Ambassador API Gateway Diagnostics Sensitive Information Disclosure

Ambassador API Gateway includes a diagnostics portal that provides detailed information about the API Gateway's configuration and operation. If this portal is accessible without proper authentication, it can expose sensitive information such as service mappings, API endpoints, routing...

SUSE CVE-2025-39727

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setupclusters In setupswapmap, we only ensure badpages are in range 0, lastpage. As maxpages might be = maxpages. Only call incclusterinfopage for badpage which is maxpages to fix the...

CVE-2025-23260

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure...

CVE-2025-23260

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure...

CVE-2024-20283

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries t...

KubeSphere 3.4.0 Insecure Direct Object Reference

KubeSphere version 3.4.0 and KubeSphere Enterprise version 4.1.1 suffer from an insecure direct object reference vulnerability. Exploit Title: IDOR Vulnerability in KubeSphere v3.4.0 & KubeSphere Enterprise v4.1.1 Date: 3 September Exploit Author: Okan Kurtulus Vendor Homepage:...

Piraeus Operator 安全漏洞

Piraeus Operator is a Piraeus open source for managing LINSTOR clusters in Kubernetes. A security vulnerability exists in Piraeus Operator v2.5.0 and earlier versions, which originated from a vulnerability that allows an attacker to impersonate a service account bound to ClusterRole and use its...

SUSE CVE-2013-0281

Pacemaker 1.1.10, when remote Cluster Information Base CIB configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service connection blocking...

CVE-2022-23235

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when...

Dell EMC PowerScale OneFS Elevation of Privilege Vulnerability

Dell EMC PowerScale OneFS is an API-powered file system. A vulnerability exists in Dell EMC PowerScale OneFS versions 8.2. - 9.2. in which critical resource permissions are incorrectly assigned. An attacker could exploit this vulnerability to gain unauthorized access to cluster-related informatio...

Dell EMC PowerScale OneFS has an unspecified vulnerability (CNVD-2021-73944)

Dell EMC PowerScale OneFS is an API-driven file system. version 8.2.-9.2. of Dell EMC PowerScale OneFS is vulnerable to incorrect critical resource privilege assignment. An attacker could use this vulnerability to gain unauthorized access to cluster-related information...

Dell EMC PowerScale 安全漏洞

Dell EMC PowerScale OneFS is an API-driven file system. version 8.2.-9.2. of Dell EMC PowerScale OneFS is vulnerable to incorrect critical resource privilege assignment. An attacker could use this vulnerability to gain unauthorized access to cluster-related information...

CVE-2018-10815

An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information...

Information disclosure

An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information...

Denial Of Service (DoS)

Pacemaker is vulnerable to denial of service. This is due to the way authentication and processing of remote connections in certain circumstances are performed. A remote attacker is able to exploit the vulnerability to prevent the process from serving other requests when it is configured with...

DEBIAN-CVE-2013-0281

Pacemaker 1.1.10, when remote Cluster Information Base CIB configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service connection blocking...

UBUNTU-CVE-2013-0281

Pacemaker 1.1.10, when remote Cluster Information Base CIB configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service connection blocking...

pacemaker: remote DoS when CIB management is enabled caused by use of blocking sockets

Pacemaker 1.1.10, when remote Cluster Information Base CIB configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service connection blocking...

voldemort-info NSE Script

Retrieves cluster and store information from the Voldemort distributed key-value store using the Voldemort Native Protocol. Example Usage nmap -p 6666 --script voldemort-info Script Output PORT STATE SERVICE 6666/tcp open irc | voldemort-info: | Cluster | Name: mycluster | Id: 0 | Host: localhost...