Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
RedhatOpenshift Container Platform For Linuxone

15 matches found

CVE
CVEadded 2023/09/22 3:15 p.m.3197 views

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server confi...

9.8CVSS8.7AI score0.00121EPSS
CVE
CVEadded 2023/09/14 3:15 p.m.2602 views

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5CVSS7.3AI score0.0481EPSS
CVE
CVEadded 2023/12/21 10:15 a.m.2580 views

CVE-2023-2585

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access...

8.1CVSS5.6AI score0.00112EPSS
CVE
CVEadded 2024/04/17 2:15 p.m.388 views

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any...

8.1CVSS5.7AI score0.00177EPSS
CVE
CVEadded 2023/09/20 3:15 p.m.260 views

CVE-2022-3916

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to ...

6.8CVSS7.1AI score0.00226EPSS
CVE
CVEadded 2024/02/19 10:15 p.m.250 views

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and op...

7.5CVSS7.4AI score0.10466EPSS
CVE
CVEadded 2024/01/26 3:15 p.m.247 views

CVE-2023-6291

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

7.1CVSS6.5AI score0.00196EPSS
CVE
CVEadded 2024/09/19 4:15 p.m.240 views

CVE-2024-8883

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leadi...

6.1CVSS6.4AI score0.0489EPSS
CVE
CVEadded 2023/09/25 8:15 p.m.193 views

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

7.8CVSS7.4AI score0.00042EPSS
CVE
CVEadded 2023/07/05 1:15 p.m.180 views

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

7.5CVSS7.4AI score0.00053EPSS
CVE
CVEadded 2020/02/12 6:15 p.m.178 views

CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

7.5CVSS7.5AI score0.04013EPSS
CVE
CVEadded 2023/11/01 2:15 p.m.168 views

CVE-2023-5625

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.

7.5CVSS5.7AI score0.00097EPSS
CVE
CVEadded 2024/03/07 8:15 p.m.153 views

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

6.5CVSS8AI score0.00133EPSS
CVE
CVEadded 2024/10/15 4:15 p.m.121 views

CVE-2024-9676

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (--u...

6.5CVSS6.9AI score0.027EPSS
CVE
CVEadded 2024/09/03 8:15 p.m.83 views

CVE-2024-4629

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This ...

6.5CVSS6.6AI score0.00166EPSS