Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-11249
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary...
Kubernetes Kubernetes
Kubernetes Kubernetes 1.12.11
Redhat Openshift Container Platform 3.9
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
Redhat Openshift Container Platform 4.1
1 Article
6.5
CVSSv3
CVE-2023-0056
An uncontrolled resource consumption vulnerability exists in HAProxy which could crash the service. This issue could allow an authenticated remote malicious user to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
Haproxy Haproxy -
Redhat Software Collections -
Redhat Ceph Storage 5.0
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Linuxone 4.12
Redhat Openshift Container Platform For Power 4.12
Redhat Openshift Container Platform Ibm Z Systems 4.12
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform For Ibm Linuxone 4.10
Redhat Openshift Container Platform For Power 4.10
Redhat Openshift Container Platform Ibm Z Systems 4.10
Redhat Openshift Container Platform For Ibm Linuxone 4.11
Redhat Openshift Container Platform For Power 4.11
Redhat Openshift Container Platform Ibm Z Systems 4.11
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5
CVSSv3
CVE-2023-0264
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session t...
Redhat Keycloak
Redhat Single Sign-on
Redhat Openshift Container Platform 4.9
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform For Ibm Linuxone 4.9
Redhat Openshift Container Platform For Ibm Linuxone 4.10
Redhat Openshift Container Platform Ibm Z Systems 4.9
Redhat Openshift Container Platform Ibm Z Systems 4.10
Redhat Single Sign-on -
1 Github repository
7.1
CVSSv3
CVE-2023-6291
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the malicious user to impersonate other users.
Redhat Single Sign-on -
Redhat Keycloak
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Z 4.9
Redhat Openshift Container Platform For Ibm Z 4.10
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on 7.6
Redhat Migration Toolkit For Applications 6.0
Redhat Migration Toolkit For Applications 7.0
7.5
CVSSv3
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crash...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.9
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
1 Article
6.5
CVSSv3
CVE-2023-2253
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all...
Redhat Openshift Container Platform 4.0
Redhat Openshift Developer Tools And Services -
Redhat Openshift Api For Data Protection -
4.3
CVSSv3
CVE-2016-3722
Jenkins prior to 2.3 and LTS prior to 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."
Jenkins Jenkins
Redhat Openshift 3.1
Redhat Openshift 3.2
4.3
CVSSv3
CVE-2016-3723
Jenkins prior to 2.3 and LTS prior to 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.
Jenkins Jenkins
Redhat Openshift 3.1
Redhat Openshift 3.2
6.5
CVSSv3
CVE-2016-3724
Jenkins prior to 2.3 and LTS prior to 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.
Redhat Openshift 3.1
Redhat Openshift 3.2
Jenkins Jenkins
4.3
CVSSv3
CVE-2016-3725
Jenkins prior to 2.3 and LTS prior to 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Jenkins Jenkins
Redhat Openshift 3.1
Redhat Openshift 3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »