Lucene search
+L

131 matches found

RedHat Linux
RedHat Linux
added 2025/09/29 7:49 a.m.7 views

Moderate: Red Hat Security Advisory: RHACS 4.7 bug fix and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.4CVSS7AI score0.01735EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/09/29 7:39 a.m.9 views

Moderate: Red Hat Security Advisory: RHACS 4.7 bug fix and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.4CVSS7AI score0.01735EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/09/15 8:25 a.m.5 views

Moderate: Red Hat Security Advisory: RHACS 4.8.4 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.4CVSS6.8AI score0.01735EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2016-2141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw t...

9.8CVSS6.7AI score0.04698EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-23451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and...

6.5CVSS6.4AI score0.00435EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/02 12:0 a.m.6 views

The vulnerability of the orf_token_endian_convert() function in the community-based communication system for Corosync-resistant clusters allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the orftokenendianconvert function in the cluster-based communication system for Corosync-resistant clusters is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a...

9CVSS7.8AI score0.00433EPSS
Exploits1References13Affected Software6
OSV
OSV
added 2025/04/14 5:47 p.m.35 views

GHSA-HMP7-X699-CVHQ Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR

Summary: A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. Details: The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customiz...

9.9CVSS7.3AI score0.00753EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/03/25 12:30 a.m.21 views

ingress-nginx controller - auth secret file path traversal vulnerability

A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities,...

4.8CVSS7.3AI score0.03517EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/01/27 2:15 p.m.9 views

CVE-2022-4975

A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/ endpoints, the front-end generates a DOM table-element id="pdf-table". This information is then populated with unsanitized data usi...

8.9CVSS0.00318EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/27 1:47 p.m.9 views

CVE-2022-4975 Rhacs: cross-site scripting in portal

A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/ endpoints, the front-end generates a DOM table-element id="pdf-table". This information is then populated with unsanitized data usi...

8.9CVSS0.00318EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/27 1:47 p.m.3 views

CVE-2022-4975 Rhacs: cross-site scripting in portal

A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/ endpoints, the front-end generates a DOM table-element id="pdf-table". This information is then populated with unsanitized data usi...

8.9CVSS8AI score0.00318EPSS
Exploits0References2
CVE
CVE
added 2025/01/27 1:47 p.m.44 views

CVE-2022-4975

The CVE-2022-4975 entry concerns Red Hat Advanced Cluster Security (RHACS) portal UI. Affected component: frontend rendering of table views (e.g., /main/configmanagement/*) where the portal creates a DOM table (id="pdf-table") and later populates it with data via innerHTML. Root cause: unsanitize...

8.9CVSS5.7AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.4 views

PT-2025-1377 · Red Hat · Red Hat Advanced Cluster Security

Name of the Vulnerable Software and Affected Versions: Red Hat Advanced Cluster Security RHACS affected versions not specified Description: A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the...

8.9CVSS5.7AI score0.00318EPSS
Exploits0References8
OSV
OSV
added 2024/10/29 2:44 p.m.14 views

GHSA-QJVC-P88J-J9RM Kyverno's PolicyException objects can be created in any namespace by default

Summary A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. Details By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to...

8.7CVSS5AI score0.00553EPSS
Exploits1References3
OSV
OSV
added 2024/08/23 11:8 a.m.5 views

OESA-2024-2049 booth security update

Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in Pacemaker. Security Fixes: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is...

5.9CVSS6.7AI score0.00535EPSS
Exploits0References2
Veracode
Veracode
added 2024/05/22 5:55 a.m.15 views

Privilege Escalation

github.com/submariner-io/submariner-operator is vulnerable to Privilege Escalation. The vulnerability is due to unnecessary role-based access control permissions, which allows a privileged attacker to run a malicious container on a node, potentially stealing service account tokens and compromisin...

6.6CVSS6.7AI score0.00504EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/21 9:58 a.m.56 views

Important: Red Hat Security Advisory: RHACS 4.4 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

7.5CVSS7AI score0.91969EPSS
Exploits2References4
OSV
OSV
added 2024/05/17 3:31 p.m.38 views

GHSA-2RHX-QHXP-5JPW Submariner Operator sets unnecessary RBAC permissions

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster...

6.6CVSS6.4AI score0.00504EPSS
Exploits0References13
OSV
OSV
added 2024/05/14 7:16 a.m.27 views

BIT-ELASTICSEARCH-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

6.5CVSS5.6AI score0.00435EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/04/06 12:0 a.m.13 views

The vulnerability of the Elasticsearch search system’s Remote Cluster Security component, related to incorrect authentication, allows a perpetrator to gain access to protected information.

The vulnerability of the Elasticsearch search system component related to Remote Cluster Security is linked to improper authentication. Exploiting this vulnerability can allow a malicious actor to gain access to protected information...

4.6CVSS5.9AI score0.00435EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder