Lucene search
RedHatRHSA-2024:3617HistoryJul 01, 2024 - 12:51 a.m.
(RHSA-2024:3617) Moderate: Kube Descheduler Operator for Red Hat OpenShift 5.0.1 for RHEL 9
2024-07-0100:51:39
access.redhat.com
11
kube descheduler
red hat openshift
evicting pods
golang security fixes
rhel 9
cve-2024-24785
cve-2024-24784
cve-2024-24783
cve-2024-24786
cve-2023-45290
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.7
Confidence
Low
The Kube Descheduler Operator for Red Hat OpenShift is an optional
operator that deploys the descheduler, which is responsible for
evicting pods based on certain strategies.
Security Fix(es):
- golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
- golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
- golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
- golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
- golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
Related
redhat
redhat
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:0812-1)
2024-03-09 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2024:0811-1)
2024-03-09 00:00:00
SUSE SLES12 Security Update : go1.21 (SUSE-SU-2024:0800-1)
2024-03-09 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2024-03-05 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:0812-1)
2024-03-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0811-1)
2024-03-11 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1835)
2024-06-25 00:00:00
osv
osv
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
Important: go-toolset:rhel8 security update
2024-06-14 13:59:30
Important: golang security update
2024-05-10 14:32:42
rocky
rocky
go-toolset:rhel8 security update
2024-06-14 13:59:30
golang security update
2024-05-10 14:32:42
git-lfs security update
2024-05-10 14:32:42
redos
redos
ROS-20240805-08
2024-08-05 00:00:00
ROS-20240422-05
2024-04-22 00:00:00
ROS-20240712-02
2024-07-12 00:00:00
oraclelinux
oraclelinux
go-toolset:ol8 security update
2024-05-29 00:00:00
golang security update
2024-05-07 00:00:00
git-lfs security update
2024-05-07 00:00:00
almalinux
almalinux
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
Important: golang security update
2024-04-30 00:00:00
Important: git-lfs security update
2024-05-23 00:00:00
amazon
amazon
Medium: golang
2024-05-23 22:04:00
ubuntu
ubuntu
Go vulnerabilities
2024-07-09 00:00:00
prion
prion
Design/Logic Flaw
2024-03-05 23:15:00
veracode
veracode
Interpretation Differences
2024-03-17 17:30:16
vulnrichment
vulnrichment
CVE-2024-24784 Comments in display names are incorrectly handled in net/mail
2024-03-05 22:22:32
debiancve
debiancve
CVE-2024-24784
2024-03-05 23:15:07
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.7
Confidence
Low
Related for RHSA-2024:3617