CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 2CVE-2022-2990 – buildah: possible information disclosure and modification
https://notcve.org/view.php?id=CVE-2022-2990
13 Sep 2022 — An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. Un manejo incorrecto de los grupos suplementarios en el motor de contenedores de Buildah podría conllevar a una divulgación de información confidencial o una posible modifi... • https://bugzilla.redhat.com/show_bug.cgi?id=2121453 • CWE-842: Placement of User into Incorrect Group CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 2CVE-2022-2989 – podman: possible information disclosure and modification
https://notcve.org/view.php?id=CVE-2022-2989
13 Sep 2022 — An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. Un manejo incorrecto de los grupos suplementarios en el motor de contenedores Podman podría conllevar a una divulgación de información confidencial o una posible modificació... • https://bugzilla.redhat.com/show_bug.cgi?id=2121445 • CWE-842: Placement of User into Incorrect Group CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1632
https://notcve.org/view.php?id=CVE-2022-1632
01 Sep 2022 — An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. Se ha encontrado un ataque de comprobación inapropiada de certificados en Openshift. Una ruta de re-encriptación con destinationCACertificate explícitamente establecido en el serviceCA por defecto omite... • https://bugzilla.redhat.com/show_bug.cgi?id=2081181 • CWE-295: Improper Certificate Validation •
CVSS: 8.6EPSS: 0%CPEs: 14EXPL: 2CVE-2022-2132 – dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs
https://notcve.org/view.php?id=CVE-2022-2132
28 Aug 2022 — A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. Se ha encontrado un fallo en la lista de entradas permitidas en DPDK. Este problema permite a un atacante remoto causar una denegación de servicio al enviar un encabezado Vhost diseñado a DPDK The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, o... • https://bugs.dpdk.org/show_bug.cgi?id=1031 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-791: Incomplete Filtering of Special Elements •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2022-1708 – cri-o: memory exhaustion on the node when access to the kube api
https://notcve.org/view.php?id=CVE-2022-1708
07 Jun 2022 — A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the ... • https://bugzilla.redhat.com/show_bug.cgi?id=2085361 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1677 – openshift/router: route hijacking attack via crafted HAProxy configuration file
https://notcve.org/view.php?id=CVE-2022-1677
25 May 2022 — In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. En OpenShift Container Platform, un usuario con permisos para crear o modificar rutas puede diseñar una carga útil que ins... • https://access.redhat.com/security/cve/CVE-2022-1677 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1706 – ignition: configs are accessible from unprivileged containers in VMs running on VMware products
https://notcve.org/view.php?id=CVE-2022-1706
17 May 2022 — A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config. Se ha encontrado una vulnerabilidad en Ignition en la que las configuraciones de encendido son accesibles desde contenedores no privilegiados ... • https://bugzilla.redhat.com/show_bug.cgi?id=2082274 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-0669 – dpdk: sending vhost-user-inflight type messages could lead to DoS
https://notcve.org/view.php?id=CVE-2022-0669
04 May 2022 — A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. Se ha encontrado un fallo en dpdk. Este fallo permite a un vhost-user master malicioso adjuntar un número inesperado de fd... • https://access.redhat.com/security/cve/CVE-2022-0669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 33%CPEs: 20EXPL: 3CVE-2022-1227 – psgo: Privilege escalation in 'podman top'
https://notcve.org/view.php?id=CVE-2022-1227
29 Apr 2022 — A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. Se ha encontrado un fallo de escalada de privilegios en Podman. • https://github.com/iridium-soda/CVE-2022-1227_Exploit • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-27652 – cri-o: Default inheritable capabilities for linux container should be empty
https://notcve.org/view.php?id=CVE-2022-27652
18 Apr 2022 — A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Se ha encontrado un fallo en cri-o, donde los contenedores eran iniciados incorrectamente con permisos po... • https://bugzilla.redhat.com/show_bug.cgi?id=2066839 • CWE-276: Incorrect Default Permissions •