Lucene search

K
RedhatOpenshift Container Platform

266 matches found

CVE
CVE
added 2018/07/02 5:29 p.m.52 views

CVE-2018-10843

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network co...

9CVSS8.8AI score0.00281EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.52 views

CVE-2021-3684

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the assoc...

5.5CVSS5.3AI score0.00044EPSS
CVE
CVE
added 2018/08/01 4:29 p.m.51 views

CVE-2016-8651

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.

3.5CVSS3.7AI score0.00238EPSS
CVE
CVE
added 2019/04/22 4:29 p.m.51 views

CVE-2019-3899

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.

9.8CVSS9.4AI score0.00395EPSS
CVE
CVE
added 2018/09/11 4:29 p.m.50 views

CVE-2018-10937

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

5.4CVSS5.2AI score0.00417EPSS
CVE
CVE
added 2018/06/12 1:29 p.m.49 views

CVE-2018-1070

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.

7.5CVSS7.5AI score0.00158EPSS
CVE
CVE
added 2021/03/24 5:15 p.m.46 views

CVE-2019-19352

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

7CVSS6.9AI score0.00036EPSS
CVE
CVE
added 2025/07/10 10:15 a.m.34 views

CVE-2025-32990

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a de...

8.2CVSS6.6AI score0.00072EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.33 views

CVE-2025-32988

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node i...

8.2CVSS6.8AI score0.00056EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.33 views

CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1...

5.3CVSS6.4AI score0.00026EPSS
CVE
CVE
added 2025/06/24 2:15 p.m.32 views

CVE-2025-5318

A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnera...

8.1CVSS6.5AI score0.00055EPSS
CVE
CVE
added 2025/07/04 6:15 a.m.31 views

CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistaken...

8.8CVSS6.7AI score0.00048EPSS
CVE
CVE
added 2025/07/04 9:15 a.m.28 views

CVE-2025-5351

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional ...

6.5CVSS6.5AI score0.00034EPSS
CVE
CVE
added 2025/07/10 2:15 p.m.27 views

CVE-2025-7424

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of se...

7.8CVSS6.8AI score0.00069EPSS
CVE
CVE
added 2025/07/14 2:15 p.m.15 views

CVE-2025-7519

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is ...

6.7CVSS7.3AI score0.00016EPSS
CVE
CVE
added 2025/07/28 7:15 p.m.9 views

CVE-2025-8283

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used...

3.7CVSS6.4AI score0.00039EPSS
Total number of security vulnerabilities266