137 matches found
kubernetes kubeadm-ha-setup kubernetes-cni kubernetes-cni-plugins security update
kubernetes 1.12.10-1.0.12 - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager kubeadm-ha-setup 0.0.2-1.0.70 - Enhance image tag read to depend on kubeadm-registry.sh for CVE release...
DEBIAN-CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
UBUNTU-CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
Server side request forgery (ssrf)
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
Google Kubernetes Cross-Site Request Forgery Vulnerability
Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A security vulnerability exists in...
PT-2020-20206
Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to 1.15.12 Kubernetes versions prior to 1.16.9 Kubernetes versions prior to 1.17.5 Kubernetes versions 1.0 through 1.14 Kubernetes version 1.18.0 Description The issue allows certain authorized users to leak up to 500...
Denial Of Service (DOS)
github.com/openshift/kubernetes is vulnerable to denial of service DoS attacks. This exists in controller manager when creating/deleting pods containing tolerations. A privileged user can access the controller manager to create/delete pods allowing an application to crash...
Remote Code Execution (RCE)
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...
Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...
CVE-2017-14973
IDenticard Two-Reader Controller Configuration Manager 1.18.8 396 is vulnerable to Stored Cross-Site Scripting XSS via the notes field in /userhandler?file=loggedin.shtm aka the edit user page...
CVE-2017-14973
IDenticard Two-Reader Controller Configuration Manager 1.18.8 396 is vulnerable to Stored Cross-Site Scripting XSS via the notes field in /userhandler?file=loggedin.shtm aka the edit user page...
CVE-2017-12222
A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service DoS condition. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco IOS XE Software Denial of Service Vulnerability (CNVD-2017-34214)
The Cisco Catalyst 3650 and 3850 switches are both switch products from Cisco, Inc.IOS XE Software is one of the operating systems used for network devices. wireless controller manager is one of the wireless controller management programs. A denial of service vulnerability exists in the wireless...