RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Important: Red Hat Security Advisory: OpenShift Container Platform 3.10 atomic-openshift security update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kubernetes security update

1.9.11-2.5.1 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.9.11-2.4.1 - CVE-2019-1002101 kubectl fix potential directory traversal 1.9.11-2.3.1 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000 - Fixup kubeadm-setup.s...

kubernetes security update

1.11.3-2.5.2 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.11.3-2.4.2 - CVE-2019-1002101 kubectl fix potential directory traversal 1.11.3-2.3.2 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000...

UBUNTU-CVE-2019-1002100

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

DEBIAN-CVE-2019-1002100

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

Google Kubernetes Denial of Service Vulnerability

Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. There is a security vulnerability ...

Denial Of Service (DoS)

github.com/kubernetes/kubernetes is vulnerable to denial of service. A user who is authorized to make patch requests to the Kubernetes API Server can send malicious patches of type json-patch to cause the server to consume excessive amounts of resources during processing, resulting in a denial of...

Out-Of-Bounds Write

json-patch is affected by an out-of-bounds write vulnerability. This is due to a lack of index checking of the idx parameter in patch.go, which could allow an attacker to cause a denial of service condition...

@adobe/adobe-photoshop-api-sdk (>=1.1.0 <=1.1.1), @adobe/aio-lib-analytics (=2.0.0) +23 more potentially affected by unknown CVE via fast-json-patch (>=2.0.4 <=2.1.0)

fast-json-patch NPM version =2.0.4, =1.1.0, =2.0.3, =1.0.3, =1.0.3, =0.0.4-beta.1, =2.0.2, =1.2.2, =0.3.0, =0.1.0, =2.1.32, =1.0.0, =1.2.3 and more Source cves: unknown CVE Source advisory: SNYK:JS-FASTJSONPATCH-595663...

Prototype Pollution

Overview fast-json-patch is a leaner and meaner implementation of JSON-Patch. Affected versions of this package are vulnerable to Prototype Pollution via applyPatch and applyOperation in fast-json-patch.js. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution...

Out-Of-Bounds Write

json-patch is affected by an out-of-bounds write vulnerability. This is due to a lack of index checking of the idx parameter in patch.go, which could allow an attacker to cause a denial of service condition...

Spring data rest 远程代码执行(cve-2017-8046)

漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器，使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制，编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本： Spring...