Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:0260
HistoryJan 25, 2022 - 1:47 p.m.

(RHSA-2022:0260) Important: Red Hat OpenStack Platform 16.1 (etcd) security update

2022-01-2513:47:55
access.redhat.com
28
red hat openstack platform
etcd
security update
highly-available
key value store
net/http
net
crypto/tls
vulnerabilities

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.006

Percentile

78.8%

JSON

A highly-available key value store for shared configuration

Security Fix(es):

  • net/http: limit growth of header canonicalization cache (CVE-2021-44716)

  • net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)

  • crypto/tls: certificate of wrong type is causing TLS client to panic
    (CVE-2021-34558)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Related

redhat 20
nessus 41
cbl_mariner 29
debiancve 3
cve 3
ibm 14
almalinux 2
osv 13
ubuntucve 3
rocky 2
oraclelinux 2
redhatcve 4
openvas 18
prion 3
alpinelinux 3
cvelist 3
veracode 3
nvd 4
fedora 11
suse 6
altlinux 2
archlinux 1
cnvd 1
github 2
freebsd 1
githubexploit 1
gitlab 1
photon 1
vulnrichment 1
amazon 1
redhat
redhat
(RHSA-2022:0237) Important: Red Hat OpenStack Platform 16.2 (etcd) security update
2022-01-24 13:44:14
(RHSA-2022:0988) Moderate: Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) security update
2022-03-24 09:39:07
(RHSA-2021:4722) Moderate: OpenShift Virtualization 2.6.8 RPMs security and bug fix update
2021-11-17 15:28:43
nessus
nessus
RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2022:0237)
2022-01-25 00:00:00
RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2022:0260)
2022-01-26 00:00:00
RHEL 8 : Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) (RHSA-2022:0988)
2022-03-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-29923 affecting package golang 1.16.15-2
2021-09-09 15:03:05
CVE-2021-29923 affecting package python-tensorboard for versions less than 2.16.2-2
2024-07-24 01:44:36
CVE-2021-34558 affecting package golang 1.15.13-1
2021-09-09 15:03:05
debiancve
debiancve
CVE-2021-29923
2021-08-07 17:15:07
CVE-2021-34558
2021-07-15 14:15:19
CVE-2021-44716
2022-01-01 05:15:08
cve
cve
CVE-2021-29923
2021-08-07 17:15:07
CVE-2021-34558
2021-07-15 14:15:19
CVE-2021-44716
2022-01-01 05:15:08
ibm
ibm
Security Bulletin: A vulnerability in Golang Go affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-29923)
2023-01-12 21:59:00
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-29923)
2022-04-22 18:50:57
Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to bypassing of access control based on IP addresses due to CVE-2021-29923
2021-10-20 10:09:43
almalinux
almalinux
Moderate: go-toolset:rhel8 security update
2021-09-21 07:12:48
Important: grafana security update
2022-01-03 07:30:31
osv
osv
Moderate: go-toolset:rhel8 security update
2021-09-21 07:12:48
BIT-golang-2021-29923
2024-03-06 11:06:07
CVE-2021-29923
2021-08-07 17:15:07
ubuntucve
ubuntucve
CVE-2021-29923
2021-08-07 00:00:00
CVE-2021-44716
2022-01-01 00:00:00
CVE-2021-34558
2021-07-15 00:00:00
rocky
rocky
go-toolset:rhel8 security update
2021-09-21 07:12:48
grafana security update
2022-01-03 07:30:31
oraclelinux
oraclelinux
go-toolset:ol8 security update
2021-09-22 00:00:00
grafana security update
2022-01-04 00:00:00
redhatcve
redhatcve
CVE-2021-29923
2022-05-07 13:54:34
CVE-2021-34558
2022-05-07 14:27:24
CVE-2021-44716
2022-05-07 14:12:12
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-2633)
2021-11-03 00:00:00
Fedora: Security Advisory for podman (FEDORA-2021-3a55403080)
2021-08-05 00:00:00
Fedora: Security Advisory for podman (FEDORA-2021-6ac9b98f9e)
2021-08-13 00:00:00
prion
prion
Improper access control
2021-08-07 17:15:00
Sql injection
2021-07-15 14:15:00
Design/Logic Flaw
2022-01-01 05:15:00
alpinelinux
alpinelinux
CVE-2021-29923
2021-08-07 17:15:07
CVE-2021-34558
2021-07-15 14:15:19
CVE-2021-44716
2022-01-01 05:15:08
cvelist
cvelist
CVE-2021-29923
2021-08-07 16:38:59
CVE-2021-44716
2022-01-01 00:00:00
CVE-2021-34558
2021-07-15 13:47:36
veracode
veracode
Privilege Escalation
2021-08-10 06:24:31
Denial Of Service (DoS)
2021-07-14 08:50:21
Denial Of Service (DoS)
2021-12-14 20:52:35
nvd
nvd
CVE-2021-29923
2021-08-07 17:15:07
CVE-2021-34558
2021-07-15 14:15:19
CVE-2021-44716
2022-01-01 05:15:08
fedora
fedora
[SECURITY] Fedora 33 Update: buildah-1.21.4-5.fc33
2021-08-11 01:07:25
[SECURITY] Fedora 34 Update: grafana-7.5.10-1.fc34
2021-10-10 03:04:17
[SECURITY] Fedora 33 Update: podman-3.2.3-2.fc33
2021-08-11 01:07:26
suse
suse
Security update for go1.15 (moderate)
2021-07-19 00:00:00
Security update for go1.16 (important)
2021-07-19 00:00:00
Security update for go1.15 (moderate)
2021-07-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package golang version 1.15.14-alt1
2021-07-13 00:00:00
Security fix for the ALT Linux 10 package golang version 1.16.6-alt1
2021-07-13 00:00:00
archlinux
archlinux
[ASA-202107-42] go: denial of service
2021-07-20 00:00:00
cnvd
cnvd
Google Golang Trust Management Issue Vulnerability
2021-07-19 00:00:00
github
github
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
2022-01-12 22:33:04
golang.org/x/net/http2 allows uncontrolled memory consumption
2022-01-02 00:00:48
freebsd
freebsd
go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters
2021-07-07 00:00:00
githubexploit
githubexploit
Exploit for Improper Certificate Validation in Golang Go
2021-07-13 06:15:21
gitlab
gitlab
Uncontrolled Resource Consumption
2022-01-02 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0294
2021-09-02 00:00:00
vulnrichment
vulnrichment
CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform
2024-05-08 08:57:40
amazon
amazon
Medium: golang
2021-08-04 20:32:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.006

Percentile

78.8%

JSON
Related for RHSA-2022:0260
redhat20nessus41cbl_mariner29debiancve3cve3ibm14almalinux2osv13ubuntucve3rocky2oraclelinux2redhatcve4openvas18prion3alpinelinux3cvelist3veracode3nvd4fedora11suse6altlinux2archlinux1cnvd1github2freebsd1githubexploit1gitlab1photon1vulnrichment1amazon1