PhotonPHSA-2022-3.0-0364

HistoryFeb 28, 2022 - 12:00 a.m.

Critical Photon OS Security Update - PHSA-2022-3.0-0364

Vulners
Photon
Critical Photon OS Security Update - PHSA-2022-3.0-0364

2022-02-2800:00:00

github.com

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Updates of [‘cassandra’, ‘go’, ‘freetype2’] packages of Photon OS have been released.

OSVersionArchitecturePackageVersionFilename
Photon3.0x86_64freetype2-devel< 2.9.1-2.ph3freetype2-devel-2.9.1-2.ph3.x86_64.rpm
Photon3.0x86_64freetype2< 2.9.1-2.ph3freetype2-2.9.1-2.ph3.x86_64.rpm
Photon3.0x86_64go< 1.17.2-4.ph3go-1.17.2-4.ph3.x86_64.rpm
Photon3.0x86_64go-md2man< 2.0.0-11.ph3go-md2man-2.0.0-11.ph3.x86_64.rpm
Photon3.0x86_64cassandra< 3.11.12-1.ph3cassandra-3.11.12-1.ph3.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Photon	3.0	x86_64	freetype2-devel	< 2.9.1-2.ph3	freetype2-devel-2.9.1-2.ph3.x86_64.rpm
Photon	3.0	x86_64	freetype2	< 2.9.1-2.ph3	freetype2-2.9.1-2.ph3.x86_64.rpm
Photon	3.0	x86_64	go	< 1.17.2-4.ph3	go-1.17.2-4.ph3.x86_64.rpm
Photon	3.0	x86_64	go-md2man	< 2.0.0-11.ph3	go-md2man-2.0.0-11.ph3.x86_64.rpm
Photon	3.0	x86_64	cassandra	< 3.11.12-1.ph3	cassandra-3.11.12-1.ph3.x86_64.rpm

photon 7

openvas 21

nessus 49

suse 4

altlinux 1

redhat 8

amazon 3

ibm 16

mageia 1

freebsd 3

oraclelinux 3

osv 17

debian 4

cve 5

checkpoint_advisories 2

nvd 3

prion 4

redhatcve 3

thn 2

cnvd 1

veracode 4

githubexploit 5

almalinux 1

rocky 1

hivepro 1

cvelist 3

github 2

cbl_mariner 5

ubuntucve 3

alpinelinux 3

gitlab 3

centos 1

fedora 3

ubuntu 1

f5 1

gentoo 1

slackware 1

debiancve 2

cloudfoundry 1

photon

Critical Photon OS Security Update - PHSA-2022-0364

2022-02-22 00:00:00

Critical Photon OS Security Update - PHSA-2022-4.0-0159

2022-03-07 00:00:00

Critical Photon OS Security Update - PHSA-2022-0159

2022-03-02 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2022:0723-1)

2022-03-05 00:00:00

openSUSE: Security Advisory for go1.17 (openSUSE-SU-2022:0723-1)

2022-03-05 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0724-1)

2022-03-05 00:00:00

nessus

FreeBSD : go -- multiple vulnerabilities (096ab080-907c-11ec-bb14-002324b2fba8)

2022-02-18 00:00:00

SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2022:0724-1)

2022-03-05 00:00:00

RHEL 8 : Release of OpenShift Serverless Client kn 1.22.1 (Moderate) (RHSA-2022:4860)

2024-04-28 00:00:00

suse

Security update for go1.16 (important)

2022-03-04 00:00:00

Security update for go1.17 (important)

2022-03-04 00:00:00

Security update for freetype2 (important)

2020-10-25 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.7-alt1

2022-02-11 00:00:00

redhat

(RHSA-2022:4860) Moderate: Release of OpenShift Serverless Client kn 1.22.1

2022-06-01 09:10:05

(RHSA-2022:4863) Moderate: Release of OpenShift Serverless Version 1.22.1

2022-06-01 12:07:22

(RHSA-2022:6094) Moderate: OpenShift Container Platform 4.10.28 packages and security update

2022-08-23 18:05:37

amazon

Medium: golang

2023-02-15 00:23:00

Important: golang

2022-07-06 03:11:00

Important: freetype

2020-12-08 20:55:00

ibm

Security Bulletin: A security vulnerability in golang affects IBM Cloud Automation Manager

2022-03-15 17:37:28

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2022-23772, CVE-2022-23773, CVE-2022-23806)

2022-04-22 21:06:28

Security Bulletin: Multiple vulnerabilities in the Golang language affect IBM Event Streams

