Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:1715
HistoryMay 04, 2022 - 9:09 p.m.

(RHSA-2022:1715) Moderate: Red Hat Advanced Cluster Management 2.3.10 security updates and bug fixes

2022-05-0421:09:57
access.redhat.com
48

0.145 Low

EPSS

Percentile

95.8%

JSON

Red Hat Advanced Cluster Management for Kubernetes 2.3.10 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Security updates:

  • Follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

  • Node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

  • Follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

  • Urijs: Authorization Bypass Through User-Controlled Key (CVE-2022-0613)

  • Urijs: Leading white space bypasses protocol validation (CVE-2022-24723)

  • Nconf: Prototype pollution in memory store (CVE-2022-21803)

  • Moment.js: Path traversal in moment.locale (CVE-2022-24785)

Bug fixes:

  • RHACM 2.3.10 images

Related

redhat 26
nessus 43
osv 15
rocky 3
almalinux 1
oraclelinux 4
virtuozzo 3
ibm 17
prion 7
huntr 1
cve 7
cvelist 7
github 5
ubuntucve 5
veracode 5
redhatcve 4
cnvd 3
nvd 7
f5 2
openvas 14
slackware 1
fedora 3
broadcom 2
debiancve 5
thn 1
githubexploit 3
hivepro 1
attackerkb 1
suse 1
ubuntu 1
redos 1
redhat
redhat
(RHSA-2022:1681) Moderate: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes
2022-05-03 14:27:08
(RHSA-2022:4896) Important: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]
2022-06-02 12:21:19
(RHSA-2022:1555) Important: kernel-rt security and bug fix update
2022-04-26 13:50:26
nessus
nessus
RHEL 8 : Red Hat Virtualization security, update [ovirt-4.5.0] (Important) (RHSA-2022:4896)
2022-06-03 00:00:00
RHEL 8 : dotnet5.0 (Unpatched Vulnerability)
2024-06-03 00:00:00
Rocky Linux 8 : kernel (RLSA-2022:1550)
2022-04-28 00:00:00
osv
osv
Important: kernel-rt security and bug fix update
2022-04-26 13:50:26
Important: kernel security and bug fix update
2022-04-26 13:49:36
Important: kernel security and bug fix update
2022-04-26 13:49:36
rocky
rocky
kernel-rt security and bug fix update
2022-04-26 13:50:26
kernel security and bug fix update
2022-04-26 13:49:36
.NET Core 3.1 on Rocky Linux 8 bugfix update
2022-04-18 13:16:19
almalinux
almalinux
Important: kernel security and bug fix update
2022-04-26 13:49:36
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2022-04-06 00:00:00
kernel security and bug fix update
2022-04-27 00:00:00
Unbreakable Enterprise kernel-container security update
2022-02-28 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 140.0 for Virtuozzo Hybrid Server 7.0, 7.5
2022-04-15 00:00:00
Virtuozzo Hybrid Infrastructure 4.7 Update 1.4 (4.7.1-53)
2022-05-25 00:00:00
Virtuozzo Hybrid Infrastructure 5.0 Update 1.3 (5.0.1-57)
2022-05-25 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js follow-redirects module information disclosure vulnerabilities (CVE-2022-0536, CVE-2022-0155)
2023-02-07 21:34:20
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise & IBM Integration Bus (CVE-2022-0155 & CVE-2022-0536)
2022-05-12 15:35:26
Security Bulletin: IBM MQ Appliance is affected by follow-redirects vulnerabilities (CVE-2022-0155 and CVE-2022-0536)
2022-07-14 15:02:42
prion
prion
Input validation
2022-03-03 21:15:00
Design/Logic Flaw
2022-04-12 16:15:00
