Lucene search
K
RedhatOpenshift Container Platform

313 matches found

CVE
CVE
added 2019/04/08 9:31 p.m.14696 views

CVE-2019-0211

CVE-2019-0211 affects Apache HTTP Server 2.4.17–2.4.38 when using MPM event, worker, or prefork. The issue arises from code executing in less-privileged child processes/threads (including in-process scripting interpreters) that could be exploited to run arbitrary code with the privileges of the p...

7.8CVSS7.2AI score0.65005EPSS
In wildWeb
CVE
CVE
added 2024/07/01 12:37 p.m.7714 views

CVE-2024-6387

CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...

8.1CVSS8.5AI score0.99506EPSS
In wild
CVE
CVE
added 2023/10/10 12:0 a.m.5301 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2023/12/18 12:0 a.m.4905 views

CVE-2023-48795

CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...

5.9CVSS6.7AI score0.9378EPSS
CVE
CVE
added 2025/02/18 6:27 p.m.3714 views

CVE-2025-26465

The CVE-2025-26465 issue affects OpenSSH when VerifyHostKeyDNS is enabled. A remote attacker could perform a MITM impersonation by abusing error-code handling during host-key verification, with success contingent on exhausting the client’s memory resources. Affected context is OpenSSH implementat...

6.8CVSS6.7AI score0.06997EPSS
CVE
CVE
added 2023/09/22 2:0 p.m.3280 views

CVE-2022-4039

CVE-2022-4039 affects Red Hat Single Sign-On for OpenShift container images where an unsecured management interface is enabled. Connected sources describe the flaw as allowing an attacker to use the management interface to deploy malicious code and to access/modify potentially sensitive informati...

9.8CVSS8.7AI score0.00789EPSS
CVE
CVE
added 2023/09/14 2:48 p.m.2759 views

CVE-2023-1108

CVE-2023-1108 affects Undertow within Red Hat JBoss EAP 7.3.x (SSLConduit) where an infinite loop on close can cause DoS. Connected RHSA-2025-9583 confirms the issue and indicates a fix in the eap-7.3.z line (Patched Undertow). Remediation is to upgrade to the patched EAP 7.3.x release (eap-7.3.z...

7.5CVSS7.3AI score0.01771EPSS
CVE
CVE
added 2023/09/24 12:7 a.m.2652 views

CVE-2023-1260

CVE-2023-1260 describes an authentication bypass in kube-apiserver within Red Hat OpenShift Container Platform, enabling an authenticated user with update/patch rights on pods/ephemeralcontainers to bypass SCC admission restrictions and gain control of a privileged pod. Affected OpenShift version...

8CVSS7.7AI score0.01569EPSS
Web
CVE
CVE
added 2023/12/21 9:24 a.m.2624 views

CVE-2023-2585

CVE-2023-2585 concerns Keycloak’s Device Authorization Grant, where flawed validation of device_code and client_id could allow a malicious OAuth client to spoof a consent request and trick an admin into granting access to other OAuth clients or cause unauthorized access. Connected sources corrobo...

8.1CVSS5.6AI score0.00694EPSS
CVE
CVE
added 2022/06/07 5:43 p.m.2391 views

CVE-2022-1708

CVE-2022-1708 affects CRI-O and causes memory or disk exhaustion on the node when handling large output from ExecSync. The vulnerability arises from CRI-O reading the entire command output after execution, which can exhaust node resources and impact availability. Connected advisories indicate aff...

7.8CVSS7.3AI score0.02827EPSS
CVE
CVE
added 2022/08/23 3:52 p.m.2327 views

CVE-2021-3827

CVE-2021-3827 concerns Keycloak where the default ECP binding flow can bypass other authentication flows, enabling an attacker to bypass MFA by sending a SOAP AuthnRequest with an Authorization header containing user credentials. Exploitation affects confidentiality and integrity as described in ...

6.8CVSS6.7AI score0.00874EPSS
CVE
CVE
added 2021/12/14 12:0 a.m.1447 views

CVE-2021-4104

CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...

