Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC2FBE434FDED9DC756BE855E33C9AD8C0A5B759539A8AEC3235DE5AFDA3E29EF
HistoryDec 11, 2020 - 7:10 a.m.

Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.

2020-12-1107:10:49
www.ibm.com
9

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Summary

Fixed OSS issus for listed CVEs.

Vulnerability Details

CVEID:CVE-2020-7919
**DESCRIPTION:**Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178227 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-11248
**DESCRIPTION:**Kubernetes could allow a remote attacker to obtain sensitive information, caused by the exposure of the debugging endpoint /debug/pprof by default on Kubelet healthz port. An attacker could exploit this vulnerability to obtain internal Kubelet memory addresses and configuration or cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164836 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID:CVE-2019-11253
**DESCRIPTION:**The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168618 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-11254
**DESCRIPTION:**Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178935 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Netezza for Cloud Pak for Data All

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Netezza for Cloud Pak for Data 11.1.1.0 Link to Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak for dataeq11.1.1.0

Related

ibm 37
gitlab 3
nessus 28
alpinelinux 2
redhatcve 4
nuclei 1
osv 13
veracode 4
hackerone 2
debiancve 4
ubuntucve 4
attackerkb 1
github 4
redhat 15
photon 14
mageia 1
cve 4
openvas 5
cgr 2
wolfi 2
prion 4
fedora 2
symantec 1
broadcom 1
checkpoint_advisories 1
threatpost 4
oraclelinux 5
debian 1
f5 1
kitploit 1
oracle 1
ibm
ibm
Security Bulletin: Open Source Security issues for AWS storage layer in NPS.
2020-12-10 11:16:05
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerability (CVE-2019-11248)
2019-08-19 15:22:49
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11248)
2019-11-23 16:46:30
gitlab
gitlab
Improper Certificate Validation
2021-06-23 00:00:00
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
2021-05-18 00:00:00
Excessive Platform Resource Consumption within a Loop in Kubernetes
2021-12-20 00:00:00
nessus
nessus
Photon OS 2.0: Go PHSA-2020-2.0-0238
2020-05-05 00:00:00
Photon OS 3.0: Go PHSA-2020-3.0-0087
2020-05-13 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.1.20 openshift (RHSA-2019:3132)
2019-10-17 00:00:00
alpinelinux
alpinelinux
CVE-2020-7919
2020-03-16 21:15:00
CVE-2019-11253
2019-10-17 16:15:00
redhatcve
redhatcve
CVE-2019-11248
2020-04-09 12:44:01
CVE-2020-7919
2020-04-03 20:00:02
CVE-2019-11254
2020-04-01 00:32:01
nuclei
nuclei
Debug Endpoint pprof - Exposure Detection
2020-08-19 14:33:23
osv
osv
CVE-2019-11248
2019-08-29 01:15:11
Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte
2022-07-06 18:23:48
CVE-2019-11253
2019-10-17 16:15:10
veracode
veracode
Information Disclosure
2019-08-08 00:52:28
Denial Of Service (DoS)
2020-01-30 02:08:48
Denial Of Service (DoS)
2020-04-02 03:17:51
hackerone
hackerone
8x8: CVE-2019-11248 on http://█.█.█.█:9100/debug/pprof/goroutine
2022-06-20 20:44:54
Engel & Völkers Technology GmbH: CVE-2019-11248 on alertmanager.ev-cloud-platform.engelvoelkers.com
2021-02-12 17:37:56
debiancve
debiancve
CVE-2019-11248
2019-08-29 01:15:00
CVE-2020-7919
2020-03-16 21:15:00
CVE-2019-11253
2019-10-17 16:15:00
ubuntucve
ubuntucve
CVE-2020-7919
2020-03-16 00:00:00