Heap overflow
2022-02-24 15:15:00
huntr
huntr
Protocol/Hostname spoofing via Improper Input Validation
2022-02-27 02:50:37
cve
cve
CVE-2022-24723
2022-03-03 21:15:07
CVE-2022-21803
2022-04-12 16:15:08
CVE-2021-4115
2022-02-21 22:15:07
cvelist
cvelist
CVE-2022-24723 Improper Input Validation in URI.js
2022-03-03 20:35:11
CVE-2022-21803 Prototype Pollution
2022-04-12 00:00:00
CVE-2022-25636
2022-02-22 01:41:05
github
github
Leading white space bypasses protocol validation
2022-03-03 19:23:36
Prototype Pollution in nconf
2022-04-13 00:00:30
Path Traversal: 'dir/../../filename' in moment.locale
2022-04-04 21:25:48
ubuntucve
ubuntucve
CVE-2022-24723
2022-03-03 00:00:00
CVE-2022-25636
2022-02-22 00:00:00
CVE-2022-24785
2022-04-04 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-03-04 04:13:53
Prototype Pollution
2022-04-13 03:18:28
Path Traversal
2022-04-05 05:27:19
redhatcve
redhatcve
CVE-2022-21803
2022-04-12 20:00:53
CVE-2022-24723
2022-03-09 16:57:45
CVE-2022-25636
2022-02-22 07:50:41
cnvd
cnvd
Medialize URI.js Input Validation Error Vulnerability (CNVD-2022-19502)
2022-03-04 00:00:00
nconf has unspecified vulnerabilities
2022-04-15 00:00:00
Linux kernel elevation of privilege vulnerability (CNVD-2022-69197)
2022-02-24 00:00:00
nvd
nvd
CVE-2022-24723
2022-03-03 21:15:07
CVE-2022-21803
2022-04-12 16:15:08
CVE-2021-4028
2022-08-24 16:15:09
f5
f5
K13559191 : Linux kernel vulnerability CVE-2022-25636
2022-06-09 00:00:00
K37256400 : Linux kernel vulnerability CVE-2021-4028
2022-05-02 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-1874)
2022-06-16 00:00:00
Slackware: Security Advisory (SSA:2022-071-01)
2022-04-21 00:00:00
Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-2187)
2022-08-01 00:00:00
slackware
slackware
[slackware-security] polkit
2022-03-12 21:04:57
fedora
fedora
[SECURITY] Fedora 35 Update: polkit-0.120-1.fc35.2
2022-02-19 01:32:59
[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.3
2022-03-03 15:50:59
[SECURITY] Fedora 35 Update: nodejs-bash-language-server-2.0.0-2.fc35
2022-02-25 16:53:15
broadcom
broadcom
Flaw in polkit
2022-07-29 00:00:00
Flaw in polkit
2022-07-29 00:00:00
debiancve
debiancve
CVE-2022-25636
2022-02-24 15:15:31
CVE-2022-24785
2022-04-04 17:15:07
CVE-2021-4028
2022-08-24 16:15:09
thn
thn
New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access
2022-03-14 11:05:00
githubexploit
githubexploit
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-04-05 07:08:09
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-04-23 17:49:30
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-03-07 13:38:41
hivepro
hivepro
Attackers could gain root access using vulnerability in Linux Kernel Netfilter Firewall
2022-03-17 15:50:05
attackerkb
attackerkb
CVE-2022-24785
2022-04-04 00:00:00
suse
suse
Security update for polkit (moderate)
2022-02-21 00:00:00
ubuntu
ubuntu
PolicyKit vulnerability
2022-02-28 00:00:00
redos
redos
ROS-20220318-03
2022-03-18 00:00:00

0.145 Low

EPSS

Percentile

95.8%

JSON
Related for RHSA-2022:1715
redhat26nessus43osv15rocky3almalinux1oraclelinux4virtuozzo3ibm17prion7huntr1cve7cvelist7github5ubuntucve5veracode5redhatcve4cnvd3nvd7f52openvas14slackware1fedora3broadcom2debiancve5thn1githubexploit3hivepro1attackerkb1suse1ubuntu1redos1