Kubernetes API Server - YAML Parsing DoS (Billion Laughs)

The Kubernetes API server is vulnerable to a denial of service attack via YAML/JSON parsing. An attacker can send a specially crafted YAML/JSON payload that causes exponential memory consumption Billion Laughs attack, leading to API server crash. id: CVE-2019-11253 info: name: Kubernetes API Serv...

RHCOS 4 : OpenShift Container Platform 4.1.20 openshift (RHSA-2019:3132)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3132 advisory. - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service CVE-2019-11253 Note that Nessus has not...

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. - kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal CVE-2019-11249 -...

Security Bulletin: IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253.

Summary IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a local...

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.

Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2018-17847 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an index out of...

GHSA-74FP-R6JW-H4MP Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing

CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. When creating a ConfigMap object which has...

Moderate: Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview

Red Hat OpenStack Platform 16.2 Train director Operator containers are available for technology preview. Release osp-director-operator images Security Fixes: golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote CVE-2019-11253 golang: golang-github-miekg-dns:...

Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.

Summary Fixed OSS issus for listed CVEs. Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. CVSS Base score: 7.5 CVSS Temporal Score:...

Security Bulletin: Open Source Security issues for AWS storage layer in NPS.

Summary Fixed OSS issue for listed CVEs. AWS storage later in NPS. Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. CVSS Base score...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0 servicemesh-cni security update

An update for servicemesh-cni is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus security update

An update for servicemesh-prometheus is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana (RHSA-2020:2861)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2861 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus (RHSA-2020:2863)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2863 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift...

RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-cni (RHSA-2020:2870)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2870 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.1 servicemesh-operator security update

An update for servicemesh-operator is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh servicemesh-grafana security update

An update for servicemesh-grafana is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh servicemesh-cni security update

An update for servicemesh-cni is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

RHEL 8 : Red Hat OpenShift Service Mesh 1.1 servicemesh-operator (RHSA-2020:2795)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2795 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372), Docker (CVE-2019-17149, CVE-2019-17150), Kubernetes (CVE-2019-11245, CVE-2019-11253, CVE-2019-1022

Summary Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372, Docker CVE-2019-17149, CVE-2019-17150, Kubernetes CVE-2019-11245, CVE-2019-11253, CVE-2019-10223, CVE-2019-17110 Vulnerability Details...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Kubernetes (CVE-2019-17110, CVE-2019-10223, CVE-2019-11253)

Summary Security Vulnerabilities affect IBM Cloud Private - Kubernetes Vulnerability Details CVEID: CVE-2019-17110 DESCRIPTION: A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0 and v1.7.1 that enabled annotations to be exposed a...