Openshift Container Platform Security Vulnerabilities and Issues — Openshift Container Platform CVE List

Lucene search

RedhatOpenshift Container Platform

8 matches found

CVE•added 2025/02/18 7:15 p.m.•2328 views

CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For ...

6.8CVSS6.7AI score0.52936EPSS

CVE•added 2025/01/14 6:15 p.m.•260 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

7.5CVSS7.5AI score0.01186EPSS

CVE•added 2025/01/14 6:15 p.m.•136 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the d...

7.5CVSS8AI score0.0052EPSS

CVE•added 2025/01/14 6:15 p.m.•96 views

CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with...

6.8CVSS6.1AI score0.00172EPSS

CVE•added 2025/03/03 5:15 p.m.•73 views

CVE-2025-0678

A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of...

7.8CVSS6.8AI score0.00021EPSS

CVE•added 2025/03/03 5:15 p.m.•56 views

CVE-2024-45782

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, im...

7.8CVSS6.3AI score0.0002EPSS

CVE•added 2025/06/09 8:15 p.m.•55 views

CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, en...

9.8CVSS8.1AI score0.00039EPSS

CVE•added 2025/03/03 5:15 p.m.•52 views

CVE-2024-45778

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

5.5CVSS4.5AI score0.00012EPSS