Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. - kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal CVE-2019-11249 -...

7.5CVSS7.3AI score0.25939EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.33 views

Oracle Linux 7 : kubernetes / kubeadm-upgrade / kubeadm-ha-setup (ELSA-2019-4593)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4593 advisory. - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains -- CVE-2019-9946 -- CVE-2019-1002101 -- CVE-2019-1002100...

7.8CVSS6.9AI score0.70372EPSS
Exploits3References3
Openbugbounty
Openbugbounty
added 2022/04/26 1:4 p.m.10 views

fountain.org.tw Improper Access Control vulnerability OBB-2559060

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/18 9:28 p.m.39 views

Security Bulletin: InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes

Summary Multiple vulnerabilities in Kubernetes were addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-9514 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of strea...

7.8CVSS0.1AI score0.83433EPSS
Exploits3Affected Software1
Openbugbounty
Openbugbounty
added 2020/05/05 7:6 p.m.11 views

es.gearbest.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1156608 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.5AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/01/20 5:56 p.m.10 views

dom-termo.ru Cross Site Scripting vulnerability

Security Researcher geeknik Helped patch 8594 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting dom-termo.ru website and its users. Following coordinated...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/10/30 12:0 a.m.56 views

RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

7.5CVSS6.4AI score0.25939EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2019/10/29 4:22 p.m.87 views

Important: Red Hat Security Advisory: OpenShift Container Platform 3.10 atomic-openshift security update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6.6AI score0.25939EPSS
Exploits4References4
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/03 10:50 p.m.38 views

Security Bulletin: IBM Cloud Private for Data is affected multiple security vulnerabilities in IBM Cloud Private Kubernetes

Summary IBM Cloud Private for Data is affected by multiple security vulnerabilites in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation. Vulnerability Details CVEID: CVE-2019-9946 DESCRIPTION: Kubernetes could provid...

7.5CVSS0.2AI score0.13164EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/09/11 12:0 a.m.40 views

Kubernetes 1.11.x < 1.11.9 / 1.12.x < 1.12.7 / 1.13.x < 1.13.5 kubectl directory traversal

The version of Kubernetes installed on the remote host is version 1.11.x prior to 1.11.9, 1.12.x prior to 1.12.7 or 1.13.x prior to 1.13.5. It is, therefore, affected by a directory traversal vulnerability in the kubectl cp command due to mishandling of symlinks when copying files from a running...

6.4CVSS6.8AI score0.13164EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2019/08/27 12:0 a.m.45 views

Fedora Update for kubernetes FEDORA-2019-2b8ef08c95

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.2CVSS7.2AI score0.61139EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2019/08/26 12:0 a.m.46 views

Fedora 30 : kubernetes (2019-2b8ef08c95)

Update to v1.15.2 + carry upstream 81330 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

8.2CVSS6.1AI score0.61139EPSS
Exploits2References7
Veracode
Veracode
added 2019/08/06 1:38 a.m.68 views

Directory Traversal

github.com/kubernetes/kubernetes is vulnerable to directory traversal. The vulnerability exists as a malicious container can replace or create files on a user's workstation. The vulnerability is due to incomplete fixes of CVE-2019-1002101 and CVE-2019-11246...

6.5CVSS4AI score0.13164EPSS
Exploits2References11Affected Software23
RedHat Linux
RedHat Linux
added 2019/06/27 4:59 p.m.3 views

kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

6.5CVSS7AI score0.13164EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/19 2:45 p.m.36 views

Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1002101 DESCRIPTION: Kubernetes could allow a remote attacker to traverse directories on the system, caused by the improper handling of symlinks. By persuading a victim to use the kubectl cp...

6.4CVSS1.2AI score0.13164EPSS
Exploits2Affected Software1
Oracle linux
Oracle linux
added 2019/04/13 12:0 a.m.277 views

kubernetes security update

1.10.5-2.5.4 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.10.5-2.4.4 - CVE-2019-1002101 kubectl fix potential directory traversal 1.10.5-2.3.4 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000 - Fixup kubeadm-setup.s...

7.5CVSS2.3AI score0.13164EPSS
Exploits2
Oracle linux
Oracle linux
added 2019/04/13 12:0 a.m.293 views

kubernetes security update

1.11.3-2.5.2 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.11.3-2.4.2 - CVE-2019-1002101 kubectl fix potential directory traversal 1.11.3-2.3.2 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000...

7.5CVSS2.3AI score0.13164EPSS
Exploits2
Oracle linux
Oracle linux
added 2019/04/13 12:0 a.m.284 views

kubernetes security update

1.9.11-2.5.1 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.9.11-2.4.1 - CVE-2019-1002101 kubectl fix potential directory traversal 1.9.11-2.3.1 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000 - Fixup kubeadm-setup.s...

7.5CVSS2.3AI score0.13164EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2019/04/01 2:29 p.m.45 views

CVE-2019-1002101

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could r...

6.4CVSS6.8AI score0.13164EPSS
Exploits2References2
CVE
CVE
added 2019/04/01 2:14 p.m.207 views

CVE-2019-1002101

Summary (CVE-2019-1002101): The kubectl cp path traversal vulnerability arises when copying files from a container to the user machine. Kubernetes creates a tar inside the container, which is streamed and unpacked on the user side; if the container’s tar binary is malicious, it can run code and c...

6.4CVSS5.9AI score0.13164EPSS
Exploits2References11Affected Software1
Rows per page
Query Builder