21 matches found
Critical: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.1-1.hum1 aarch64, x8664 nginx-all-modules-1.30.1-1.hum1 noarch nginx-core-1.30.1-1.hum1 aarch64, x8664 nginx-filesystem-1.30.1-1.hum1 noarch nginx-mod-devel-1.30.1-1.hum1 aarch6...
AZL-78659 CVE-2026-27141 affecting package cri-o 1.30.1-1
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...
AZL-57289 CVE-2025-22869 affecting package cri-o 1.30.1-1
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
AZL-55067 CVE-2025-21613 affecting package cri-o 1.30.1-1
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
AZL-48525 CVE-2024-45310 affecting package cri-o 1.30.1-1
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
CVE-2024-28180 affecting package kubernetes for versions less than 1.30.1-1
CVE-2024-28180 affecting package kubernetes for versions less than 1.30.1-1. A patched version of the package is available...
CVE-2023-45288 affecting package cri-tools for versions less than 1.30.1-1
CVE-2023-45288 affecting package cri-tools for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-47108 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-47108 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-49568 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-49568 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-49569 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-49569 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-28180 affecting package cri-o for versions less than 1.30.1-1
CVE-2024-28180 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-2879 affecting package cri-o for versions less than 1.30.1-1
CVE-2022-2879 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-48795 affecting package kubernetes for versions less than 1.30.1-1
CVE-2023-48795 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-24786 affecting package kubernetes for versions less than 1.30.1-1
CVE-2024-24786 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-24786 affecting package cri-o for versions less than 1.30.1-1
CVE-2024-24786 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-45288 affecting package kubernetes for versions less than 1.30.1-1
CVE-2023-45288 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
AZL-45243 CVE-2024-3727 affecting package cri-o 1.30.1-1
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...
AZL-40016 CVE-2024-3177 affecting package kubernetes for versions less than 1.30.1-1
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...
AZL-35662 CVE-2024-24786 affecting package kubernetes for versions less than 1.30.1-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-34896 CVE-2024-21626 affecting package kubernetes for versions less than 1.30.1-1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem...