CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2019-11255 – Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation
https://notcve.org/view.php?id=CVE-2019-11255
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. Una comprobación de entrada inapropiada en contenedores sidecar de Kubernetes CSI para external-provisioner (versiones anteriores a v0.4.3, versiones anteriores a v1.0.2, v1.1, versiones anteriores a v1.2.2, versiones anteriores a v1.3.1), external-snapshotter (versiones anteriores a v0.4.2, versiones anteriores a v1. 0.2, v1.1, versiones anteriores a 1.2.2) y external-resizer (versiones v0.1, v0.2), podrían resultar en el acceso no autorizado a los datos PersistentVolume o la mutación del volumen durante una imagen instantánea, una restauración desde una imagen instantánea, la clonación y el cambio de tamaño. • https://access.redhat.com/errata/RHSA-2019:4054 https://access.redhat.com/errata/RHSA-2019:4096 https://access.redhat.com/errata/RHSA-2019:4099 https://access.redhat.com/errata/RHSA-2019:4225 https://github.com/kubernetes/kubernetes/issues/85233 https://groups.google.com/forum/#%21topic/kubernetes-security-announce/aXiYN0q4uIw https://security.netapp.com/advisory/ntap-20200810-0003 https://access.redhat.com/security/cve/CVE-2019-11255 https://bugzilla.redhat.com/show_bug.cgi?id=1 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-14854 – library-go: Secret data written to static pod logs when operator set at Debug level or higher
https://notcve.org/view.php?id=CVE-2019-14854
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. OpenShift Container Platform versión 4, no sanea los datos secretos escritos en registros pod estáticos cuando el nivel de registro en un operador dado es establecido en Debug o superior. Un usuario poco privilegiado podría leer registros pod para detectar material secreto si el nivel de registro ya ha sido modificado en un operador por parte de un usuario privilegiado. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14854 https://access.redhat.com/security/cve/CVE-2019-14854 https://bugzilla.redhat.com/show_bug.cgi?id=1758953 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14891 – cri-o: infra container reparented to systemd following OOM Killer killing it's conmon
https://notcve.org/view.php?id=CVE-2019-14891
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. Se encontró un fallo en cri-o, como un resultado de que todos los procesos relacionados con pod están colocados en el mismo grupo de memoria. Esto puede resultar en que se eliminen los procesos de administración de contenedores (conmon) si un proceso de carga de trabajo desencadena una condición de falta de memoria (OOM) para el cgroup. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891 https://access.redhat.com/security/cve/CVE-2019-14891 https://bugzilla.redhat.com/show_bug.cgi?id=1772280 • CWE-460: Improper Cleanup on Thrown Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1589EXPL: 0CVE-2018-12207 – hw: Machine Check Error on Page Size Change (IFU)
https://notcve.org/view.php?id=CVE-2018-12207
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Una invalidación inapropiada de las actualizaciones de la tabla de páginas por parte de un sistema operativo invitado virtual para múltiples procesadores Intel® puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio del sistema host por medio de un acceso local. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html https://access.redhat.com/errata/RHSA-2019:3916 https://access.redhat.com/errata/RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3941 https://access.redhat.com/errata/RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0204 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW https:/&#x • CWE-20: Improper Input Validation CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •