Export limit exceeded: 367295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367295 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8569 | 1 Kubernetes | 1 Container Storage Interface Snapshotter | 2024-11-21 | 4.3 Medium |
| Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected. | ||||
| CVE-2020-8568 | 1 Kubernetes | 1 Secrets Store Csi Driver | 2024-11-21 | 5.8 Medium |
| Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets. | ||||
| CVE-2020-8567 | 3 Google, Hashicorp, Microsoft | 3 Secret Manager Provider For Secret Store Csi Driver, Vault Provider For Secrets Store Csi Driver, Azure Key Vault Provider For Secrets Store Csi Driver | 2024-11-21 | 4.9 Medium |
| Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. | ||||
| CVE-2020-8566 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.7 Medium |
| In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13. | ||||
| CVE-2020-8565 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift Container Storage, Openshift Data Foundation | 2024-11-21 | 4.7 Medium |
| In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. | ||||
| CVE-2020-8564 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.7 Medium |
| In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13. | ||||
| CVE-2020-8563 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.7 Medium |
| In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. | ||||
| CVE-2020-8559 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 6.4 Medium |
| The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. | ||||
| CVE-2020-8558 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 5.4 Medium |
| The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. | ||||
| CVE-2020-8557 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 5.5 Medium |
| The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. | ||||
| CVE-2020-8555 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-11-21 | 6.3 Medium |
| The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). | ||||
| CVE-2020-8553 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | 5.9 Medium |
| The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name. | ||||
| CVE-2020-8552 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-11-21 | 5.3 Medium |
| The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. | ||||
| CVE-2020-8551 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. | ||||
| CVE-2020-8549 | 1 Wpchill | 1 Strong Testimonials | 2024-11-21 | 6.1 Medium |
| Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. | ||||
| CVE-2020-8548 | 1 Masscode | 1 Masscode | 2024-11-21 | 6.1 Medium |
| massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). | ||||
| CVE-2020-8547 | 1 Phplist | 1 Phplist | 2024-11-21 | 9.8 Critical |
| phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-8545 | 1 Circl | 1 Ail Framework | 2024-11-21 | 7.5 High |
| Global.py in AIL framework 2.8 allows path traversal. | ||||
| CVE-2020-8544 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.5 Medium |
| OX App Suite through 7.10.3 allows SSRF. | ||||
| CVE-2020-8543 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.5 High |
| OX App Suite through 7.10.3 has Improper Input Validation. | ||||