Skip to content

Instantly share code, notes, and snippets.

@mithilarun

mithilarun/lts1-p13-openv.csv

Last active May 17, 2023 16:16
Show Gist options
  • Save mithilarun/d673d63c7625c97c9f0189e0fb1a2a0a to your computer and use it in GitHub Desktop.
Save mithilarun/d673d63c7625c97c9f0189e0fb1a2a0a to your computer and use it in GitHub Desktop.
Download ZIP
LTS1 Patch 13 Open Vulnerabilities
Raw
lts1-p13-openv.csv
Image Name Type Target PackageName VulnerabilityID Severity InstalledVersion FixedVersion Title
docker.io-platform9-alertmanager-v0.21.0-pmk-2640545 Library bin/alertmanager github.com/prometheus/client_golang CVE-2022-21698 HIGH v1.6.0 1.11.1 Denial of service using InstrumentHandlerCounter
docker.io-platform9-alertmanager-v0.21.0-pmk-2640545 Library bin/amtool github.com/prometheus/client_golang CVE-2022-21698 HIGH v1.6.0 1.11.1 Denial of service using InstrumentHandlerCounter
docker.io-platform9-cni-v3.18.6-pmk-2639927 Library opt/cni/bin/calico go.etcd.io/etcd CVE-2018-1098 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b v3.3.2 etcd: Cross-site request forgery via crafted local POST forms
docker.io-platform9-cni-v3.18.6-pmk-2639927 Library opt/cni/bin/calico go.etcd.io/etcd CVE-2020-15115 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b 3.3.23; 3.4.10 etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords
docker.io-platform9-cni-v3.18.6-pmk-2639927 Library opt/cni/bin/calico-ipam go.etcd.io/etcd CVE-2018-1098 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b v3.3.2 etcd: Cross-site request forgery via crafted local POST forms
docker.io-platform9-cni-v3.18.6-pmk-2639927 Library opt/cni/bin/calico-ipam go.etcd.io/etcd CVE-2020-15115 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b 3.3.23; 3.4.10 etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords
docker.io-platform9-cni-v3.18.6-pmk-2639927 Library opt/cni/bin/install go.etcd.io/etcd CVE-2018-1098 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b v3.3.2 etcd: Cross-site request forgery via crafted local POST forms
docker.io-platform9-cni-v3.18.6-pmk-2639927 Library opt/cni/bin/install go.etcd.io/etcd CVE-2020-15115 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b 3.3.23; 3.4.10 etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords
docker.io-platform9-kube-controllers-v3.18.6-pmk-2639927 Library usr/bin/kube-controllers go.etcd.io/etcd CVE-2018-1098 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b v3.3.2 etcd: Cross-site request forgery via crafted local POST forms
docker.io-platform9-kube-controllers-v3.18.6-pmk-2639927 Library usr/bin/kube-controllers go.etcd.io/etcd CVE-2020-15115 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b 3.3.23; 3.4.10 etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords
docker.io-platform9-node-v3.18.6-pmk-2639927 Library usr/bin/calico-node go.etcd.io/etcd CVE-2018-1098 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b v3.3.2 etcd: Cross-site request forgery via crafted local POST forms
docker.io-platform9-node-v3.18.6-pmk-2639927 Library usr/bin/calico-node go.etcd.io/etcd CVE-2020-15115 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b 3.3.23; 3.4.10 etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords
docker.io-platform9-node-v3.18.6-pmk-2639927 Library usr/bin/calico-node k8s.io/kubernetes CVE-2021-25741 HIGH v1.18.12 1.19.15; 1.20.11; 1.21.5; 1.22.2 kubernetes: Symlink exchange can allow host filesystem access
