Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6596
An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.
NA
CVE-2024-31419
An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace withou...
NA
CVE-2023-5388
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an malicious user to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
NA
CVE-2024-1725
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated malicious user to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the na...
NA
CVE-2024-1342
A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.
8.6
CVSSv3
CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and previous versions, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working director...
Linuxfoundation Runc
Fedoraproject Fedora 39
21 Github repositories
7.1
CVSSv3
CVE-2023-6291
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the malicious user to impersonate other users.
Redhat Single Sign-on -
Redhat Keycloak
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Z 4.9
Redhat Openshift Container Platform For Ibm Z 4.10
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on 7.6
Redhat Migration Toolkit For Applications 6.0
Redhat Migration Toolkit For Applications 7.0
7.5
CVSSv3
CVE-2023-49568
A denial of service (DoS) vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Appl...
Go-git Project Go-git
9.8
CVSSv3
CVE-2023-49569
A path traversal vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are us...
Go-git Project Go-git
1 Github repository
5.5
CVSSv3
CVE-2024-0443
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference cou...
Linux Linux Kernel 6.4
Linux Linux Kernel
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 39
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »