Craig Ingram

**Name of the Vulnerable Software and Affected Versions** Kubelet (affected versions not specified) **Description** A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field are affected by this issue, allowing the pod to run in unconfined (seccomp disabled) mode. The issue is related to insufficient input validation, which can be exploited to configure certain modules to work in an unconfined mode. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio Code (affected versions not specified) **Description** The issue is related to insecure privilege management in Visual Studio Code. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.