Lucene search
K

67 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/07/22 5:36 p.m.37 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2020-8559)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that could enable a privilege escalation from a compromised node CVE-2020-8559 Vulnerability Details CVEID: CVE-2020-8559 Description: Kubernetes kube-apiserver could allow a remote...

6.8CVSS0.1AI score0.061EPSS
Exploits3Affected Software1
OSV
OSV
added 2020/07/22 2:15 p.m.1 views

DEBIAN-CVE-2020-8559

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise...

6.8CVSS6.7AI score0.061EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2020/07/13 4:46 p.m.3 views

kubernetes: Denial of service in API server via crafted YAML payloads by authorized users

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS7.3AI score0.0236EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/18 9:12 p.m.8 views

kubernetes: Denial of service in API server via crafted YAML payloads by authorized users

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS7.3AI score0.0236EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/04/09 11:26 a.m.37 views

CVE-2019-10165

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources...

2.3CVSS4.5AI score0.00384EPSS
Exploits0References3
OSV
OSV
added 2020/04/01 9:15 p.m.4 views

AZL-44445 CVE-2019-11254 affecting package podman for versions less than 5.6.1-2

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS6.9AI score0.0236EPSS
Exploits0References1
OSV
OSV
added 2020/04/01 9:15 p.m.4 views

AZL-44904 CVE-2019-11254 affecting package delve 1.5.0-16

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS6.9AI score0.0236EPSS
Exploits0References1
OSV
OSV
added 2020/04/01 9:15 p.m.6 views

AZL-44808 CVE-2019-11254 affecting package buildah for versions less than 1.41.4-2

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS6.9AI score0.0236EPSS
Exploits0References1
OSV
OSV
added 2020/04/01 9:15 p.m.4 views

AZL-41568 CVE-2019-11254 affecting package packer 1.9.5-13

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS6.9AI score0.0236EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/04/01 9:15 p.m.52 views

CVE-2019-11254

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS6.8AI score0.0236EPSS
Exploits0References3
OSV
OSV
added 2020/04/01 9:15 p.m.3 views

UBUNTU-CVE-2019-11254

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS6.8AI score0.0236EPSS
Exploits0References4
OSV
OSV
added 2020/03/27 3:15 p.m.2 views

DEBIAN-CVE-2020-8552

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

4.3CVSS5.7AI score0.02428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/23 12:0 a.m.5 views

PT-2020-20204 · Kubernetes +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.15.9 Kubernetes versions 1.16.0 through 1.16.6 Kubernetes versions 1.17.0 through 1.17.2 Description: The Kubernetes API server component has been found to be vulnerable to a denial of service attack via...

8.8CVSS6.1AI score0.03679EPSS
Exploits5References35
RedhatCVE
RedhatCVE
added 2019/12/17 8:41 p.m.40 views

CVE-2018-1002102

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...

2.6CVSS4.1AI score0.00618EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/25 4:46 p.m.37 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2019-11253)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that exposes it to a denial of service attack via malicious YAML or JSON payloads CVE-2019-11253 Vulnerability Details CVE-ID: CVE-2019-11253 Description: The Kubernetes API server is...

7.5CVSS0.25939EPSS
Exploits2Affected Software1
OSV
OSV
added 2019/10/17 4:15 p.m.1 views

DEBIAN-CVE-2019-11253

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

7.5CVSS6.3AI score0.25939EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2019/10/17 4:15 p.m.32 views

CVE-2019-11253

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

7.5CVSS6.8AI score0.25939EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2019/10/10 12:9 a.m.30 views

CVE-2019-1002100

A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service. Mitigation Remove ‘patch’ permissions from untruste...

6.5CVSS4.1AI score0.10606EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/03 10:50 p.m.35 views

Security Bulletin: A Security Vulnerability Has Been Identified In IBM Cloud Private shipped with IBM Cloud Private for Data - CVE-ID: CVE-2018-1002105

Summary IBM Cloud Private is shipped with IBM Cloud Private for Data. Information about a security vulnerability affecting IBM Cloud Private has been published in a security bulletin. Vulnerability Details Refer to the security bulletin listed in the Remediation/Fixes section Affected Products an...

1.1AI score0.86978EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/03 10:50 p.m.53 views

Security Bulletin: IBM Cloud Private for Data is affected by a privilege escalation vulnerability in Kubernetes API server

Summary IBM Cloud Private for Data is affected by a security vulnerability in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation. Vulnerability Details CVEID: CVE-2018-1002105 DESCRIPTION: Kubernetes could allow a...

9.8CVSS1.5AI score0.86978EPSS
Exploits10Affected Software1
Rows per page
Query Builder