8563

A flaw was found in kubernetes. Clusters running on VSphere, using VSphere as a cloud provider a with logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. Mitigation Ensure that the logging level is below 4. Additionally, protect...

USN-4480-1 keystone vulnerabilities

It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. CVE-2020-12689, CVE-2020-12691 It was discovered that OpenStack Keystone incorrectly handled the list of...

Foxit Reader and PhantomPDF Information Disclosure Vulnerability (CNVD-2020-32457)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit Reader versions prior to 9.5 and PhantomPDF versions prior to 9.5, which stems from the program not properly handling cloud credentials. An attacker could exploit...

CVE-2019-20836

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive...

CVE-2019-20836

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive...

CVE-2019-20833

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive...

CVE-2019-20833

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive...

Design/Logic Flaw

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive...

Design/Logic Flaw

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive...

CVE-2019-20833

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive...

CVE-2019-20833

Foxit PhantomPDF before version 8.3.10 contains a cloud credential mishandling vulnerability (CVE-2019-20833). The issue affects PhantomPDF and can allow access to documents on Google Drive due to improper handling of cloud credentials. The connected sources (Red Hat, CNVD, NVD, CVE listings) con...

CVE-2019-20836

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive...