Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEF38988A8ADFAFD600C0AFEBC1A1C334BFCA6536F9015788D929A5A8036B9536
HistoryFeb 09, 2021 - 9:54 a.m.

Security Bulletin: Vulnerabilities in psutil, python, and Golang affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

2021-02-0909:54:48
www.ibm.com
33

0.005 Low

EPSS

Percentile

77.5%

JSON

Summary

Vulnerabilities in psutil, python and Golang Go may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift.

Vulnerability Details

CVEID:CVE-2019-18874
**DESCRIPTION:**psutil is vulnerable to a denial of service, caused by a double free. By using specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-29652
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the golang.org/x/crypto/ssh component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193622 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-26116
**DESCRIPTION:**Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control characters in the first argument of HTTPConnection.request, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2020-28362
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by improper input validation by the math/big.Int methods. By sending a specially-crafted inputs, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191976 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Plus Container backup and restore for Kubernetes 10.1.5-10.1.7
IBM Spectrum Protect Plus Container backup and restore for OpenShift 10.1.7

Remediation/Fixes

IBM Spectrum Protect Plus Release First Fixing VRM Level Platform Link to Fix
10.1 10.1.7 ifix2
(10.1.7.2)
Linux https://www.ibm.com/support/pages/node/6330495

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum protect pluseq10.1

Related

redhatcve 4
veracode 5
fedora 6
osv 18
freebsd 1
cve 4
openvas 31
rocky 2
cvelist 4
mageia 1
ubuntucve 4
prion 5
nessus 54
redhat 9
debian 1
ubuntu 2
almalinux 2
cbl_mariner 4
cgr 1
github 3
ibm 10
oraclelinux 2
altlinux 1
nvd 4
alpinelinux 2
debiancve 4
arista 1
gitlab 2
wolfi 1
amazon 3
photon 3
f5 1
cloudfoundry 1
suse 2
hackerone 1
redhatcve
redhatcve
CVE-2020-29652
2020-12-17 20:48:54
CVE-2019-18874
2019-11-13 13:08:07
CVE-2020-28362
2021-07-25 09:33:47
veracode
veracode
Denial Of Service (DoS)
2020-12-18 10:28:37
Arbitrary Code Execution
2019-11-13 03:53:48
Denial Of Service (DoS)
2020-12-19 07:20:18
fedora
fedora
[SECURITY] Fedora 30 Update: python-psutil-5.6.7-1.fc30
2020-02-25 14:39:38
[SECURITY] Fedora 31 Update: python-psutil-5.6.7-1.fc31
2020-03-11 22:46:54
[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-7.fc32
2020-11-17 01:14:12
osv
osv
PYSEC-2019-41
2019-11-12 02:15:00
Double Free in psutil
2020-03-12 17:02:50
Moderate: python-psutil security update
2021-11-09 09:01:04
freebsd
freebsd
py-psutil -- double free vulnerability
2019-11-12 00:00:00
cve
cve
CVE-2019-18874
2019-11-12 02:15:10
CVE-2020-29652
2020-12-17 05:15:10
CVE-2020-28362
2020-11-18 17:15:11
openvas
openvas
Debian: Security Advisory (DLA-1998-1)
2019-11-26 00:00:00
Fedora: Security Advisory for python-psutil (FEDORA-2020-a06ebafad8)
2020-02-28 00:00:00
Fedora: Security Advisory for python-psutil (FEDORA-2020-021fb887ac)
2020-03-12 00:00:00
rocky
rocky
python-psutil security update
2021-11-09 09:01:04
container-tools:rhel8 security, bug fix, and enhancement update
2021-05-18 06:06:39
cvelist
cvelist
CVE-2019-18874
2019-11-12 01:30:29
CVE-2020-28362
2020-11-18 16:27:38
CVE-2020-29652
2020-12-17 04:12:17
mageia
mageia
Updated python-psutil packages fix security vulnerability
2019-12-06 17:15:42
ubuntucve
ubuntucve
CVE-2020-29652
2020-12-17 00:00:00
CVE-2019-18874
2019-11-12 00:00:00
CVE-2020-28362
2020-11-18 00:00:00
prion
prion
Null pointer dereference
2020-12-17 05:15:00
Double free
2019-11-12 02:15:00
Denial of service
2020-11-18 17:15:00
nessus
nessus
Debian DLA-1998-1 : python-psutil security update
2019-11-20 00:00:00
Rocky Linux 8 : python-psutil (RLSA-2021:4324)
2023-11-07 00:00:00
RHEL 8 : python-psutil (RHSA-2021:4324)
2021-11-11 00:00:00
redhat
redhat
(RHSA-2020:2635) Moderate: OpenShift Container Platform 4.3.26 python-psutil security update
2020-06-23 19:26:29
(RHSA-2020:2593) Moderate: OpenShift Container Platform 4.2.36 python-psutil security update
2020-07-01 15:50:50
(RHSA-2021:4324) Moderate: python-psutil security update
2021-11-09 09:01:04
debian
debian
[SECURITY] [DLA 1998-1] python-psutil security update
2019-11-18 18:55:02
ubuntu
ubuntu
psutil vulnerability
2019-11-28 00:00:00
Python vulnerability
2020-10-14 00:00:00
almalinux
almalinux
Moderate: python-psutil security update
2021-11-09 09:01:04
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2021-05-18 06:06:39
cbl_mariner
cbl_mariner
CVE-2019-18874 affecting package python-psutil 5.6.3-4
2021-08-11 06:39:26
CVE-2019-18874 affecting package python-psutil for versions less than 5.9.0-1
2022-04-09 06:51:53
CVE-2020-28362 affecting package golang 1.13.15-2
2021-07-08 21:56:48
cgr
cgr
CVE-2020-29652 vulnerabilities
2024-05-19 03:07:16
github
github
Double Free in psutil
2020-03-12 17:02:50
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
2022-05-24 22:01:25
Denial of service in go-ethereum due to CVE-2020-28362
2021-06-29 21:13:54
ibm
ibm
Security Bulletin: Security vulnerability affects IBM Cloud Object Storage SDK Python (January 2020 Bulletin)
2020-01-17 16:59:43
Security Bulletin: Vulnerability in psutil affects IBM Spectrum Protect Plus backup and restore of Db2 and MongoDB databases (CVE-2019-18874)
2021-02-09 09:53:06
Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager.
2021-02-17 16:50:42
oraclelinux
oraclelinux
python-psutil security update
2021-11-16 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2021-05-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package python-module-psutil version 5.7.0-alt1
2020-04-17 00:00:00
nvd
nvd
CVE-2019-18874
2019-11-12 02:15:10
CVE-2020-28362
2020-11-18 17:15:11
CVE-2020-29652
2020-12-17 05:15:10
alpinelinux
alpinelinux
CVE-2019-18874
2019-11-12 02:15:10
CVE-2020-28362
2020-11-18 17:15:11
debiancve
debiancve
CVE-2019-18874
2019-11-12 02:15:10
CVE-2020-28362
2020-11-18 17:15:11
CVE-2020-29652
2020-12-17 05:15:10
arista
arista
Security Advisory 0062
2021-03-29 00:00:00
gitlab
gitlab
Nil Pointer Dereference
2020-12-17 00:00:00
NULL Pointer Dereference
2022-05-24 00:00:00
wolfi
wolfi
CVE-2020-29652 vulnerabilities
2024-06-29 09:08:33
amazon
amazon
Medium: python27, python34, python35
2020-11-16 17:59:00
Medium: python
2021-06-16 20:37:00
Medium: python3
2021-06-16 20:37:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0332
2020-10-14 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0289
2020-10-14 00:00:00
Important Photon OS Security Update - PHSA-2020-0332
2020-10-14 00:00:00
f5
f5
K000133759 : Python vulnerability CVE-2020-26116
2023-05-08 00:00:00
cloudfoundry
cloudfoundry
USN-4581-1: Python vulnerability | Cloud Foundry
2020-11-19 00:00:00
suse
suse
Security update for python (moderate)
2020-11-21 00:00:00
Security update for python (moderate)
2020-11-07 00:00:00
hackerone
hackerone
Ruby: 'net/http': HTTP Header Injection in the set_content_type method
2021-04-19 09:25:39

0.005 Low

EPSS

Percentile

77.5%

JSON
Related for EF38988A8ADFAFD600C0AFEBC1A1C334BFCA6536F9015788D929A5A8036B9536
redhatcve4veracode5fedora6osv18freebsd1cve4openvas31rocky2cvelist4mageia1ubuntucve4prion5nessus54redhat9debian1ubuntu2almalinux2cbl_mariner4cgr1github3ibm10oraclelinux2altlinux1nvd4alpinelinux2debiancve4arista1gitlab2wolfi1amazon3photon3f51cloudfoundry1suse2hackerone1