Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC2FBE434FDED9DC756BE855E33C9AD8C0A5B759539A8AEC3235DE5AFDA3E29EF
HistoryDec 11, 2020 - 7:10 a.m.

Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.

2020-12-1107:10:49
www.ibm.com
11

0.601 Medium

EPSS

Percentile

97.8%

JSON

Summary

Fixed OSS issus for listed CVEs.

Vulnerability Details

CVEID:CVE-2020-7919
**DESCRIPTION:**Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178227 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-11248
**DESCRIPTION:**Kubernetes could allow a remote attacker to obtain sensitive information, caused by the exposure of the debugging endpoint /debug/pprof by default on Kubelet healthz port. An attacker could exploit this vulnerability to obtain internal Kubelet memory addresses and configuration or cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164836 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID:CVE-2019-11253
**DESCRIPTION:**The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168618 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-11254
**DESCRIPTION:**Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178935 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Netezza for Cloud Pak for Data All

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Netezza for Cloud Pak for Data 11.1.1.0 Link to Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak for dataeq11.1.1.0

Related

ibm 38
cvelist 4
redhatcve 4
nuclei 1
debiancve 4
hackerone 2
nvd 4
osv 13
veracode 4
gitlab 3
alpinelinux 2
nessus 28
redhat 15
fedora 2
ubuntucve 4
photon 14
prion 4
openvas 5
cve 4
attackerkb 1
github 4
symantec 1
cgr 2
wolfi 2
broadcom 1
checkpoint_advisories 1
mageia 1
threatpost 4
oraclelinux 5
debian 1
f5 1
kitploit 1
oracle 1
ibm
ibm
Security Bulletin: Open Source Security issues for AWS storage layer in NPS.
2020-12-10 11:16:05
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerability (CVE-2019-11248)
2019-08-19 15:22:49
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11248)
2019-11-23 16:46:30
cvelist
cvelist
CVE-2019-11248 Kubernetes kubelet exposes /debug/pprof info on healthz port
2019-08-06 00:00:00
CVE-2020-7919
2020-03-16 20:55:31
CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads
2020-03-31 00:00:00
redhatcve
redhatcve
CVE-2019-11248
2020-04-09 12:44:01
CVE-2020-7919
2020-04-03 20:00:02
CVE-2019-11254
2020-04-01 00:32:01
nuclei
nuclei
Debug Endpoint pprof - Exposure Detection
2020-08-19 14:33:23
debiancve
debiancve
CVE-2019-11248
2019-08-29 01:15:11
CVE-2019-11254
2020-04-01 21:15:13
CVE-2020-7919
2020-03-16 21:15:12
hackerone
hackerone
8x8: CVE-2019-11248 on http://█.█.█.█:9100/debug/pprof/goroutine
2022-06-20 20:44:54
Engel & Völkers Technology GmbH: CVE-2019-11248 on alertmanager.ev-cloud-platform.engelvoelkers.com
2021-02-12 17:37:56
nvd
nvd
CVE-2019-11248
2019-08-29 01:15:11
CVE-2019-11253
2019-10-17 16:15:10
CVE-2019-11254
2020-04-01 21:15:13
osv
osv
CVE-2019-11248
2019-08-29 01:15:11
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
2023-02-08 00:35:27
CVE-2019-11254
2020-04-01 21:15:13
veracode
veracode
Information Disclosure
2019-08-08 00:52:28
Denial Of Service (DoS)
2020-04-02 03:17:51
Denial Of Service (DoS)
2019-10-02 02:49:42
gitlab
gitlab
Improper Certificate Validation
2021-06-23 00:00:00
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
2021-05-18 00:00:00
Excessive Platform Resource Consumption within a Loop in Kubernetes
2021-12-20 00:00:00
alpinelinux
alpinelinux
CVE-2020-7919
2020-03-16 21:15:12
CVE-2019-11253
2019-10-17 16:15:10
nessus
nessus
Photon OS 2.0: Go PHSA-2020-2.0-0238
2020-05-05 00:00:00
RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-cni (RHSA-2020:2870)
2020-07-07 00:00:00
RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus (RHSA-2020:2863)
2020-07-07 00:00:00
redhat
redhat
(RHSA-2020:2863) Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus security update
2020-07-07 19:20:43
(RHSA-2020:2870) Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-cni security update
2020-07-07 21:08:32
(RHSA-2019:3132) Important: OpenShift Container Platform 4.1.20 openshift security update
2019-10-16 15:24:10
fedora
fedora
[SECURITY] Fedora 31 Update: golang-1.13.9-1.fc31
2020-04-09 18:19:14
[SECURITY] Fedora 30 Update: kubernetes-1.15.2-1.fc30
2019-08-26 00:53:13
ubuntucve
ubuntucve
CVE-2020-7919
2020-03-16 00:00:00
CVE-2019-11248
2019-08-29 00:00:00
CVE-2019-11253
2019-10-17 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0087
2020-05-09 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0238
2020-05-02 00:00:00
Important Photon OS Security Update - PHSA-2019-0031
2019-09-27 00:00:00
prion
prion
Code injection
2020-03-16 21:15:00
Default configuration
2019-08-29 01:15:00
Input validation
2019-10-17 16:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0173)
2022-01-28 00:00:00
Fedora: Security Advisory for golang (FEDORA-2020-12bc5b5597)
2020-04-12 00:00:00
Debian: Security Advisory (DSA-4848-1)
2021-02-10 00:00:00
cve
cve
CVE-2019-11248
2019-08-29 01:15:11
CVE-2019-11254
2020-04-01 21:15:13
CVE-2019-11253
2019-10-17 16:15:10
attackerkb
attackerkb
Kubectl/API Server YAML parsing vulnerable to "Billion Laughs" Attack
2019-10-17 00:00:00
github
github
XML Entity Expansion and Improper Input Validation in Kubernetes API server
2021-05-18 15:38:48
Excessive Platform Resource Consumption within a Loop in Kubernetes
2021-12-20 16:55:06
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
2023-02-08 00:35:27
symantec
symantec
Kubernetes API Server CVE-2019-11253 Denial of Service Vulnerability
2019-09-27 00:00:00
cgr
cgr
CVE-2019-11254 vulnerabilities
2024-05-19 03:07:16
CVE-2020-7919 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2019-11254 vulnerabilities
2024-07-03 09:08:38
CVE-2020-7919 vulnerabilities
2024-07-03 09:08:38
broadcom
broadcom
YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML (CVE-2019-11254)
2023-11-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Kubernetes API Server Denial Of Service (CVE-2019-11253)
2019-12-26 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2020-04-15 13:12:14
threatpost
threatpost
ThreatList: One-Third of Firms Say Their Container Security Lags
2018-11-23 13:00:48
Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
2019-10-17 14:25:39
Public Bug Bounty Takes Aim at Kubernetes Container Project
2020-01-14 17:00:28
oraclelinux
oraclelinux
olcne kubernetes security update
2020-04-17 00:00:00
kubernetes-cni-plugins kubernetes-cni kubernetes olcne security update
2020-06-12 00:00:00
kubernetes kubeadm-ha-setup kubeadm-upgrade security update
2020-04-17 00:00:00
debian
debian
[SECURITY] [DSA 4848-1] golang-1.11 security update
2021-02-08 21:24:09
f5
f5
K000134748 : Kubernetes vulnerabilities CVE-2019-1002100, CVE-2019-11254, CVE-2017-1002101, and CVE-2017-1002102
2023-05-23 00:00:00
kitploit
kitploit
Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures
2021-06-04 21:30:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

0.601 Medium

EPSS

Percentile

97.8%

JSON
Related for C2FBE434FDED9DC756BE855E33C9AD8C0A5B759539A8AEC3235DE5AFDA3E29EF
ibm38cvelist4redhatcve4nuclei1debiancve4hackerone2nvd4osv13veracode4gitlab3alpinelinux2nessus28redhat15fedora2ubuntucve4photon14prion4openvas5cve4attackerkb1github4symantec1cgr2wolfi2broadcom1checkpoint_advisories1mageia1threatpost4oraclelinux5debian1f51kitploit1oracle1