CVE-2019-11254
2020-04-01 00:00:00
CVE-2019-11248
2019-08-29 00:00:00
attackerkb
attackerkb
Kubectl/API Server YAML parsing vulnerable to "Billion Laughs" Attack
2019-10-17 00:00:00
github
github
XML Entity Expansion and Improper Input Validation in Kubernetes API server
2021-05-18 15:38:48
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
2021-06-23 18:02:39
Excessive Platform Resource Consumption within a Loop in Kubernetes
2021-12-20 16:55:06
redhat
redhat
(RHSA-2019:3132) Important: OpenShift Container Platform 4.1.20 openshift security update
2019-10-16 15:24:10
(RHSA-2020:2870) Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-cni security update
2020-07-07 21:08:32
(RHSA-2020:2863) Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus security update
2020-07-07 19:20:43
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0238
2020-05-02 00:00:00
Important Photon OS Security Update - PHSA-2020-0087
2020-05-09 00:00:00
Important Photon OS Security Update - PHSA-2019-0031
2019-09-27 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2020-04-15 13:12:14
cve
cve
CVE-2020-7919
2020-03-16 21:15:00
CVE-2019-11248
2019-08-29 01:15:00
CVE-2019-11254
2020-04-01 21:15:00
openvas
openvas
Fedora: Security Advisory for golang (FEDORA-2020-12bc5b5597)
2020-04-12 00:00:00
Mageia: Security Advisory (MGASA-2020-0173)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2020-1804)
2020-07-31 00:00:00
cgr
cgr
CVE-2020-7919 vulnerabilities
2024-04-24 21:06:49
CVE-2019-11254 vulnerabilities
2024-04-24 21:06:49
wolfi
wolfi
CVE-2020-7919 vulnerabilities
2024-04-24 21:08:11
CVE-2019-11254 vulnerabilities
2024-04-24 21:08:11
prion
prion
Code injection
2020-03-16 21:15:00
Code injection
2020-04-01 21:15:00
Default configuration
2019-08-29 01:15:00
fedora
fedora
[SECURITY] Fedora 31 Update: golang-1.13.9-1.fc31
2020-04-09 18:19:14
[SECURITY] Fedora 30 Update: kubernetes-1.15.2-1.fc30
2019-08-26 00:53:13
symantec
symantec
Kubernetes API Server CVE-2019-11253 Denial of Service Vulnerability
2019-09-27 00:00:00
broadcom
broadcom
YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML (CVE-2019-11254)
2023-11-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Kubernetes API Server Denial Of Service (CVE-2019-11253)
2019-12-26 00:00:00
threatpost
threatpost
ThreatList: One-Third of Firms Say Their Container Security Lags
2018-11-23 13:00:48
Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
2019-10-17 14:25:39
Public Bug Bounty Takes Aim at Kubernetes Container Project
2020-01-14 17:00:28
oraclelinux
oraclelinux
olcne kubernetes security update
2020-04-17 00:00:00
kubernetes-cni-plugins kubernetes-cni kubernetes olcne security update
2020-06-12 00:00:00
kubernetes kubeadm-ha-setup kubeadm-upgrade security update
2020-04-17 00:00:00
debian
debian
[SECURITY] [DSA 4848-1] golang-1.11 security update
2021-02-08 21:24:09
f5
f5
K000134748 : Kubernetes vulnerabilities CVE-2019-1002100, CVE-2019-11254, CVE-2017-1002101, and CVE-2017-1002102
2023-05-23 00:00:00
kitploit
kitploit
Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures
2021-06-04 21:30:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON
Related for C2FBE434FDED9DC756BE855E33C9AD8C0A5B759539A8AEC3235DE5AFDA3E29EF
ibm37gitlab3nessus28alpinelinux2redhatcve4nuclei1osv13veracode4hackerone2debiancve4ubuntucve4attackerkb1github4redhat15photon14mageia1cve4openvas5cgr2wolfi2prion4fedora2symantec1broadcom1checkpoint_advisories1threatpost4oraclelinux5debian1f51kitploit1oracle1