7.5CVSS9.4AI score0.81147EPSS
In wild
CVE
CVE
added 2018/12/10 2:0 p.m.1326 views

CVE-2018-1000861

CVE-2018-1000861 affects Jenkins via the Stapler web framework (MetaClass && deserialization), enabling remote code execution. Affected: Jenkins 2.153 and earlier, LTS 2.138.3 and earlier. Root cause: deserialization/IMPACTful method invocation through crafted URLs in stapler/core MetaClass.java ...

10CVSS9.4AI score0.98326EPSS
In wildWeb
CVE
CVE
added 2019/03/25 12:0 a.m.1276 views

CVE-2019-7609

Kibana Timelion Remote Code Execution (CVE-2019-7609): A flaw in Timelion allowed an attacker with access to the Timelion application to send a request that may execute JavaScript code, potentially yielding arbitrary commands with Kibana process privileges on the host. Affected versions are Kiban...

10CVSS9.6AI score0.95338EPSS
In wild
CVE
CVE
added 2022/02/16 12:0 a.m.1184 views

CVE-2021-3560

CVE-2021-3560 – Polkit local privilege escalation : A flaw in polkit allows a local unprivileged process to bypass credential checks for D-Bus requests, enabling privilege escalation to root. Technical details across connected sources show the issue arises when a requesting process disconnects fr...

7.8CVSS6.1AI score0.22193EPSS
In wildWeb
CVE
CVE
added 2019/03/08 9:0 p.m.1145 views

CVE-2019-9636

CVE-2019-9636 overview Python 2.7.x (up to 2.7.16) and Python 3.x (up to 3.7.2) are affected by improper handling of Unicode encoding during NFKC normalization, exposing information such as cookies and credentials cached for a hostname. The vulnerable components are urllib.parse.urlsplit and urll...

9.8CVSS9.4AI score0.08811EPSS
CVE
CVE
added 2019/03/08 9:0 p.m.1119 views

CVE-2019-1003030

CVE-2019-1003030 describes a sandbox bypass in the Jenkins Pipeline: Groovy Plugin, affecting version 2.63 and earlier. The vulnerability arises in the plugin’s sandbox handling, specifically related to the CpsGroovyShell path, enabling an attacker who can control pipeline scripts to execute arbi...

9.9CVSS9.6AI score0.75594EPSS
In wildWeb
CVE
CVE
added 2019/03/08 9:0 p.m.1063 views

CVE-2019-1003029

CVE-2019-1003029 describes a sandbox bypass in Jenkins Script Security Plugin (versions ≤ 1.53) that lets attackers with Overall/Read permission execute arbitrary code on the Jenkins master JVM. Affected components are in the plugin’s Groovy sandbox: GroovySandbox.java and SecureGroovyScript.java...

9.9CVSS9.6AI score0.73854EPSS
In wildWeb
CVE
CVE
added 2023/03/23 12:0 a.m.969 views

CVE-2023-0056

CVE-2023-0056 affects HAProxy and is described in connected advisories as an uncontrolled resource consumption DoS that can crash the service, including a scenario where an authenticated remote attacker could trigger a crafted server in an OpenShift cluster. The issue is associated with HAProxy’s...

6.5CVSS6.3AI score0.01834EPSS
CVE
CVE
added 2019/08/13 12:0 a.m.864 views

CVE-2019-9514

CVE-2019-9514 corresponds to an HTTP/2 vulnerability where an attacker floods a peer by sending HEADERS frames, causing unbounded memory growth and potential DoS. Public details in connected advisories show affected stacks include Go HTTP/2 implementations and Go-based tools, with remediation via...

7.8CVSS7.9AI score0.82813EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.827 views

CVE-2019-2684

CVE-2019-2684 concerns Oracle Java SE and Java SE Embedded, specifically the RMI component. The connected Chainguard entry shows affected packages for OpenJDK builds (openjdk-21/openj9, openjdk-8/openj9, openjdk-11/openj9, openjdk-17/openj9). The initial description identifies affected Oracle Jav...

