27 matches found
Security Bulletin: IBM Cloud Kubernetes is affected by a Linux kernel security vulnerability (CVE-2026-31431)
Summary IBM Cloud Kubernetes Service is affected by a vulnerability in the Linux kernel that could allow a local attacker to escalate their privileges CVE-2026-31431. Vulnerability Details CVEID : CVE-2026-31431 Description : In the Linux kernel, the following vulnerability has been resolved:...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerability (CVE-2026-3288)
Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerability CVE-2026-3288. A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2025-5187)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that may allow node users to delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. CVE-2025-5187. Vulnerability Details CVEID:...
Security Bulletin: IBM Cloud Kubernetes Service on Ubuntu20 is affected by a FreeType Remote Code Execution security vulnerability (CVE-2025-27363)
Summary IBM Cloud Kubernetes Service is affected by a FreeType Remote Code Execution security vulnerability CVE-2025-27363 which is included in Ubuntu20 distributions, but not applicable to Ubuntu24 distributions. Vulnerability Details CVE-2025-27363 Description: An out of bounds write exists in...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2024-40635)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in containerd where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root UID 0. This could cause...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2025-24514, CVE-2025-1097, CVE-2025-1098)
Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities where a user that can create or update Ingress objects can use the nginx.ingress.kubernetes.io/auth-url annotation CVE-2025-24514 or the nginx.ingress.kubernetes.io/auth-tls-match-cn...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2024-21626)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in the runc component shipped with containerd where an attacker could gain unauthorized access to the host filesystem CVE-2024-21626. Vulnerability Details CVEID: CVE-2024-21626 Description: Open Container Initiati...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-5043, CVE-2023-5044, CVE-2022-4886)
Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities where a user that can create or update Ingress objects can use the nginx.ingress.kubernetes.io/configuration-snippet annotation CVE-2023-5043 or the...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a kubelet security vulnerability (CVE-2023-2431)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the kubelet that allows pods to bypass the seccomp profile enforcement CVE-2023-2431 Vulnerability Details CVEID: CVE-2023-2431 Description: Kubernetes could allow a local authenticated attacker to bypass security...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2023-2728)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that enables a user to bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers with the kubernetes.io/enforce-mountable-secrets...
Security Bulletin: IBM Cloud Kubernetes Service is affected by two containerd security vulnerabilities (CVE-2023-28642) (CVE-2023-27561)
Summary IBM Cloud Kubernetes Service is affected by two security vulnerabilities found in containerd where 1 runc could allow a remote attacker to bypass security restrictions, caused by a symbolic link following vulnerability CVE-2023-28642 and 2 runc could allow a local authenticated attacker t...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2021-41190)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in containerd that allows clients to misinterpret manifest and layer fields. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes kubelet security vulnerability (CVE-2021-25741)
Summary IBM Cloud Kubernetes Service is affected by a Kubernetes kubelet security vulnerability that could allow host path like access without use of the hostPath feature, thus bypassing the restriction CVE-2021-25741. Vulnerability Details CVEID: CVE-2021-25741 Description: Kubernetes could allo...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability (CVE-2020-8554)
Summary IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote authenticate...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2021-25735)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that could allow node updates to bypass a validating admission webhook CVE-2021-25735 Vulnerability Details CVEID: CVE-2021-25735 Description: Kubernetes kube-apiserver could allow a remote...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes kubelet security vulnerability (CVE-2020-8557)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes kubelet that could result in the denial of service of a node CVE-2020-8557 Vulnerability Details CVEID: CVE-2020-8557 Description: Kubernetes kubelet is vulnerable to a denial of service, caused by an...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2020-8559)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that could enable a privilege escalation from a compromised node CVE-2020-8559 Vulnerability Details CVEID: CVE-2020-8559 Description: Kubernetes kube-apiserver could allow a remote...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2019-11254, CVE-2020-8552)
Summary IBM Cloud Kubernetes Service is affected by security vulnerabilities in the Kubernetes API server that exposes it to denial of service attacks CVE-2019-11254 and CVE-2020-8552 Vulnerability Details CVEID: CVE-2019-11254 DESCRIPTION: Kubernetes is vulnerable to a denial of service, caused ...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2019-11253)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that exposes it to a denial of service attack via malicious YAML or JSON payloads CVE-2019-11253 Vulnerability Details CVE-ID: CVE-2019-11253 Description: The Kubernetes API server is...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Python security vulnerability (CVE-2019-10160)
Summary IBM Cloud Kubernetes Service is vulnerable to CVE-2019-10160 Python security vulnerability which could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling. Vulnerability Details CVE-ID: CVE-2019-10160 Description: Python...