Network observability is an OpenShift operator that provides a monitoring
pipeline to collect and enrich network flows that are produced by the
Network observability eBPF agent.

The operator provides dashboards, metrics, and keeps flows accessible in a
queryable log store, Grafana Loki. When a FlowCollector is deployed, new
dashboards are available in the Console.

Security Fix(es):

network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced (CVE-2023-0813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

ibm 14

redhat 10

trellix 2

f5 1

oraclelinux 5

gentoo 3

ics 2

openvas 40

rocky 3

nessus 66

aix 1

osv 9

debian 2

amazon 1

almalinux 3

fedora 6

apple 2

rapid7blog 2

kaspersky 2

qualysblog 1

wizblog 1

fortinet 1

altlinux 1

mageia 1

ubuntu 1

cloudlinux 2

suse 1

redos 1

checkpoint_advisories 1

talosblog 1

cisa 1

cisco 1

ubuntucve 1

freebsd 1

arista 1

intel 1

hivepro 2

photon 1

amd 1

nvidia 1

akamaiblog 1

rosalinux 1

ibm

Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libxml2, expat, libtasn1 and systemd

2023-01-25 16:27:43

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities

2023-04-28 18:25:19

Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

2022-12-15 17:59:22

redhat

(RHSA-2023:1181) Moderate: Release of OpenShift Serverless 1.27.1

2023-03-09 16:21:55

(RHSA-2023:1079) Moderate: Red Hat OpenStack Platform 16.2 (osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container) security update

2023-03-06 15:41:14

(RHSA-2022:7288) Important: openssl security update

2022-11-01 18:25:07

trellix

The Bug Report – November 2022 Edition

2022-12-07 00:00:00

The Bug Report – November 2022 Edition

2022-12-07 00:00:00

OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602

2022-10-28 17:31:00

oraclelinux

openssl security update

2022-11-01 00:00:00

openssl security update

2022-11-17 00:00:00

openssl security update

2022-11-01 00:00:00

gentoo

OpenSSL: Multiple Vulnerabilities

2022-11-01 00:00:00

libxml2: Multiple Vulnerabilities

2022-10-31 00:00:00

libksba: Remote Code Execution

2022-12-28 00:00:00

ics

Hitachi Energy PCU400

2023-01-19 12:00:00

Siemens Products affected by OpenSSL 3.0

2022-12-15 12:00:00

openvas

Fedora: Security Advisory for openssl (FEDORA-2022-0f1d2e0537)

2022-11-03 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1365)

2023-02-10 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1510)

2023-03-09 00:00:00

rocky

openssl security update

2022-11-01 18:25:07

libxml2 security update

2023-01-23 14:30:36

libxml2 security update

2023-01-16 09:03:23

nessus

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-1041)

2023-01-05 00:00:00

EulerOS Virtualization 2.9.1 : libxml2 (EulerOS-SA-2023-1626)

2023-04-27 00:00:00

AlmaLinux 9 : libxml2 (ALSA-2023:0338)

2023-01-25 00:00:00

aix

AIX is vulnerable to arbitrary code execution due to libxml2

2023-02-08 13:18:47

osv

Moderate: libxml2 security update

2023-01-16 00:00:00

Moderate: libxml2 security update

2023-01-23 00:00:00

Moderate: libxml2 security update

2023-01-16 09:03:23

debian

[SECURITY] [DLA 3172-1] libxml2 security update

2022-10-30 15:57:58

[SECURITY] [DSA 5271-1] libxml2 security update

2022-11-05 19:46:29

amazon

Medium: libxml2

2023-03-17 16:34:00

almalinux

Moderate: libxml2 security update

2023-01-23 00:00:00

Moderate: libxml2 security update

2023-01-16 00:00:00

Important: openssl security update

2022-11-01 00:00:00

fedora

[SECURITY] Fedora 36 Update: libxml2-2.10.3-1.fc36

2022-10-25 13:13:35

[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37

2022-11-02 02:01:31

[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37

2022-11-13 01:14:14

apple

About the security content of iOS 16.1.1 and iPadOS 16.1.1

2022-11-09 00:00:00

About the security content of macOS Ventura 13.0.1

2022-11-09 00:00:00

rapid7blog

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

2022-11-11 13:41:22

CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed

2022-11-01 16:38:53

kaspersky

KLA20037 Multiple vulnerabilities in Microsoft Open Source Software

2022-11-02 00:00:00

KLA20036 Multiple vulnerabilities in Microsoft Azure

2022-11-02 00:00:00

qualysblog

Qualys Research Alert: OpenSSL 3.0.7 – What You Need To Know

2022-10-31 14:15:52

wizblog

OpenSSL vulnerabilities: Everything you need to know

2022-10-29 04:11:46

fortinet

Protect

2022-10-28 00:00:00

altlinux

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.10-alt6.p9.1

2023-02-13 00:00:00

mageia

Updated libxml2 packages fix security vulnerability

2022-11-08 22:44:28

ubuntu

libxml2 vulnerabilities

2022-12-05 00:00:00

cloudlinux

libksba: Fix of 2 CVEs

2023-12-01 15:38:16

libxml2: Fix of 2 CVEs

2022-12-08 17:47:57

suse

Security update for libxml2 (important)

2022-10-21 00:00:00

redos

ROS-20221110-01

2022-11-10 00:00:00

checkpoint_advisories

OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786)

2022-11-03 00:00:00

talosblog

Threat Advisory: High Severity OpenSSL Vulnerabilities

2022-11-01 19:03:49

cisa

OpenSSL Releases Security Update

2022-11-01 00:00:00

cisco

Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022

2022-10-28 16:00:00

ubuntucve

CVE-2022-3786

2022-11-01 00:00:00

freebsd

OpenSSL -- Buffer overflows in Email verification

2022-11-01 00:00:00

arista

Security Advisory 0081

2022-11-01 00:00:00

intel

Intel® Software Products Advisory for OpenSSL Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) Advisory

2023-02-02 00:00:00

hivepro

Patch available for pre-announced Critical Vulnerability in OpenSSL

2022-11-02 07:27:54

Apple addresses the macOS code execution flaws

2022-11-11 13:49:02

photon

Important Photon OS Security Update - PHSA-2022-0272

2022-11-02 00:00:00

amd

OpenSSL Vulnerabilities

2023-08-08 00:00:00

nvidia

Security Notice: NVIDIA Response to OpenSSL Vulnerabilities - November 2022

2022-11-01 00:00:00

akamaiblog

An update on the impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on Akamai's systems

2022-11-07 10:00:00

rosalinux

Advisory ROSA-SA-2023-2170

2023-06-20 10:21:17

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.062 Low

EPSS

Percentile

93.5%

JSON

Related for RHSA-2023:0786