Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift_container_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/torvalds/linux • https://github.com/Perl/perl5 • https://github.com/evanphx/json-patch • https://github.com/ansible/ansible |
| #Vulnerabilities | 237 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-01 | CVE-2021-20291 | A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using... | Fedora, Enterprise_linux, Openshift_container_platform, Storage | 6.5 | ||
| 2021-05-14 | CVE-2020-27833 | A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory,... | Openshift_container_platform | 7.1 | ||
| 2021-05-26 | CVE-2021-20297 | A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | Fedora, Networkmanager, Enterprise_linux, Openshift_container_platform | 5.5 | ||
| 2021-06-02 | CVE-2020-14336 | A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability. | Openshift_container_platform | 6.5 | ||
| 2021-06-02 | CVE-2021-3529 | A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. | Noobaa\-Operator, Openshift_container_platform | 7.1 | ||
| 2021-12-14 | CVE-2021-4104 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached... | Log4j, Fedora, Advanced_supply_chain_planning, Business_intelligence, Business_process_management_suite, Communications_eagle_ftp_table_base_retrieval, Communications_messaging_server, Communications_network_integrity, Communications_offline_mediation_controller, Communications_unified_inventory_management, E\-Business_suite_cloud_manager_and_cloud_backup_module, Enterprise_manager_base_platform, Financial_services_revenue_management_and_billing_analytics, Fusion_middleware_common_libraries_and_tools, Goldengate, Healthcare_data_repository, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Identity_management_suite, Jdeveloper, Mysql_enterprise_monitor, Retail_allocation, Retail_extract_transform_and_load, Stream_analytics, Timesten_grid, Tuxedo, Utilities_testing_accelerator, Weblogic_server, Codeready_studio, Enterprise_linux, Integration_camel_k, Integration_camel_quarkus, Jboss_a\-Mq, Jboss_a\-Mq_streaming, Jboss_data_grid, Jboss_data_virtualization, Jboss_enterprise_application_platform, Jboss_fuse, Jboss_fuse_service_works, Jboss_operations_network, Jboss_web_server, Openshift_application_runtimes, Openshift_container_platform, Process_automation, Single_sign\-On, Software_collections | 7.5 | ||
| 2022-02-09 | CVE-2022-0532 | An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | Cri\-O, Openshift_container_platform | 4.2 | ||
| 2022-02-16 | CVE-2021-3560 | It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Ubuntu_linux, Debian_linux, Polkit, Openshift_container_platform, Virtualization, Virtualization_host | 7.8 | ||
| 2022-03-02 | CVE-2022-0711 | A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. | Debian_linux, Haproxy, Enterprise_linux, Openshift_container_platform, Software_collections | 7.5 | ||
| 2022-03-02 | CVE-2021-3631 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. | Ontap_select_deploy_administration_utility, Enterprise_linux, Libvirt, Openshift_container_platform | 6.3 |