Search for packages
| purl | pkg:rpm/redhat/openshift@4.5.0-202007012112.p0.git.0.582d7fc?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-37zk-9fax-v7e1
Aliases: CVE-2020-9283 GHSA-ffhg-7mh4-33c4 |
Improper Verification of Cryptographic Signature in golang.org/x/crypto golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | There are no reported fixed by versions. |
|
VCID-fbzn-vujj-pud5
Aliases: CVE-2019-11254 GHSA-wxc4-f4m6-wwqv |
Excessive Platform Resource Consumption within a Loop in Kubernetes The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. | There are no reported fixed by versions. |
|
VCID-jwt2-1eqe-qyfq
Aliases: CVE-2019-11252 |
kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes | There are no reported fixed by versions. |
|
VCID-tc46-9vdm-xudz
Aliases: CVE-2020-8558 GHSA-wqv3-8cm6-h6wg |
Improper Authentication in Kubernetes A security issue was discovered in the Kubelet and kube-proxy components of Kubernetes which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. For example, if a cluster administrator runs a TCP service on a node that listens on 127.0.0.1:1234, because of this bug, that service would be potentially reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. If the example service on port 1234 required no additional authentication (because it assumed that only other localhost processes could reach it), then it could be vulnerable to attacks that make use of this bug. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:12:15.013560+00:00 | RedHat Importer | Affected by | VCID-37zk-9fax-v7e1 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json | 38.0.0 |
| 2026-04-01T14:10:12.880574+00:00 | RedHat Importer | Affected by | VCID-jwt2-1eqe-qyfq | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11252.json | 38.0.0 |
| 2026-04-01T14:09:28.530888+00:00 | RedHat Importer | Affected by | VCID-fbzn-vujj-pud5 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11254.json | 38.0.0 |
| 2026-04-01T14:05:55.227744+00:00 | RedHat Importer | Affected by | VCID-tc46-9vdm-xudz | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8558.json | 38.0.0 |