5.9CVSS5.7AI score0.37618EPSS
CVE
CVE
added 2026/04/22 8:15 a.m.820 views

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

7.8CVSS5.6AI score0.96267EPSS
In wild
CVE
CVE
added 2019/10/17 5:3 p.m.687 views

CVE-2019-14287

CVE-2019-14287 affects sudo before 1.8.28. An attacker with a Runas ALL sudoer account can bypass policy blacklists and session PAM modules and cause incorrect logging by invoking sudo with a crafted user ID (example: sudo -u $((0xffffffff))). This corresponds to a local privilege-escalation flaw...

9CVSS8.7AI score0.63917EPSS
CVE
CVE
added 2018/04/26 9:0 p.m.654 views

CVE-2018-10237

CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...

5.9CVSS5.9AI score0.05119EPSS
CVE
CVE
added 2019/12/10 9:1 p.m.643 views

CVE-2019-13734

CVE-2019-13734 describes an out-of-bounds write in the SQLite component used by Google Chrome/Chromium, enabling potential heap corruption via a crafted HTML page. Connected advisories confirm this affects Chrome/Chromium’s SQLite usage and note mitigations include updating to Chrome 79.0.3945.79...

8.8CVSS8.6AI score0.04022EPSS
CVE
CVE
added 2018/12/05 9:0 p.m.635 views

CVE-2018-1002105

CVE-2018-1002105 affects Kubernetes: before versions v1.10.11, v1.11.5, and v1.12.3, the kube-apiserver mishandles error responses to proxied upgrade requests. This flaw lets specially crafted requests establish a connection through the API server to backends and then send arbitrary requests over...

9.8CVSS7.4AI score0.86978EPSS
CVE
CVE
added 2020/03/31 9:1 p.m.619 views

CVE-2020-10696

CVE-2020-10696 involves a path traversal flaw in Buildah prior to 1.14.5. The vulnerability could allow an attacker to trick a user building a container image from an HTTP(S) server into writing files to the host file system where the user has permissions. The provided connected docs corroborate ...

9.3CVSS8.3AI score0.02603EPSS
CVE
CVE
added 2023/09/27 1:54 p.m.617 views

CVE-2023-3223

CVE-2023-3223 relates to Undertow: Servlets annotated with @MultipartConfig may cause an OutOfMemoryError from large multipart content, enabling remote DoS. A bypass may occur if fileSizeThreshold limits are configured but the file name in the request is set to null. The Nessus plugin notes an un...

7.5CVSS7.3AI score0.02044EPSS
CVE
CVE
added 2019/09/17 3:9 p.m.616 views

CVE-2019-14835

The CVE-2019-14835 entry describes a buffer overflow in Linux kernel vhost functionality (virtqueue buffers translated to IOVs) during VM live migration. A privileged guest user could pass descriptors with invalid length while migration is underway, potentially causing a host privilege escalation...

7.8CVSS8.3AI score0.00627EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.578 views

CVE-2019-2602

CVE-2019-2602 affects Oracle Java SE and Java SE Embedded Libraries component. Affected: Java SE 7u211, 8u202, 11.0.2, 12; Java SE Embedded 8u201. Root cause per the entry: vulnerability in Libraries that allows an unauthenticated, network-based attacker to cause a hang or frequent crashes (compl...

7.5CVSS6.8AI score0.0441EPSS
CVE
CVE
added 2019/11/14 7:8 p.m.566 views

CVE-2018-12207

CVE-2018-12207 describes an issue where improper invalidation of page-table updates by a privileged guest can cause a Denial of Service on the host on Intel processors. The vulnerability stems from how the guest VM handles translations in the MMU/TLB when paging structures change, potentially exp...

