Karmada PULL Mode Cluster Privilege Escalation

Impact What kind of vulnerability is it? Who is impacted? The PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources. By abusing these permissions, an attacker able to authenticate as the karmada-agent to a karmada cluster...

CVE-2024-56513

Karmada PULL mode clusters were granted excessive access to control plane resources before v1.12.0. An attacker who can authenticate as the karmada-agent could obtain administrative privileges over the entire federation, including all member clusters. Since v1.12.0, karmadactl register tightens p...

GHSA-QMVJ-4QR9-V547 Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler

Summary A vulnerability was fond in Knative Serving that could allow an attacker to crash the Knative Serving autoscaler resulting in a denial of service. The attacker would need to have compromised one pod in the Knative Serving deployment, and with that position they could launch the attack...

CVE-2022-47318

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...

CVE-2018-1000800

zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sysringbufput, sysringbufget that can result in CPU Page Fault error code 0x00000010. This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs system sysringbufget and...