Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:2183
HistoryMay 11, 2022 - 11:27 a.m.

(RHSA-2022:2183) Moderate: Release of containers for OSP 16.2.z director operator tech preview

2022-05-1111:27:13
access.redhat.com
39
osp 16.2.z
director operator
golang
kubernetes
containerd
cve-2019-11253
cve-2019-19794
cve-2020-15257
cve-2021-29482
cve-2021-32760
unix domain socket
cvss score

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.019

Percentile

88.5%

JSON

Release osp-director-operator images

Security Fix(es):

  • golang: kubernetes: YAML parsing vulnerable to “Billion Laughs” attack, allowing for remote (CVE-2019-11253)
  • golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)
  • golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)
  • golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
  • golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Related

nessus 43
osv 20
redhat 17
virtuozzo 2
cve 4
veracode 4
github 7
nvd 5
redhatcve 6
debiancve 4
ubuntucve 5
prion 4
cvelist 5
gitlab 1
alpinelinux 4
ibm 12
symantec 1
openvas 20
archlinux 2
attackerkb 2
photon 4
fedora 4
wolfi 2
ubuntu 3
cgr 2
githubexploit 1
amazon 1
oraclelinux 4
cbl_mariner 3
checkpoint_advisories 1
suse 2
rocky 1
f5 1
debian 1
slackware 1
nessus
nessus
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.2298)
2022-09-27 00:00:00
RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-cni (RHSA-2020:2870)
2020-07-07 00:00:00
RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus (RHSA-2020:2863)
2020-07-07 00:00:00
osv
osv
Insecure generation of random numbers in github.com/miekg/dns
2021-04-14 20:04:52
miekg/dns insecurely generates random numbers
2021-05-18 21:09:13
Improper random number generation in github.com/coredns/coredns
2022-03-01 21:03:11
redhat
redhat
(RHSA-2022:2268) Moderate: OpenShift Container Platform 4.7.51 security update
2022-05-25 11:53:12
(RHSA-2022:2265) Moderate: OpenShift Container Platform 4.6.58 security and extras update
2022-05-26 12:49:14
(RHSA-2022:5026) Moderate: OpenShift Virtualization 4.10.2 Images security and bug fix update
2022-06-14 13:20:22
virtuozzo
virtuozzo
Virtuozzo Hybrid Infrastructure 4.7 Update 1.4 (4.7.1-53)
2022-05-25 00:00:00
Virtuozzo Hybrid Infrastructure 5.0 Update 1.3 (5.0.1-57)
2022-05-25 00:00:00
cve
cve
CVE-2019-19794
2019-12-13 22:15:11
CVE-2020-15257
2020-12-01 03:15:11
CVE-2019-11253
2019-10-17 16:15:10
veracode
veracode
Insecure Random Generator
2019-12-16 06:41:19
Denial Of Service (DoS)
2021-04-29 02:58:39
Privilege Escalation
2020-12-04 16:29:12
github
github
Improper random number generation in github.com/coredns/coredns
2022-03-01 21:03:11
miekg/dns insecurely generates random numbers
2021-05-18 21:09:13
XML Entity Expansion and Improper Input Validation in Kubernetes API server
2021-05-18 15:38:48
nvd
nvd
CVE-2019-19794
2019-12-13 22:15:11
CVE-2019-11253
2019-10-17 16:15:10
CVE-2020-15257
2020-12-01 03:15:11
redhatcve
redhatcve
CVE-2019-19794
2020-11-05 11:59:31
CVE-2021-29482
2021-04-29 09:24:07
CVE-2020-15257
2020-12-01 09:00:09
debiancve
debiancve
CVE-2019-19794
2019-12-13 22:15:11
CVE-2019-11253
2019-10-17 16:15:10
CVE-2020-15257
2020-12-01 03:15:11
ubuntucve
ubuntucve
CVE-2019-19794
2019-12-13 00:00:00
CVE-2019-11253
2019-10-17 00:00:00
CVE-2020-15257
2020-11-30 00:00:00
prion
prion
Design/Logic Flaw
2019-12-13 22:15:00
Input validation
2019-10-17 16:15:00
Code injection
2020-12-01 03:15:00
cvelist
cvelist
CVE-2019-19794
2019-12-13 21:46:59
CVE-2020-15257 containerd-shim API Exposed to Host Network Containers
2020-12-01 02:30:16
CVE-2019-11253 Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack
