cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2024-12401,https://securityvulnerability.io/vulnerability/CVE-2024-12401,Cert-Manager Vulnerability Permits CPU-Based DoS Attack,"A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.",Red Hat,"Cert-manager Operator For Red Hat Openshift,Cryostat 3,Multicluster Engine For Kubernetes,Openshift Serverless,Red Hat Connectivity Link,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Gitops",4.4,MEDIUM,0.0021299999207258224,false,,false,false,false,,,false,false,,2024-12-12T09:06:03.612Z,0
CVE-2022-3248,https://securityvulnerability.io/vulnerability/CVE-2022-3248,"Openshift api admission checks does not enforce ""custom-host"" permissions","A flaw was found in OpenShift API, as admission checks do not enforce ""custom-host"" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.",Red Hat,"Kubernetes,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Tower 3,Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4",4.4,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2023-10-05T13:28:27.973Z,0
CVE-2023-1260,https://securityvulnerability.io/vulnerability/CVE-2023-1260,Privesc,"An authentication bypass vulnerability exists in kube-apiserver, which may allow an authenticated remote attacker to bypass intended access controls. By obtaining permissions to update or patch the 'pods/ephemeralcontainers' subresource, an attacker could potentially create or modify privileged pods, evading admission restrictions imposed by Security Context Constraints (SCCs). This could lead to unauthorized control over sensitive or critical components within a Kubernetes cluster, posing significant risks to the security of deployed applications.",Red Hat,"kubernetes,Red Hat OpenShift Container Platform 4.10,Red Hat OpenShift Container Platform 4.11,Red Hat OpenShift Container Platform 4.12,Red Hat OpenShift Container Platform 4.13,Red Hat OpenShift Container Platform 4",8,HIGH,0.01221999991685152,false,,false,false,false,,,false,false,,2023-09-24T01:15:00.000Z,0
CVE-2023-3089,https://securityvulnerability.io/vulnerability/CVE-2023-3089,Ocp & fips mode,"A compliance issue has been identified in the Red Hat OpenShift Container Platform when operated in FIPS mode, where not all utilized cryptographic modules were validated against FIPS standards. This could potentially impact the security posture within environments that require FIPS-compliant cryptographic solutions, urging users to review their configurations and understand the implications on their compliance requirements.",Red Hat,"Openshift,Openshift Serverless,Openshift Service Mesh 2.2.x,Openshift Service Mesh 2.3.x,Openshift Service Mesh 2.4,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Jboss A-MQ Streams,Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Sandboxed Containers,Red Hat Openshift Virtualization 4",7,HIGH,0.001230000052601099,false,,false,false,false,,,false,false,,2023-07-05T13:15:00.000Z,0