23 matches found
CVE-2019-0211
CVE-2019-0211 affects Apache HTTP Server 2.4.17–2.4.38 when using MPM event, worker, or prefork. The issue arises from code executing in less-privileged child processes/threads (including in-process scripting interpreters) that could be exploited to run arbitrary code with the privileges of the p...
CVE-2022-4039
CVE-2022-4039 affects Red Hat Single Sign-On for OpenShift container images where an unsecured management interface is enabled. Connected sources describe the flaw as allowing an attacker to use the management interface to deploy malicious code and to access/modify potentially sensitive informati...
CVE-2023-1108
CVE-2023-1108 affects Undertow within Red Hat JBoss EAP 7.3.x (SSLConduit) where an infinite loop on close can cause DoS. Connected RHSA-2025-9583 confirms the issue and indicates a fix in the eap-7.3.z line (Patched Undertow). Remediation is to upgrade to the patched EAP 7.3.x release (eap-7.3.z...
CVE-2023-2585
CVE-2023-2585 concerns Keycloak’s Device Authorization Grant, where flawed validation of device_code and client_id could allow a malicious OAuth client to spoof a consent request and trick an admin into granting access to other OAuth clients or cause unauthorized access. Connected sources corrobo...
CVE-2023-0056
CVE-2023-0056 affects HAProxy and is described in connected advisories as an uncontrolled resource consumption DoS that can crash the service, including a scenario where an authenticated remote attacker could trigger a crafted server in an OpenShift cluster. The issue is associated with HAProxy’s...
CVE-2023-3223
CVE-2023-3223 relates to Undertow: Servlets annotated with @MultipartConfig may cause an OutOfMemoryError from large multipart content, enabling remote DoS. A bypass may occur if fileSizeThreshold limits are configured but the file name in the request is set to null. The Nessus plugin notes an un...
CVE-2024-1132
Keycloak path traversal vulnerability (CVE-2024-1132) arises from improper validation of redirect URLs, enabling an attacker to bypass validation and access other URLs within the domain when a client uses wildcard Valid Redirect URIs. The issue requires user interaction and affects clients with w...
CVE-2022-3916
CVE-2022-3916 affects Keycloak via the offline_access scope. The flaw arises from missing root-session validation and reuse of session IDs between root and user authentication sessions, enabling an attacker to resolve a user session attached to a previously authenticated user; using the refresh t...
CVE-2024-8883
CVE-2024-8883 : In Keycloak, a misconfiguration of the Valid Redirect URI allows open redirects when set to http://localhost or http://127.0.0.1. This can expose authorization codes and potentially enable session hijacking. The connected document (Keycloak open redirect) confirms the affected com...
CVE-2024-1635
Undertow vulnerability CVE-2024-1635 affects servers supporting the wildfly-http-client protocol. The issue arises during HTTP upgrade to remoting: WriteTimeoutStreamSinkConduit is not notified when a RemotingConnection is closed, causing timeout tasks to leak and accumulate, which leaks connecti...
CVE-2023-6291
Technical details about CVE-2023-6291 are not publicly available in the provided documents. Monitor for updates from Red Hat/Keycloak advisories for affected products, versions, and patches.
CVE-2023-3089
CVE-2023-3089 affects Red Hat OpenShift Container Platform; in OpenShift 4.13.x, the advisory RHSA-2023:4093 notes the fix for OCP in FIPS mode, stating that the CVE-3089 issue (in which not all cryptographic modules in use were FIPS-validated) is addressed by upgrading to OpenShift 4.13.5 and ap...
CVE-2023-6134
CVE-2023-6134 is a vulnerability in Keycloak-based Red Hat Single Sign-On (SSO) implementations, disclosed by OSV entries tied to RHSA advisories. The issue is a reflected XSS via a wildcard in the OIDC redirect_uri, arising from an incomplete fix for CVE-2020-10748. The connected docs confirm th...
CVE-2022-4318
CVE-2022-4318 is confirmed in multiple records as a vulnerability in cri-o that enables tampering of /etc/passwd via a specially crafted environment variable, effectively a privilege escalation path. Affected scope includes cri-o deployments used by Red Hat OpenShift platforms (OpenShift 4.x line...
CVE-2023-6563
CVE-2023-6563 is an offline-session DoS vulnerability in Keycloak/Red Hat SSO. Exploitation arises when an attacker triggers the admin UI by opening the consents tab after creating multiple user sessions, causing massive offline session load and resource exhaustion. The issue is acknowledged in R...
CVE-2024-1725
The CVE-2024-1725 issue affects kubevirt-csi in OpenShift Virtualization’s Hosted Control Plane (HCP): an authenticated attacker can create a PersistentVolume that matches a worker node name to access the root HCP worker node’s volume. Exploitation is described in multiple advisories, with OpenSh...
CVE-2024-9676
CVE-2024-9676 affects Podman, Buildah and CRI-O via a symlink traversal in the containers/storage library. The issue allows reading host files by the container when an image runs with an auto user namespace, potentially causing a denial of service (hangs and OOM). The connected documents mention ...
CVE-2023-5625
CVE-2023-5625 describes a patch regression in Red Hat builds of python-eventlet where the CVE-2021-21419 fix was not applied across all builds/products. Connected sources confirm the issue affects python-eventlet and note a related memory-exhaustion risk via large or highly compressed websocket f...
CVE-2022-4361
CVE-2022-4361 affects Keycloak’s SAML and OIDC providers, with a cross-site scripting (XSS) vulnerability that can be triggered by setting the AssertionConsumerServiceURL value or the redirect_uri. The connected sources consistently describe XSS in the SAML/OIDC flows and the ability to cause mal...
CVE-2025-6021
Affects libxml2: multiple vendors report CVE-2025-6021 (integer overflow in xmlBuildQName causing stack-based buffer overflow). Documents show vulnerable libxml2 variants across distributions (e.g., AWS ALAS advisories for libxml2 with 2.9/2.10 lines; AIX advisory listing affected filesets; Astra...
CVE-2024-4629
The CVE-2024-4629 issue is a brute-force protection bypass in Keycloak/Red Hat Single Sign-On 7.6.10 (and related builds). A timing-based flaw lets parallel login attempts exceed configured failed-attempt limits before lockout, enabling more password guesses. Red Hat has patched this in RHSA advi...
CVE-2026-4424
CVE-2026-4424 affects libarchive’s RAR archive processing. A heap out-of-bounds read arises from improper validation of the LZSS sliding window size after transitions between compression methods, enabling a remote attacker to disclose sensitive heap memory without authentication. Documents consis...
CVE-2025-13601
CVE-2025-13601 affects GLib’s g_escape_uri_string() where an integer overflow in buffer size calculation can cause a heap-based overflow when escaping strings with many invalid characters. Consequences are described as potential write past the end of the allocated buffer, leading to memory corrup...