docker.io-platform9-node-v3.18.6-pmk-2639927 Library usr/bin/calico-node k8s.io/kubernetes CVE-2022-3294 HIGH v1.18.12 1.22.16; 1.23.14; 1.24.8; 1.25.4 kubernetes: node address isn't always verified when proxying
docker.io-platform9-prometheus-config-reloader-v0.46.0-pmk-2640544 Library bin/prometheus-config-reloader github.com/prometheus/client_golang CVE-2022-21698 HIGH v1.9.0 1.11.1 Denial of service using InstrumentHandlerCounter
docker.io-platform9-prometheus-operator-v0.46.0-pmk-2640544 Library bin/operator github.com/prometheus/client_golang CVE-2022-21698 HIGH v1.9.0 1.11.1 Denial of service using InstrumentHandlerCounter
docker.io-platform9-prometheus-v2.16.0-pmk-2640543 Library bin/prometheus github.com/prometheus/client_golang CVE-2022-21698 HIGH v1.2.0 1.11.1 Denial of service using InstrumentHandlerCounter
docker.io-platform9-prometheus-v2.16.0-pmk-2640543 Library bin/promtool github.com/prometheus/client_golang CVE-2022-21698 HIGH v1.2.0 1.11.1 Denial of service using InstrumentHandlerCounter
docker.io-platform9-typha-v3.18.6-pmk-2639927 Library code/calico-typha go.etcd.io/etcd CVE-2018-1098 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b v3.3.2 etcd: Cross-site request forgery via crafted local POST forms
docker.io-platform9-typha-v3.18.6-pmk-2639927 Library code/calico-typha go.etcd.io/etcd CVE-2020-15115 HIGH v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b 3.3.23; 3.4.10 etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords
platform9-pf9-addon-operator-3.2.5 Library manager golang.org/x/net CVE-2022-41721 HIGH v0.0.0-20220906165146-f3363e06e74c 0.1.1-0.20221104162952-702349b0e862 x/net/http2/h2c: request smuggling
platform9-pf9-addon-operator-3.2.5 Library manager golang.org/x/net CVE-2022-41723 HIGH v0.0.0-20220906165146-f3363e06e74c 0.7.0 avoid quadratic complexity in HPACK decoding
platform9-kube-proxy-v1.20.15-pmk-2668622 OS platform9/kube-proxy:v1.20.15-pmk-2668622 (debian 11.7) openssl CVE-2023-0464 HIGH 1.1.1n-0+deb11u4 Denial of service by excessive resource usage in verifying X509 policy constraints
platform9-multus-v3.7.2-pmk-2644970 OS platform9/multus:v3.7.2-pmk-2644970 (centos 7.9.2009) glib2 CVE-2015-8385 HIGH 2.56.1-9.el7_9 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)
platform9-multus-v3.7.2-pmk-2644970 OS platform9/multus:v3.7.2-pmk-2644970 (centos 7.9.2009) glib2 CVE-2016-3191 HIGH 2.56.1-9.el7_9 pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13; 10.22/12)
platform9-multus-v3.7.2-pmk-2644970 OS platform9/multus:v3.7.2-pmk-2644970 (centos 7.9.2009) python CVE-2023-24329 HIGH 2.7.5-92.el7_9 urllib.parse url blocklisting bypass
platform9-multus-v3.7.2-pmk-2644970 OS platform9/multus:v3.7.2-pmk-2644970 (centos 7.9.2009) python-libs CVE-2023-24329 HIGH 2.7.5-92.el7_9 urllib.parse url blocklisting bypass
platform9-node-feature-discovery-v0.11.3-pmk-2636824 OS platform9/node-feature-discovery:v0.11.3-pmk-2636824 (debian 11.6) libssl1.1 CVE-2023-0464 HIGH 1.1.1n-0+deb11u4 Denial of service by excessive resource usage in verifying X509 policy constraints
platform9-node-feature-discovery-v0.11.3-pmk-2636824 OS platform9/node-feature-discovery:v0.11.3-pmk-2636824 (debian 11.6) openssl CVE-2023-0464 HIGH 1.1.1n-0+deb11u4 Denial of service by excessive resource usage in verifying X509 policy constraints
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment