what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

CVE-2022-21698

Status Candidate

Overview

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

Related Files

Red Hat Security Advisory 2024-0564-03
Posted Jan 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0564-03 - An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-21698
SHA-256 | 722daa580011131af319e7200f5c98ef8a0c7fb5c2a158f5de73361c83cb2e18
Red Hat Security Advisory 2023-5314-01
Posted Sep 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-21698, CVE-2022-41723, CVE-2022-48281, CVE-2023-1667, CVE-2023-2253, CVE-2023-2283, CVE-2023-24532, CVE-2023-25173, CVE-2023-2602, CVE-2023-2603, CVE-2023-26604, CVE-2023-27536, CVE-2023-28321
SHA-256 | 8cf8572f470b3beefb5a0e9b9113eb0f47bd25024311177330838258f83c2573
Red Hat Security Advisory 2023-1326-01
Posted May 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2021-38561, CVE-2021-4235, CVE-2021-4238, CVE-2021-43519, CVE-2021-44964, CVE-2022-1271, CVE-2022-1586, CVE-2022-1587, CVE-2022-1785, CVE-2022-1897, CVE-2022-1927, CVE-2022-21698, CVE-2022-23525
SHA-256 | f10395f77e4a90547f5bf8316a70cce7a5aac085f5d00bc9f68bcb976f306cf9
Red Hat Security Advisory 2023-2014-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2014-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.39. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-21698
SHA-256 | 9398a558a2304b88db68b8340dfea97b0aff9689b9ee80e6c5ead3ffd33b1b0b
Red Hat Security Advisory 2023-1158-01
Posted Mar 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1158-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.31. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-21698, CVE-2022-23521, CVE-2022-41903
SHA-256 | a19feccbce0161454f9c6187a8a2db5cc8dbc554c88b7361d92fab7112e0b0fc
Red Hat Security Advisory 2023-0652-01
Posted Feb 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0652-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.27. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-21698, CVE-2022-47629
SHA-256 | 7373618c8908434160feecfaaf515407448e4e5e9fa6fef9425fc021ee78de7e
Red Hat Security Advisory 2023-0566-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0566-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.26. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-21698
SHA-256 | 50ab1242efe681cb75b6ee025e1abbed5eb7409d661edde40d4b2117a74961ab
Red Hat Security Advisory 2023-0542-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2016-3709, CVE-2021-23648, CVE-2021-4238, CVE-2021-46848, CVE-2022-1304, CVE-2022-1705, CVE-2022-1962, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-22624, CVE-2022-22628
SHA-256 | d0ec81ac694e922500234d90eb37e90222ddaf5b72118f0b1c21008e8f27c7e2
Red Hat Security Advisory 2022-9096-01
Posted Jan 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-9096-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat, windows
advisories | CVE-2021-25749, CVE-2021-46848, CVE-2022-21698, CVE-2022-27191, CVE-2022-35737
SHA-256 | 373043494f5cbb3f8008959a5209879cea681b15be2c38e210b4ba4e9687c4a9
Red Hat Security Advisory 2022-7399-01
Posted Jan 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7399-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-22570, CVE-2021-38561, CVE-2021-4235, CVE-2022-1705, CVE-2022-21698, CVE-2022-24302, CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-2995, CVE-2022-30631, CVE-2022-3162, CVE-2022-3172, CVE-2022-32148
SHA-256 | e13aef52399a1f4fa930dd8b8bf1a89fd110f6137aebfab4ca96512890bd402c
Red Hat Security Advisory 2022-8057-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, csrf
systems | linux, redhat
advisories | CVE-2021-23648, CVE-2022-1705, CVE-2022-1962, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635
SHA-256 | 3ee16e49a8baf9378c63381be5115444e228ecd6a3b4ae465fcf1331c83fb783
Red Hat Security Advisory 2022-7529-01
Posted Nov 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7529-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and memory exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-1705, CVE-2022-1708, CVE-2022-1962, CVE-2022-21698, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-32148
SHA-256 | 86d402cba3309d240b303fd054f614420e400a922614407e5d24ebed38d6c057
Red Hat Security Advisory 2022-7519-01
Posted Nov 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7519-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, csrf