6.5CVSS7AI score0.00915EPSS
CVE
CVE
added 2019/02/15 3:0 p.m.565 views

CVE-2019-6974

CVE-2019-6974 affects the Linux kernel KVM subsystem: a race in kvm_ioctl_create_device() mishandles reference counting, enabling a local user with access to /dev/kvm to cause a use-after-free, potentially crashing the guest or escalating privileges. The issue is fixed in kernel 4.20.8 and relate...

8.1CVSS7.7AI score0.16523EPSS
CVE
CVE
added 2019/01/22 2:0 p.m.559 views

CVE-2019-1003000

CVE-2019-1003000 is a sandbox bypass/remote code execution flaw in Jenkins via the Script Security Plugin (and depending on Groovy/Declarative plugins). Affected components include Script Security Plugin versions up to 1.49 and earlier, with vulnerable code in GroovySandbox.java that lets attacke...

8.8CVSS8.8AI score0.98428EPSS
Web
CVE
CVE
added 2018/12/07 9:0 p.m.558 views

CVE-2018-18311

CVE-2018-18311 is a Perl vulnerability describing a buffer overflow caused by crafted regular expressions and an integer/offset issue in Perl’s environment setup (Perl before 5.26.3 and 5.28.x before 5.28.1). Connected advisories show multiple distributions releasing patches and updates to Perl p...

9.8CVSS9.6AI score0.11676EPSS
CVE
CVE
added 2019/08/13 8:50 p.m.555 views

CVE-2019-9515

CVE-2019-9515 concerns an HTTP/2 settings flood that can cause memory/CPU exhaustion. Arista’s security advisory (Security Advisory 0043) states the vulnerability is in Go’s gRPC HTTP/2 usage and can affect TerminAttr, OpenConfig, CVP, and certain Wi‑Fi OpenConfig-enabled components when enabled....

7.8CVSS7.7AI score0.87806EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.535 views

CVE-2019-2698

CVE-2019-2698 affects Oracle Java SE (subcomponent 2D) with affected Java SE versions 7u211 and 8u202; exploitation could allow takeover of Java SE via network access without authentication. CVSSv3.1 base score 8.1. Affected openjdk/openjdk-based packages (e.g., java-1.8.0-openjdk) and Oracle Jav...

8.1CVSS7.7AI score0.12013EPSS
CVE
CVE
added 2023/06/06 12:0 a.m.518 views

CVE-2023-2253

CVE-2023-2253 concerns the /v2/_catalog endpoint in distribution/distribution, where the query parameter n controls the maximum number of records returned. The flaw allows a malicious user to supply an unreasonably large n, potentially triggering allocation of a massive string array and causing m...

6.5CVSS6.2AI score0.00938EPSS
Web
CVE
CVE
added 2018/02/06 3:0 p.m.494 views

CVE-2017-7525

CVE-2017-7525 is a deserialization flaw in jackson-databind enabling code execution via ObjectMapper.readValue on versions before 2.6.7.1, 2.7.9.1, or 2.8.9. Astra Linux notes extend the issue to versions before 2.8.10 and 2.9.1, and newer advisories reference mitigations/updates. Remediation vis...

9.8CVSS9.2AI score0.37925EPSS
CVE
CVE
added 2019/03/17 6:26 p.m.493 views

CVE-2019-7221

CVE-2019-7221 is a Use-after-Free in the KVM implementation of the Linux kernel up to version 4.20.5. The vulnerability concerns KVM VMX preemption timer handling and is locally exploitable with low privileges and no user interaction, potentially affecting confidentiality, integrity, and availabi...

7.8CVSS7.5AI score0.00805EPSS
CVE
CVE
added 2024/04/17 1:21 p.m.492 views

CVE-2024-1132

Keycloak path traversal vulnerability (CVE-2024-1132) arises from improper validation of redirect URLs, enabling an attacker to bypass validation and access other URLs within the domain when a client uses wildcard Valid Redirect URIs. The issue requires user interaction and affects clients with w...

