VulnerableCode Package Details - pkg:rpm/redhat/atomic-openshift@3.11.232-1.git.0.a5bc32f?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-1pdh-7vrk-23e3 Aliases: CVE-2017-18367 GHSA-58v3-j75h-xr49	Improper Input Validation in libseccomp-golang libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.	There are no reported fixed by versions.
VCID-fbzn-vujj-pud5 Aliases: CVE-2019-11254 GHSA-wxc4-f4m6-wwqv	Excessive Platform Resource Consumption within a Loop in Kubernetes The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.	There are no reported fixed by versions.
VCID-ny1b-eq77-fuhw Aliases: CVE-2020-8555 GHSA-x6mj-w4jf-jmgw	Server Side Request Forgery (SSRF) in Kubernetes The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1pdh-7vrk-23e3
Aliases:
CVE-2017-18367
GHSA-58v3-j75h-xr49

Improper Input Validation in libseccomp-golang libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.

There are no reported fixed by versions.

VCID-fbzn-vujj-pud5
Aliases:
CVE-2019-11254
GHSA-wxc4-f4m6-wwqv

Excessive Platform Resource Consumption within a Loop in Kubernetes The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

There are no reported fixed by versions.

VCID-ny1b-eq77-fuhw
Aliases:
CVE-2020-8555
GHSA-x6mj-w4jf-jmgw

Server Side Request Forgery (SSRF) in Kubernetes The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:19:55.582674+00:00	RedHat Importer	Affected by	VCID-1pdh-7vrk-23e3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18367.json	38.0.0
2026-04-01T14:09:28.550484+00:00	RedHat Importer	Affected by	VCID-fbzn-vujj-pud5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11254.json	38.0.0
2026-04-01T14:06:42.176291+00:00	RedHat Importer	Affected by	VCID-ny1b-eq77-fuhw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8555.json	38.0.0