Security Bulletin: Due to the use of Python setuptools IBM Foundationdb Operator is vulunerable for denial of service attack

Summary IBM Database Operator for FoundationDB contains Python setuptools internally CVE-2022-40897 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package o...

Security Bulletin: Due to use of golang.org/x/text, IBM Database Operator for Foundationdb is vulnerable to denial of service attack.

Summary IBM Database Operator for FoundationDB contains golang.org/x/text internally CVE-2021-38561 Vulnerability Details CVEID:CVE-2021-38561 DESCRIPTION: golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index...

Security Bulletin: IBM FoundationDB Operator Vulnerable to kube-apiserver vulnerability (CVE-2022-3172)

Summary IBM FoundationDB Operator addressed kube-apiserver vulnerability. Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing...

Security Bulletin: Go Vulnerabilities affect IBM IBM Database Operator for FoundationDB (CVE-2022-27191, CVE-2021-43565)

Summary The issue has been fixed as part of Cloud Pak for Data release 4.6 Vulnerability Details CVEID:CVE-2022-27191 DESCRIPTION: Go ssh package is vulnerable to a denial of service, caused by an unspecified flaw in certain circumstances involving AddHostKey. By sending a specially-crafted...

Security Bulletin: FDB

Summary The library is included as part of the GO installed and not directly affect the product in any means. The go version has been updated since then and has been fixed. This only affect pre-CPD 4.5 Vulnerability Details CVEID:CVE-2022-21698 DESCRIPTION: Prometheus Go client library clientgola...