682 matches found
Improper Ownership Management
Overview Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with permission to create a project can escalate privileges to those of a user who owns a project by the same...
Improper Ownership Management
Overview Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with permission to create a project can escalate privileges to those of a user who owns a project by the same...
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Multiple threat activity clusters with ties to North Korea aka Democratic People's Republic of Korea or DPRK have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivate...
CVE-2025-32793
CVE-2025-32793 affects Cilium’s eBPF dataplane when WireGuard transparent encryption is enabled. Versions 1.15.0–1.15.15, 1.16.0–1.16.8, and 1.17.0–1.17.2 are vulnerable to a race condition where packets from a terminating endpoint may leave the source node unencrypted. The issue is fixed in 1.15...
CVE-2025-22021
Summary (CVE-2025-22021): In the Linux kernel, the IPv6 SNAT path for socket lookups was missing a conntrack-based orig-tuple restoration, causing xt_socket to fail matching on SNATed IPv6 packets. Kubernetes uses IPv6 SNAT for pod-to-world traffic; in such environments, Cilium with Envoy relies ...
CVE-2025-22021 netfilter: socket: Lookup orig tuple for IPv6 SNAT
In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nfsklookupslowv4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket if any. Then socketmatch can...
CVE-2025-22021 netfilter: socket: Lookup orig tuple for IPv6 SNAT
In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nfsklookupslowv4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket if any. Then socketmatch can...
GHSA-459X-Q9HG-4GPQ Kyverno vulnerable to SSRF via Service Calls
Summary An attacker with the ability to create Kyverno policies in a Kubernetes cluster can use Service Call functionality to perform SSRF to a server under their control in order to exfiltrate data. Details According to the documentation, Service Call is intended to address services located insi...
CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.4.3 release.
Red Hat Developer Hub 1.4.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.5.1 release.
Red Hat Developer Hub 1.5.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.18.6 packages and security update
Red Hat OpenShift Container Platform release 4.18.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...
com.github.sakserv:hadoop-mini-clusters (=0.0.14), com.github.sakserv:hadoop-mini-clusters-oozie (>=0.1.1 <=0.1.16) +13 more potentially affected by CVE-2025-26796 via org.apache.oozie:oozie-core (>=4.1.0 <=5.2.1)
org.apache.oozie:oozie-core MAVEN version =4.1.0, =0.1.1, =1.0, =1.2, =4.2.0, =5.2.0, =4.1.0, =4.2.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =5.2.1 - org.kitesdk:kite-data-oozie =1.1.0 Source cves: CVE-2025-26796 Source advisory: OSV:GHSA-FMXW-76XQ-CMQQ...
com.github.sakserv:hadoop-mini-clusters (=0.0.14), com.github.sakserv:hadoop-mini-clusters-oozie (>=0.1.1 <=0.1.16) +13 more potentially affected by CVE-2025-26796 via org.apache.oozie:oozie-core (>=4.1.0 <=5.2.1)
org.apache.oozie:oozie-core MAVEN version =4.1.0, =0.1.1, =1.0, =1.2, =4.2.0, =5.2.0, =4.1.0, =4.2.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =5.2.1 - org.kitesdk:kite-data-oozie =1.1.0 Source cves: CVE-2025-26796 Source advisory: SNYK:JAVA-ORGAPACHEOOZIE-9512888...
Scale Transcoding and AI Workloads with GPU Kubernetes Clusters
...
Linux Distros Unpatched Vulnerability : CVE-2020-10749
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perfor...
Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.
Red Hat Developer Hub 1.4.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
SUSE CVE-2022-49553
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectorsperclusters When the NTFS BOOT sectorsperclusters field is 0x80, it represents a shift value. Make sure that the shift value is not too large before using it NTFS max cluster size is 2MB. Return...
DEBIAN-CVE-2022-49553
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectorsperclusters When the NTFS BOOT sectorsperclusters field is 0x80, it represents a shift value. Make sure that the shift value is not too large before using it NTFS max cluster size is 2MB. Return...
UBUNTU-CVE-2022-49553
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectorsperclusters When the NTFS BOOT sectorsperclusters field is 0x80, it represents a shift value. Make sure that the shift value is not too large before using it NTFS max cluster size is 2MB. Return...