rpm package
suse/etcd&distro=SUSE Package Hub 15 SP6
pkg:rpm/suse/etcd&distro=SUSE%20Package%20Hub%2015%20SP6
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-48795 | Med | 5.9 | < 3.5.12-bp156.4.3.1 | 3.5.12-bp156.4.3.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2023-47108 | — | < 3.5.12-bp156.4.3.1 | 3.5.12-bp156.4.3.1 | Nov 10, 2023 | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. | ||
| CVE-2021-28235 | — | < 3.5.12-bp156.4.3.1 | 3.5.12-bp156.4.3.1 | Apr 4, 2023 | Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. | ||
| CVE-2020-15106 | — | < 3.5.12-bp156.4.3.1 | 3.5.12-bp156.4.3.1 | Aug 5, 2020 | In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that | ||
| CVE-2019-11254 | — | < 3.5.12-bp156.4.3.1 | 3.5.12-bp156.4.3.1 | Apr 1, 2020 | The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. |
- affected < 3.5.12-bp156.4.3.1fixed 3.5.12-bp156.4.3.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2023-47108Nov 10, 2023affected < 3.5.12-bp156.4.3.1fixed 3.5.12-bp156.4.3.1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality.
- CVE-2021-28235Apr 4, 2023affected < 3.5.12-bp156.4.3.1fixed 3.5.12-bp156.4.3.1
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
- CVE-2020-15106Aug 5, 2020affected < 3.5.12-bp156.4.3.1fixed 3.5.12-bp156.4.3.1
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that
- CVE-2019-11254Apr 1, 2020affected < 3.5.12-bp156.4.3.1fixed 3.5.12-bp156.4.3.1
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.