2022-07-12 14:53:51

mageia

Updated golang packages fix security vulnerability

2022-03-08 02:10:22

freebsd

go -- multiple vulnerabilities

2022-02-10 00:00:00

cassandra3 -- arbitrary code execution

2022-02-11 00:00:00

freetype2 -- heap buffer overlfow

2020-10-20 00:00:00

oraclelinux

go-toolset:ol8addon security update

2022-06-08 00:00:00

go-toolset:ol8 security and bug fix update

2022-05-17 00:00:00

freetype security update

2020-11-06 00:00:00

osv

golang-1.7 - security update

2022-04-28 00:00:00

golang-1.8 - security update

2022-04-28 00:00:00

BIT-cassandra-2021-44521

2024-03-06 10:50:58

debian

[SECURITY] [DLA 2986-1] golang-1.8 security update

2022-04-28 09:57:43

[SECURITY] [DLA 2985-1] golang-1.7 security update

2022-04-28 09:57:28

[SECURITY] [DSA 4777-1] freetype security update

2020-10-21 19:00:07

cve

CVE-2021-44521

2022-02-11 13:15:07

CVE-2022-23773

2022-02-11 01:15:07

CVE-2020-15999

2020-11-03 03:15:14

checkpoint_advisories

Apache Cassandra Remote Code Execution (CVE-2021-44521)

2022-03-10 00:00:00

Google Chrome Memory Corruption (CVE-2020-15999)

2020-10-24 00:00:00

nvd

CVE-2021-44521

2022-02-11 13:15:07

CVE-2022-23773

2022-02-11 01:15:07

CVE-2022-23772

2022-02-11 01:15:07

prion

Code injection

2022-02-11 13:15:00

Design/Logic Flaw

2022-02-11 01:15:00

Heap overflow

2020-11-03 03:15:00

redhatcve

CVE-2021-44521

2022-02-12 02:23:21

CVE-2022-23773

2022-02-11 14:03:04

CVE-2022-23772

2022-02-11 13:49:27

thn

High-Severity RCE Security Bug Reported in Apache Cassandra Database Software

2022-02-16 05:18:00

New Chrome 0-day Under Active Attacks – Update Your Browser Now

2020-10-21 16:26:00

cnvd

Apache Cassandra Code Injection Vulnerability

2022-02-15 00:00:00

veracode

Remote Code Execution (RCE)

2022-02-14 04:33:14

Heap Buffer Overflow

2020-11-05 03:17:59

Denial Of Service (DoS)

2022-02-14 08:28:54

githubexploit

Exploit for Code Injection in Apache Cassandra

2022-02-24 11:07:34

Exploit for Interpretation Conflict in Golang Go

2023-03-19 10:08:47

Exploit for Out-of-bounds Write in Google Chrome

2020-10-28 16:16:25

almalinux

Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

rocky

go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

hivepro

Apache Cassandra database affected by easily exploitable Remote code execution

2022-02-18 12:40:54

cvelist

CVE-2021-44521 Remote code execution for scripted UDFs

2022-02-11 12:20:12

CVE-2020-15999

2020-11-03 00:00:00

CVE-2022-23773

2022-02-11 00:16:08

github

Apache Cassandra vulnerable to Code Injection due to unsafe configuration

2022-02-12 00:00:48

Heap buffer overflow in CefSharp

2020-10-27 19:47:38

cbl_mariner

CVE-2022-23773 affecting package golang for versions less than 1.17.8-1

2022-04-26 19:57:46

CVE-2022-23806 affecting package golang 1.17.13-2

2022-02-25 01:45:48

CVE-2020-15999 affecting package freetype for versions less than 2.11.1-1

2022-04-09 06:51:42

ubuntucve

CVE-2022-23772

2022-02-11 00:00:00

CVE-2022-23806

2022-02-11 00:00:00

CVE-2022-23773

2022-02-11 00:00:00

alpinelinux

CVE-2022-23773

2022-02-11 01:15:07

CVE-2022-23806

2022-02-11 01:15:07

CVE-2022-23772

2022-02-11 01:15:07

gitlab

Out-of-bounds Write

2020-10-27 00:00:00

Out-of-bounds Write

2020-10-27 00:00:00

Out-of-bounds Write

2020-10-27 00:00:00

centos

freetype security update

2020-11-06 21:57:09

fedora

[SECURITY] Fedora 32 Update: freetype-2.10.4-1.fc32

2020-10-25 01:21:04

[SECURITY] Fedora 31 Update: freetype-2.10.0-4.fc31

2020-11-07 01:28:39

[SECURITY] Fedora 33 Update: freetype-2.10.4-1.fc33

2020-10-25 01:01:39

ubuntu

FreeType vulnerability

2020-10-20 00:00:00

K000133070 : Freetype vulnerability CVE-2020-15999

2023-03-20 00:00:00

gentoo

Opera: Multiple Vulnerabilities

2024-01-15 00:00:00

slackware

[slackware-security] freetype

2020-10-20 22:26:01

debiancve

CVE-2022-23806

2022-02-11 01:15:07

CVE-2022-23773

2022-02-11 01:15:07

cloudfoundry

USN-4593-1: FreeType vulnerability | Cloud Foundry

2020-11-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for PHSA-2022-3.0-0364