AWS VDP: Encryption context keys and values logged at INFO level

Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...

EUVD-2019-16207

Malware in sbrugna...

EUVD-2024-50693

Malicious code in bioql PyPI...

EUVD-2023-0665

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-8565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs a...

SUSE CVE-2020-8565

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

SUSE-SU-2021:4171-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.0.3. CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc bsc1193436 Fixed inability to start a container with...

SUSE-SU-2021:4059-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.0.3. CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc bsc1193436 Fixed inability to start a container with...

CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

DEBIAN-CVE-2020-8565

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

UBUNTU-CVE-2020-8566

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects v1.19.3, v1.18.10, v1.17.13...