A user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
A parser differential between com.sun.jndi.ldap.LdaoURL and java.net.URI may lead to LDAP URI validation bypasses.
Istio version 1.12.0 and 1.12.1 are vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that they may not have access to, such as Pod.
strapi before 3.0.0-beta.17.5 mishandles password resets within default authentication controllers.
Sandbox projection in the “Script Security and Pipeline: Groovy Plugins” could be circumvented through methods supporting type casts and type coercion. This allowed attackers to invoke constructors for arbitrary types.
Privilege escalation in MySQL server due to a missing file permission check.
The Pritunl Client service accepted configuration data which was saved to a file. The service, running as root, would write user specified data to the user specified path, leading to privilege escalation.
The Pritunl Client did not validate VPN server certificates before initiating a VPN connection.
NodePDF passes filenames to child_process.exec(), however, it does not properly encode all special characters.
A buffer overflow exists in tre_parse() when parsing a literal (e.g. \x{deadbeef}), used during regular expression compilation.