8.1CVSS5.7AI score0.01552EPSS
CVE
CVE
added 2020/02/12 12:0 a.m.484 views

CVE-2019-19921

Technical details about CVE-2019-19921 are not publicly available in the provided Connected documents. The entries reference related advisories, but no concrete affected versions, root cause, or fixes are included here. Monitor for updates.

7CVSS7AI score0.00457EPSS
CVE
CVE
added 2020/12/15 4:57 p.m.482 views

CVE-2020-27777

The CVE-2020-27777 issue concerns the Linux kernel on PowerPC: RTAS memory accesses in the userspace-to-kernel path allow a local, root-like user on a locked-down guest (Secure Boot) running on PowerVM or KVM/pseries to escalate privileges to the running kernel. Root cause is an improper handling...

7.2CVSS6.8AI score0.00501EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.479 views

CVE-2023-27561

CVE-2023-27561 affects runc; a race condition in volume mounts between two containers with shared mounts can enable an escalation of privileges via libcontainer/rootfs_linux.go. The issue is a regression of CVE-2019-19921 and requires two containers with custom volume-mount configurations and cus...

7CVSS6.8AI score0.00448EPSS
CVE
CVE
added 2024/04/06 4:11 p.m.467 views

CVE-2024-0406

CVE-2024-0406 concerns the mholt/archiver package. The connected Nessus/SUSE entries confirm a path-traversal flaw in tar unpacking that can cause writing to restricted files or directories when extracting archives. The remediation path shown in the connected docs includes upgrading the affected ...

7.8CVSS5.9AI score0.00928EPSS
CVE
CVE
added 2018/12/12 7:0 a.m.465 views

CVE-2018-18397

The vulnerability CVE-2018-18397 affects the Linux kernel prior to 4.19.7, where the userfaultfd implementation mishandles access control for certain UFFDIO ioctls (fs/userfaultfd.c and mm/userfaultfd.c). A local attacker with read permissions on a tmpfs file containing holes could write data int...

5.5CVSS5.8AI score0.0051EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.464 views

CVE-2018-14721

CVE-2018-14721 affects FasterXML jackson-databind 2.x up to 2.9.6 (before 2.9.7). The flaw allows remote attackers to perform SSRF by failing to block axis2-jaxws class during polymorphic deserialization, enabling server-side requests under network access. The vulnerability is tied to the misuse ...

10CVSS9.4AI score0.10458EPSS
CVE
CVE
added 2021/03/18 12:0 a.m.461 views

CVE-2020-27827

CVE-2020-27827 concerns Open vSwitch where specially crafted LLDP packets can trigger memory allocation issues during handling of optional TLVs, leading to a denial of service and impacting availability. The connected documents provide various advisories (e.g., AlmaLinux, Gentoo GLSA) that refere...

7.5CVSS7.2AI score0.03235EPSS
CVE
CVE
added 2022/08/26 3:25 p.m.461 views

CVE-2021-3669

CVE-2021-3669 is a Linux kernel vulnerability where measuring shared memory usage does not scale with large shared memory segment counts, enabling resource exhaustion and DoS. Connected sources confirm the issue affects multiple kernel versions and distributions, with remediations following vendo...

5.5CVSS6.3AI score0.00281EPSS
CVE
CVE
added 2020/06/03 1:45 p.m.455 views

CVE-2020-10749

The CVE-2020-10749 entry affects containernetworking/plugins versions before 0.8.6, due to improper validation of IPv6 router advertisements that enables man-in-the-middle (MitM) attacks in Kubernetes clusters. A malicious container could redirect traffic by sending rogue IPv6 router advertisemen...

6CVSS5.9AI score0.02428EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.443 views

CVE-2018-19361

CVE-2018-19361 is listed in the IBM Cloudera Observability bulletin as affecting Cloudera Observability on Premises 3.5.3, with remediation in 3.6.2. Description from the bulletin notes that FasterXML jackson-databind 2.x before 2.9.8 allows polymorphic deserialization via the openjpa class, yiel...

9.8CVSS8.8AI score0.10599EPSS
Total number of security vulnerabilities313