Preface: The vulnerability if not require attacker conduct scam to persuade a user. It is a extreme dangerous vulnerability.

Technical background of Kubernetes: Kubernetes (often referred to as K8s) is an open source system for automatically deploying, extending, and managing containerized applications. The system was designed by Google and donated to the Cloud Native Computing Foundation (now the Linux Foundation).

Synopsis: The container escape vulnerability in runc awaken docker users in regard to cyber security in their domain. Perhaps the vulnerability of CVE-2019-1002101 is in high severity level. But strongly believed that it is an alert. Hey administrator, staying alert! Should you have interest receive a quick understanding, please refer to attached diagram.
Kubernetes has released software updates at the following link: https://github.com/kubernetes/kubernetes/releases

Alert: The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities.

• mod_auth_digest access control bypass (CVE-2019-0217)
• mod_ssl access control bypass (CVE-2019-0215)
• mod_http2, possible crash on late upgrade (CVE-2019-0197)

CVE-2019-0211 bring to my attention. For the synopsis of this matter, please refer to attached diagram.

Remedy: The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. See the URL for more information.

https://httpd.apache.org/security/vulnerabilities_24.html

Preface: Today, the stored password is not encrypted like walking around without clothes!

Technical background: Portainer is a lightweight management UI which allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters). It allows you to manage your all your Docker resources (containers, images, volumes, networks and more) ! It is compatible with the standalone Docker engine and with Docker Swarm mode.

Vulnerability: The affected software stores LDAP credentials in cleartext and performs insufficient security checks on API calls that allow the retrieval of LDAP credentials.

Remedy: Portainer has released software updates at the following url: https://github.com/portainer/portainer/releases/tag/1.20.0

Preface: Splunk is powerful, it can extract cookie of web connections. If client connection still alive, hacker can hijack and get the connection.

Vulnerability details: A vulnerability in Splunk Python SDK could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system. An attacker could exploit this vulnerability by executing a man-in-the-middle attack to bypass access restrictions on the system.

Design weakness: Due to improper verification of untrusted TLS server certificates

Remedy: Splunk has released software updates (refer url) – https://github.com/splunk/splunk-sdk-python/releases

Preface: Linus Benedict Torvalds, he is the principal developer of the Linux kernel, which became the kernel for many Linux distributions and operating systems.

Vulnerability details: An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.

Impact: An attacker could exploit this vulnerability by executing an application that submits malicious input to the targeted system. A successful exploit could allow the attacker to execute arbitrary code and completely compromise the system.

Remedy:https://patchwork.kernel.org/patch/10828359/