547 matches found
RHEL 7 : OpenShift Container Platform 3.9 (RHSA-2019:2769)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2769 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
frontend
!Build Statushttps://github.com/DependencyTrack/frontend/act...
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
DEBIAN-CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
Input validation
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
CVE-2019-11253 Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
CVE-2019-11253
CVE-2019-11253 : Kubernetes API server vulnerability where improper input validation allows authorized users to submit malicious YAML/JSON payloads, causing the API server to consume excessive CPU/memory and potentially crash (DoS). Affected versions include v1.0–1.12 and earlier than v1.13.12, v...
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
Kubectl/API Server YAML parsing vulnerable to "Billion Laughs" Attack
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
CVE-2019-11247: Kubernetes API Server Vulnerability | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and ro...
CVE-2019-1002100
A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service. Mitigation Remove ‘patch’ permissions from untruste...
Security Bulletin: IBM Cloud Private for Data is affected by a privilege escalation vulnerability in Kubernetes API server
Summary IBM Cloud Private for Data is affected by a security vulnerability in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation. Vulnerability Details CVEID: CVE-2018-1002105 DESCRIPTION: Kubernetes could allow a...
Security Bulletin: A Security Vulnerability Has Been Identified In IBM Cloud Private shipped with IBM Cloud Private for Data - CVE-ID: CVE-2018-1002105
Summary IBM Cloud Private is shipped with IBM Cloud Private for Data. Information about a security vulnerability affecting IBM Cloud Private has been published in a security bulletin. Vulnerability Details Refer to the security bulletin listed in the Remediation/Fixes section Affected Products an...
CVE-2019-11060
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service DoS by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time...
CVE-2019-11063 SmartHome application has a broken access control vulnerability in its Web API Server
A broken access control vulnerability in SmartHome app Android versions up to 3.0.42190515, ios versions up to 2.0.22 allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway HG100 via http://target/smarthome/devicecontrol witho...
CVE-2019-11061 HG100 has a broken access control vulnerability in its Web API Server
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://target/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 Confidentiality, Integrity...
Hostinger Data Breach: 14M Customer Passwords, Personal Data at Risk
Web hosting company Hostinger is warning that a breach of one of its servers potentially gave bad actors access to the hashed passwords and personal data of more than 14 million customers. Hostinger, a popular web, cloud and virtual private server hosting provider and domain registrar with 29...