Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:2216
HistoryMay 11, 2022 - 6:39 p.m.

(RHSA-2022:2216) Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.4.1

2022-05-1118:39:10
access.redhat.com
44

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.9%

JSON

Logging Subsystem 5.4.1 - Red Hat OpenShift

Security Fix(es):

  • netty-codec: Bzip2Decoder doesn’t allow setting size restrictions for decompressed data (CVE-2021-37136)

  • netty-codec: SnappyFrameDecoder doesn’t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)

  • netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

  • prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 33
nessus 71
oraclelinux 8
osv 14
rocky 4
amazon 3
centos 2
debian 4
suse 5
altlinux 2
almalinux 4
cloudlinux 1
mageia 1
ubuntu 2
ibm 43
f5 1
kaspersky 1
redhat
redhat
(RHSA-2022:2217) Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7
2022-05-11 20:28:26
(RHSA-2022:2218) Moderate: Openshift Logging Security and Bug update Release (5.2.10)
2022-05-11 19:47:56
(RHSA-2022:1713) Moderate: security update for rh-sso-7/sso75-openshift-rhel8 container image
2022-05-04 13:18:30
nessus
nessus
Amazon Corretto Java 8.x < 8.332.08.1 Multiple Vulnerabilities
2022-04-19 00:00:00
RHEL 7 : java-11-openjdk (RHSA-2022:1440)
2022-04-20 00:00:00
Oracle Linux 9 : java-1.8.0-openjdk (ELSA-2022-2137)
2022-07-07 00:00:00
oraclelinux
oraclelinux
java-11-openjdk security update
2022-04-20 00:00:00
java-11-openjdk security, bug fix, and enhancement update
2022-04-20 00:00:00
java-1.8.0-openjdk security update
2022-06-30 00:00:00
osv
osv
openjdk-8 - security update
2022-05-14 00:00:00
openjdk-lts vulnerabilities
2022-04-26 11:49:20
Important: java-11-openjdk security update
2022-04-20 12:24:01
rocky
rocky
java-1.8.0-openjdk security update
2022-04-25 15:17:09
java-11-openjdk security update
2022-04-20 12:24:01
java-17-openjdk security and bug fix update
2022-04-20 12:21:21
amazon
amazon
Important: java-11-amazon-corretto
2022-04-25 22:55:00
Important: java-11-amazon-corretto
2022-04-25 23:48:00
Important: java-17-amazon-corretto
2022-04-25 23:54:00
centos
centos
java security update
2022-05-13 17:30:46
java security update
2022-05-13 17:34:53
debian
debian
[SECURITY] [DLA 3006-1] openjdk-8 security update
2022-05-14 09:20:52
[SECURITY] [DSA 5128-1] openjdk-17 security update
2022-05-03 21:01:53
[SECURITY] [DSA 5131-1] openjdk-11 security update
2022-05-05 17:16:55
suse
suse
Security update for java-1_8_0-openjdk (important)
2022-07-22 00:00:00
Security update for java-11-openjdk (important)
2022-05-03 00:00:00
Security update for java-1_8_0-ibm (important)
2022-08-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.15.0.10-alt1_1jpp11
2022-07-14 00:00:00
Security fix for the ALT Linux 10 package java-1.8.0-openjdk version 0:1.8.0.332.b09-alt0_0.1.eajpp8
2022-04-27 00:00:00
almalinux
almalinux
Important: java-1.8.0-openjdk security update
2022-04-25 15:17:09
Important: java-11-openjdk security update
2022-04-20 12:24:01
Important: java-17-openjdk security and bug fix update
2022-04-20 12:21:21
cloudlinux
cloudlinux
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21426, CVE-2022-21496
2022-06-02 12:59:09
mageia
mageia
Updated java packages fix security vulnerability
2022-07-16 22:58:20
ubuntu
ubuntu
OpenJDK vulnerabilities
2022-04-26 00:00:00
OpenJDK vulnerabilities
2022-04-26 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
2022-10-06 04:51:40
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
2022-06-01 10:50:29
Security Bulletin: IBM Sterling Transformation Extender vulnerable to multiple issues due to IBM SDK, Java Technology Edition
2023-01-30 17:29:11
f5
f5
K32172755 : Multiple Java vulnerabilities CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476 and CVE-2022-21496
2022-05-27 00:00:00
kaspersky
kaspersky
KLA12516 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-04-19 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.9%

JSON
Related for RHSA-2022:2216
redhat33nessus71oraclelinux8osv14rocky4amazon3centos2debian4suse5altlinux2almalinux4cloudlinux1mageia1ubuntu2ibm43f51kaspersky1