apk package
wolfi/k3d-proxy
pkg:apk/wolfi/k3d-proxy
Vulnerabilities (150)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11254 | Med | 6.5 | < 5.6.0-r11 | 5.6.0-r11 | Apr 1, 2020 | The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. | |
| CVE-2020-7919 | Hig | 7.5 | < 5.6.0-r11 | 5.6.0-r11 | Mar 16, 2020 | Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | |
| CVE-2020-9283 | Hig | 7.5 | < 5.6.0-r11 | 5.6.0-r11 | Feb 20, 2020 | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | |
| CVE-2020-7219 | Hig | 7.5 | < 5.6.0-r11 | 5.6.0-r11 | Jan 31, 2020 | HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. | |
| CVE-2019-9514 | Hig | 7.5 | < 5.6.0-r11 | 5.6.0-r11 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer | |
| CVE-2019-9512 | Hig | 7.5 | < 5.6.0-r11 | 5.6.0-r11 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consum | |
| CVE-2019-11841 | Med | 5.9 | < 5.6.0-r11 | 5.6.0-r11 | May 22, 2019 | A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" A | |
| CVE-2019-11840 | Med | 5.9 | < 5.6.0-r11 | 5.6.0-r11 | May 9, 2019 | An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 G | |
| CVE-2019-9764 | Hig | 7.4 | < 5.6.0-r11 | 5.6.0-r11 | Mar 26, 2019 | HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4. | |
| CVE-2018-19653 | Med | 5.9 | < 5.6.0-r11 | 5.6.0-r11 | Dec 9, 2018 | HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade. |
- affected < 5.6.0-r11fixed 5.6.0-r11
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
- affected < 5.6.0-r11fixed 5.6.0-r11
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
- affected < 5.6.0-r11fixed 5.6.0-r11
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
- affected < 5.6.0-r11fixed 5.6.0-r11
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
- affected < 5.6.0-r11fixed 5.6.0-r11
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer
- affected < 5.6.0-r11fixed 5.6.0-r11
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consum
- affected < 5.6.0-r11fixed 5.6.0-r11
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" A
- affected < 5.6.0-r11fixed 5.6.0-r11
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 G
- affected < 5.6.0-r11fixed 5.6.0-r11
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.
- affected < 5.6.0-r11fixed 5.6.0-r11
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
Page 8 of 8