rpm package
suse/kubevirt&distro=SUSE Linux Enterprise Module for Containers 15 SP3
pkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1798 | — | < 0.49.0-150300.8.13.1 | 0.49.0-150300.8.13.1 | Sep 15, 2022 | A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not | ||
| CVE-2021-43565 | — | < 0.45.0-8.7.1 | 0.45.0-8.7.1 | Sep 6, 2022 | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. | ||
| CVE-2022-1996 | — | < 0.49.0-150300.8.13.1 | 0.49.0-150300.8.13.1 | Jun 6, 2022 | Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. | ||
| CVE-2022-29162 | — | < 0.49.0-150300.8.13.1 | 0.49.0-150300.8.13.1 | May 17, 2022 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme | ||
| CVE-2021-20286 | — | < 0.40.0-5.11.2 | 0.40.0-5.11.2 | Mar 15, 2021 | A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. |
- CVE-2022-1798Sep 15, 2022affected < 0.49.0-150300.8.13.1fixed 0.49.0-150300.8.13.1
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not
- CVE-2021-43565Sep 6, 2022affected < 0.45.0-8.7.1fixed 0.45.0-8.7.1
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
- CVE-2022-1996Jun 6, 2022affected < 0.49.0-150300.8.13.1fixed 0.49.0-150300.8.13.1
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
- CVE-2022-29162May 17, 2022affected < 0.49.0-150300.8.13.1fixed 0.49.0-150300.8.13.1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme
- CVE-2021-20286Mar 15, 2021affected < 0.40.0-5.11.2fixed 0.40.0-5.11.2
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.