RHCOS 4 : OpenShift Container Platform 4.3.12 podman (RHSA-2020:1396)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1396 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 - buildah: Crafted input tar file may...

CVE-2022-25168

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

The vulnerability in the software infrastructure of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a attacker to disclose protected information.

The vulnerability of Cisco Enterprise NFV Infrastructure Software’s web portal software is related to errors during the validation of tar-format input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...