rpm package
suse/kubevirt&distro=SUSE Linux Enterprise Module for Containers 15 SP3
pkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1798 | Hig | 8.7 | < 0.49.0-150300.8.13.1 | 0.49.0-150300.8.13.1 | Sep 15, 2022 | A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not | |
| CVE-2021-43565 | Hig | 7.5 | < 0.45.0-8.7.1 | 0.45.0-8.7.1 | Sep 6, 2022 | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. | |
| CVE-2022-1996 | Cri | 9.1 | < 0.49.0-150300.8.13.1 | 0.49.0-150300.8.13.1 | Jun 8, 2022 | Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. | |
| CVE-2022-29162 | Med | 5.9 | < 0.49.0-150300.8.13.1 | 0.49.0-150300.8.13.1 | May 17, 2022 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme | |
| CVE-2021-20286 | Low | 2.7 | < 0.40.0-5.11.2 | 0.40.0-5.11.2 | Mar 15, 2021 | A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. |
- affected < 0.49.0-150300.8.13.1fixed 0.49.0-150300.8.13.1
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not
- affected < 0.45.0-8.7.1fixed 0.45.0-8.7.1
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
- affected < 0.49.0-150300.8.13.1fixed 0.49.0-150300.8.13.1
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
- affected < 0.49.0-150300.8.13.1fixed 0.49.0-150300.8.13.1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme
- affected < 0.40.0-5.11.2fixed 0.40.0-5.11.2
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.