systems | linux, redhat
advisories | CVE-2021-23648, CVE-2022-1705, CVE-2022-1962, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635
SHA-256 | 3e15d8d2daf7a09f7541e03f3086b2da3507f9323e80ae6e10ec506f6426e5c7
Red Hat Security Advisory 2022-7261-01
Posted Oct 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7261-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-21698, CVE-2022-34903, CVE-2022-40674
SHA-256 | c7154b769aa8f770385e0062b01dadddba7912b1c640e1d7b6bb390748f4dcca
Red Hat Security Advisory 2022-6537-01
Posted Sep 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6537-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2015-20107, CVE-2021-38561, CVE-2022-0391, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21698, CVE-2022-34903
SHA-256 | 735b783c45f9b58ea138e108a34335ff5637f28e24d124171612b58ece201b35
Red Hat Security Advisory 2022-6430-01
Posted Sep 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-3634, CVE-2021-40528, CVE-2022-1271, CVE-2022-1292, CVE-2022-1586, CVE-2022-1705, CVE-2022-1962, CVE-2022-2068, CVE-2022-2097, CVE-2022-21698, CVE-2022-24675, CVE-2022-2526, CVE-2022-25313, CVE-2022-25314
SHA-256 | 4f2de101a63895ce93b93d579c8522dbea6333fada1258ba314335efd601e058
Red Hat Security Advisory 2022-6290-01
Posted Sep 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-3634, CVE-2021-40528, CVE-2022-1271, CVE-2022-1292, CVE-2022-1586, CVE-2022-2068, CVE-2022-2097, CVE-2022-21698, CVE-2022-24675, CVE-2022-25313, CVE-2022-25314, CVE-2022-26691, CVE-2022-28327, CVE-2022-29154
SHA-256 | 443a0aac6af9d5fe21a01d1493535af36861fdd77dc1fd48c74332d392859668
Red Hat Security Advisory 2022-6051-01
Posted Aug 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-0759, CVE-2022-1012, CVE-2022-1292, CVE-2022-1586, CVE-2022-1785, CVE-2022-1897, CVE-2022-1927, CVE-2022-2068, CVE-2022-2097, CVE-2022-21698, CVE-2022-30631, CVE-2022-32250
SHA-256 | 34dbc339b99387a91824a2ceb744350fc879ba77db776d936b2aebbd0812265e
Red Hat Security Advisory 2022-6061-01
Posted Aug 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6061-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-21698, CVE-2022-30631
SHA-256 | fcf4b9bbf9c3fcbbc7fa80f3ce2cff00390bed676f2038c77bf253be6ee78982
Red Hat Security Advisory 2022-6066-01
Posted Aug 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6066-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-21698, CVE-2022-30631
SHA-256 | e63bdbebb5cc08202eaddef5dffb89ac8311ed3055f616e8f00b44c1e6f3ce3c
Red Hat Security Advisory 2022-6040-01
Posted Aug 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-40528, CVE-2022-1705, CVE-2022-1962, CVE-2022-1996, CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-21698, CVE-2022-22576, CVE-2022-24675, CVE-2022-24921, CVE-2022-25313, CVE-2022-25314, CVE-2022-27774
SHA-256 | ed2fc17ea4fea7b280250203da1e4e161fa8403846ac647afd3762bf7b3aada3
Red Hat Security Advisory 2022-6042-01
Posted Aug 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-1705, CVE-2022-1962, CVE-2022-1996, CVE-2022-21698, CVE-2022-24675, CVE-2022-24921, CVE-2022-28131, CVE-2022-28327, CVE-2022-30629, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635
SHA-256 | a0fb90802eb4af19bdbeb9ff04bf6db0048a42b54fb373556a4d125e2aecf5cb
Red Hat Security Advisory 2022-5068-01
Posted Aug 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-1706, CVE-2022-21698, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806, CVE-2022-24675, CVE-2022-24921, CVE-2022-27191, CVE-2022-28327, CVE-2022-29162
SHA-256 | 30e00d08c07434f6fc92069d48ab3c33166cfe75f5097f3b4aae5ca92fe1476e
Red Hat Security Advisory 2022-5026-01
Posted Jun 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5026-01 - This advisory contains the following OpenShift Virtualization 4.10.2 images: RHEL-8-CNV-4.10. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2022-1271, CVE-2022-21698
SHA-256 | 41b95bc371b6b9bc8ef2aa305c9a7bc03b087f8fa56631b33599071bd61b2e0f
Red Hat Security Advisory 2022-2281-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.705.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2022-1271, CVE-2022-1677, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-21698, CVE-2022-29036, CVE-2022-29046, CVE-2022-29599
SHA-256 | dcbf14fb19ab25d7f2d075610b14da178e9c1cebabd792bb117f04a6ed6e7627
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close