| Bug | sid | Description |
|---|
| CVE-2019-9946 | undetermined | Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ... |
| CVE-2019-11253 | vulnerable | Kubectl/API Server YAML parsing vulnerable to "Billion Laughs" Attack |
| CVE-2019-11250 | vulnerable | The Kubernetes client-go library logs request headers at verbosity lev ... |
| CVE-2019-11248 | vulnerable | The debugging endpoint /debug/pprof is exposed over the unauthenticate ... |
| CVE-2019-11247 | vulnerable | The Kubernetes kube-apiserver mistakenly allows access to a cluster-sc ... |
| CVE-2019-1002100 | vulnerable | In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, use ... |
| CVE-2018-1002105 | vulnerable | In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, in ... |
| CVE-2018-1002100 | vulnerable | In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to versio ... |
| Bug | Description |
|---|
| CVE-2019-11251 | kubectl cp allows for arbitrary file write via double symlinks |
| CVE-2019-11249 | The kubectl cp command allows copying files between containers and the ... |
| CVE-2019-11246 | The kubectl cp command allows copying files between containers and the ... |
| CVE-2019-11245 | In kubelet v1.13.6 and v1.14.2, containers for pods that do not specif ... |
| CVE-2019-11244 | In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the ... |
| CVE-2019-11243 | In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientCon ... |
| CVE-2019-1002101 | The kubectl cp command allows copying files between containers and the ... |
| CVE-2018-1002101 | In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, ... |
| CVE-2017-1002102 | In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ... |
| CVE-2017-1002101 | In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ... |
| CVE-2017-1002100 | Default access permissions for Persistent Volumes (PVs) created by the ... |
| CVE-2017-1000056 | Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ... |
| CVE-2016-7075 | It was found that Kubernetes as used by Openshift Enterprise 3 did not ... |
| CVE-2016-1906 | Openshift allows remote attackers to gain privileges by updating a bui ... |
| CVE-2016-1905 | The API server in Kubernetes does not properly check admission control ... |
| CVE-2015-7528 | Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitr ... |
| CVE-2015-5305 | Directory traversal vulnerability in Kubernetes, as used in Red Hat Op ... |