CVE-2023-5625 – Python-eventlet: patch regression for cve-2021-21419 in some red hat builds
https://notcve.org/view.php?id=CVE-2023-5625
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. Se introdujo una regresión en la compilación de Red Hat de python-eventlet debido a un cambio en la estrategia de aplicación del parche, lo que provocó que no se aplicara un parche para CVE-2021-21419 para todas las compilaciones de todos los productos. • https://access.redhat.com/errata/RHSA-2023:6128 https://access.redhat.com/errata/RHSA-2024:0188 https://access.redhat.com/errata/RHSA-2024:0213 https://access.redhat.com/security/cve/CVE-2023-5625 https://bugzilla.redhat.com/show_bug.cgi?id=2244717 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-3089 – Ocp & fips mode
https://notcve.org/view.php?id=CVE-2023-3089
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. • https://access.redhat.com/security/cve/CVE-2023-3089 https://bugzilla.redhat.com/show_bug.cgi?id=2212085 https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-521: Weak Password Requirements CWE-693: Protection Mechanism Failure •
CVE-2022-4318 – Cri-o: /etc/passwd tampering privesc
https://notcve.org/view.php?id=CVE-2022-4318
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. Se encontró una vulnerabilidad en cri-o. Este problema permite la adición de líneas arbitrarias en /etc/passwd mediante el uso de una variable de entorno especialmente manipulada. • https://access.redhat.com/errata/RHSA-2023:1033 https://access.redhat.com/errata/RHSA-2023:1503 https://access.redhat.com/security/cve/CVE-2022-4318 https://bugzilla.redhat.com/show_bug.cgi?id=2152703 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-913: Improper Control of Dynamically-Managed Code Resources •