Apache Tomcat: Apache Tomcat: Information disclosure via sensitive data in log files

A flaw was found in Apache Tomcat. The cloud membership for clustering component was vulnerable to the insertion of sensitive information into log files. This vulnerability could lead to the exposure of the Kubernetes bearer token, which is a credential used for authentication within a Kubernetes...

RHCOS 4 : OpenShift Container Platform 4.1.11 openshift (RHSA-2019:2504)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2504 advisory. - kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced CVE-2019-11247 Note that Nessus has...

EUVD-2022-27557

Malicious code in bioql PyPI...

Privilege Escalation

Kubernetes is vulnerable to Privilege Escalation. The vulnerability is due to improper access control because node users can patch their node object with an OwnerReference to a cluster-scoped resource, leading to unintended node deletion via garbage collection...

OESA-2025-2283 kubernetes security update

Container cluster management. Security Fixes: A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference...

OESA-2025-2280 kubernetes security update

Container cluster management. Security Fixes: A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference...

DEBIAN-CVE-2025-5187

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently delete...

Privilege Escalation

github.com/gardener/gardener is vulnerable to a Privilege Escalation. The vulnerability is due to insufficient access control and trust boundary enforcement in the gardenlet component, which allowed project administrators to interact with or influence seed cluster resources beyond their intended...

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale Data Access Services (DAS) where service account token configured with risky permission (CVE-2022-22411)

Summary A security vulnerability has been identified in IBM Spectrum Scale Data Access Services DAS where service account token configured with risky permission. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-22411 DESCRIPTION: IBM Spectrum Scale could allow an...

Hail Security Vulnerability

Hail is a Python-based open source general purpose data analysis tool with additional data types and methods for working with genomic data. A security vulnerability exists in versions prior to Hail 0.2.127 that stems from the fact that Hail relies on the OpenID Connect OIDC email address in the I...

capsule-proxy Information Disclosure Vulnerability

The capsule-proxy is allowed to overcome the Kubernetes API Server's limitations in listing owned cluster-wide resources such as Namespace, Ingress and Storage Classes, Nodes, and other resources covered by the Capsule. An information disclosure vulnerability exists in capsule-proxy. An attacker...

pcs security and bug fix update

An update is available for pcs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...

Moderate: pcs security and bug fix update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of service in header parsing CVE-2023-27539 For more details about the security...

ALSA-2023:3082 Moderate: pcs security and bug fix update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of service in header parsing CVE-2023-27539 For more details about the security...

CVE-2022-23509

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

IBM Spectrum Scale Data Access Services存在未明漏洞

IBM Spectrum Scale is a scalable data and file management solution from IBM based on IBM GPFS an enterprise file management system optimized for petabyte-scale storage management. The product supports helping customers reduce storage costs while improving security and management efficiency in...

CVE-2022-22411

IBM Spectrum Scale Data Access Services DAS 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016...

Code injection

IBM Spectrum Scale Data Access Services DAS 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016...

CVE-2022-22411

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 is affected. An authenticated user could insert code and manipulate cluster resources due to excessive service-account permissions. Affected product/version: DAS 5.1.3.1. Root cause described as risky permissions enabling code insertion. IBM b...

CVE-2022-22411

IBM Spectrum Scale Data Access Services DAS 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016...