2019-09-27 00:00:00
gitlab
gitlab
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
2021-05-18 00:00:00
alpinelinux
alpinelinux
CVE-2019-11253
2019-10-17 16:15:10
CVE-2020-15257
2020-12-01 03:15:11
CVE-2021-32760
2021-07-19 21:15:07
ibm
ibm
Security Bulletin: Open Source Security issues for NPS service provider
2020-12-11 07:12:00
Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes(CVE-2019-11253)
2020-01-02 17:44:12
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2019-11253)
2019-10-25 16:46:16
symantec
symantec
Kubernetes API Server CVE-2019-11253 Denial of Service Vulnerability
2019-09-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4653-2)
2022-08-26 00:00:00
Fedora: Security Advisory for containerd (FEDORA-2020-baeb8dbaea)
2020-12-10 00:00:00
Huawei EulerOS: Security Advisory for kata-containers (EulerOS-SA-2021-1264)
2021-02-05 00:00:00
archlinux
archlinux
[ASA-202012-8] containerd: privilege escalation
2020-12-05 00:00:00
[ASA-202107-70] containerd: directory traversal
2021-07-27 00:00:00
attackerkb
attackerkb
Kubectl/API Server YAML parsing vulnerable to "Billion Laughs" Attack
2019-10-17 00:00:00
CVE-2020-15257
2020-12-01 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0301
2020-12-02 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0168
2020-12-02 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0064
2021-07-20 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: containerd-1.4.3-1.fc33
2020-12-10 01:15:52
[SECURITY] Fedora 34 Update: containerd-1.5.5-1.fc34
2021-08-25 19:58:15
[SECURITY] Fedora 36 Update: rsync-3.2.3-15.fc36
2022-05-07 05:00:30
wolfi
wolfi
CVE-2020-15257 vulnerabilities
2024-07-26 21:09:29
CVE-2021-32760 vulnerabilities
2024-07-26 21:09:29
ubuntu
ubuntu
containerd vulnerability
2021-01-13 00:00:00
containerd vulnerability
2020-11-30 00:00:00
containerd vulnerabilities
2021-07-20 00:00:00
cgr
cgr
CVE-2020-15257 vulnerabilities
2024-05-19 03:07:16
CVE-2021-32760 vulnerabilities
2024-05-19 03:07:16
githubexploit
githubexploit
Exploit for Incorrect Resource Transfer Between Spheres in Linuxfoundation Containerd
2020-12-07 08:47:09
amazon
amazon
Important: containerd
2020-11-20 17:29:00
oraclelinux
oraclelinux
containerd security update
2020-12-03 00:00:00
containerd security update
2021-07-23 00:00:00
containerd security update
2021-07-23 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-32760 affecting package moby-containerd 1.4.4+azure-6
2021-07-21 23:46:29
CVE-2021-32760 affecting package moby-containerd for versions less than 1.4.4+azure-4
2022-04-09 06:51:56
CVE-2022-1154 affecting package vim for versions less than 8.2.4743-1
2022-04-26 20:17:05
checkpoint_advisories
checkpoint_advisories
Kubernetes API Server Denial Of Service (CVE-2019-11253)
2019-12-26 00:00:00
suse
suse
Security update for containerd (moderate)
2021-07-20 00:00:00
Security update for containerd (moderate)
2021-07-24 00:00:00
rocky
rocky
vim security update
2022-04-26 13:49:40
f5
f5
K21548854 : zlib vulnerability CVE-2018-25032
2022-05-19 00:00:00
debian
debian
[SECURITY] [DLA 2968-1] zlib security update
2022-04-02 21:16:08
slackware
slackware
[slackware-security] zlib
2022-03-28 19:37:07

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.019

Percentile

88.5%

JSON
Related for RHSA-2022:2183
nessus43osv20redhat17virtuozzo2cve4veracode4github7nvd5redhatcve6debiancve4ubuntucve5prion4cvelist5gitlab1alpinelinux4ibm12symantec1openvas20archlinux2attackerkb2photon4fedora4wolfi2ubuntu3cgr2githubexploit1amazon1oraclelinux4cbl_mariner3checkpoint_advisories1suse2rocky1f51debian1slackware1