cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23367,https://securityvulnerability.io/vulnerability/CVE-2025-23367,Role-Based Access Control Vulnerability in Wildfly Server,"A vulnerability in the Wildfly Server's Role Based Access Control (RBAC) provider permits unauthorized users to execute critical management operations. Specifically, the flaw enables users with only Monitor or Auditor roles, who should be restricted to read-only access, to suspend or resume the server. This issue arises from inadequate authorization checks in the Suspend and Resume handlers, allowing actions without confirming appropriate user permissions. It's crucial for organizations to address this issue by applying the latest security patches provided by Red Hat.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-on 7",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-30T14:30:04.227Z,0
CVE-2024-13484,https://securityvulnerability.io/vulnerability/CVE-2024-13484,ArgoCD Vulnerability Allows Creation of Rogue Monitoring Rules,"A flaw exists in ArgoCD where the openshift.io/cluster-monitoring label is automatically applied to all namespaces deploying an ArgoCD Custom Resource (CR) instance. This labeling enables potential malicious creation of a rogue PrometheusRule, which is then propagated across the entire cluster. Such an oversight could severely impact the integrity of the platform's monitoring stack, creating vulnerabilities in the overall security posture.",Red Hat,Red Hat Openshift Gitops,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T17:54:28.701Z,0
CVE-2025-0754,https://securityvulnerability.io/vulnerability/CVE-2025-0754,Log Injection Vulnerability in OpenShift Service Mesh by Red Hat,"An issue has been identified in OpenShift Service Mesh versions 2.6.3 and 2.5.6, stemming from improper sanitization of HTTP headers by Envoy, specifically the x-forwarded-for header. This flaw permits attackers to inject malicious payloads into service mesh logs, facilitating log injection and spoofing attacks. Consequently, this exploitation can distort logging processes, allowing adversaries to manipulate log entries or potentially execute reflected cross-site scripting (XSS) attacks, posing significant risks to the overall integrity and security of the environment.",Red Hat,Openshift Service Mesh 2,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-28T09:37:11.500Z,0
CVE-2025-0752,https://securityvulnerability.io/vulnerability/CVE-2025-0752,Access Control Vulnerabilities in OpenShift Service Mesh by Red Hat,"A flaw in OpenShift Service Mesh versions 2.6.3 and 2.5.6 has been identified, which may allow for rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and potential replay attacks. This vulnerability stems from inadequate sanitization of HTTP headers within Envoy, necessitating urgent attention to patch affected systems to prevent exploitation.",Red Hat,Openshift Service Mesh 2,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-28T09:29:33.073Z,0
CVE-2025-0750,https://securityvulnerability.io/vulnerability/CVE-2025-0750,Path Traversal Vulnerability in CRI-O Affects Node-Level Operations,"A significant vulnerability exists in the CRI-O log management functionalities, specifically within the UnMountPodLogs and LinkContainerLogs methods. This flaw allows a malicious actor, possessing the necessary permissions to create and delete Pods, to exploit path traversal techniques. By doing so, they may unmount arbitrary host paths, potentially compromising node stability and availability. Such actions could culminate in a denial of service at the node level, impacting the integrity and performance of critical system directories.",Red Hat,Red Hat Openshift Container Platform 4,6.6,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-28T09:29:30.831Z,0
CVE-2025-0736,https://securityvulnerability.io/vulnerability/CVE-2025-0736,Sensitive Information Exposure in Infinispan via JGroups with JDBC_PING,"A flaw exists in Infinispan's implementation when using JGroups in conjunction with JDBC_PING. This vulnerability occurs when applications inadvertently expose sensitive details, including configuration information or credentials, through logging mechanisms. As a result, this could allow unauthorized access by malicious actors, potentially leading to exploitation of the affected systems. It is critical for users of Infinispan to review logging configurations and limit logging of sensitive data to mitigate risks associated with this exposure.",Red Hat,Red Hat Data Grid 8,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T09:12:38.101Z,0
CVE-2022-4975,https://securityvulnerability.io/vulnerability/CVE-2022-4975,Cross-Site Scripting Flaw in Red Hat Advanced Cluster Security Portal,"An XSS vulnerability exists in the Red Hat Advanced Cluster Security portal. When rendering the table view, the portal populates a DOM table element with unsanitized data using innerHTML. This flaw can potentially allow attackers with some control over the rendered data to inject malicious scripts, leading to unauthorized access and data manipulation.",Red Hat,Red Hat Advanced Cluster Security 3,8.9,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-27T13:47:55.595Z,0
CVE-2025-0650,https://securityvulnerability.io/vulnerability/CVE-2025-0650,Access Control Flaw in Open Virtual Network by Red Hat,"A flaw exists in the Open Virtual Network (OVN) where specially crafted UDP packets can bypass egress access control lists (ACLs). This vulnerability is present when a logical switch with DNS records configured and associated egress ACLs is utilized. Attackers could potentially exploit this flaw to gain unauthorized access to virtual machines and containers, leading to security breaches in OVN networks.",Red Hat,"Fast Datapath For Rhel 8,Fast Datapath For Rhel 9,Red Hat Openshift Container Platform 4",8.1,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-23T16:34:31.390Z,0
CVE-2025-0604,https://securityvulnerability.io/vulnerability/CVE-2025-0604,Authentication Bypass Vulnerability in Keycloak by Red Hat,"A vulnerability exists in Keycloak where the system fails to validate new password credentials against Active Directory (AD) during a user password reset. As a result, users with expired or disabled AD accounts may regain unauthorized access to Keycloak, circumventing the established security restrictions. This flaw poses a significant risk as it may lead to authentication bypass, potentially allowing malicious actors to exploit user accounts under certain conditions.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Single Sign-on 7",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-22T14:34:45.923Z,0
CVE-2024-11218,https://securityvulnerability.io/vulnerability/CVE-2024-11218,Container Breakout Vulnerability in Podman and Buildah,"A vulnerability exists in Podman and Buildah that allows for a container breakout, particularly when using the '--jobs=2' option during the build process of a malicious Containerfile. This vulnerability exploits a race condition that may lead to the exposure of files and directories on the host system. Though using SELinux can provide some degree of mitigation, it does not completely prevent the enumeration of sensitive host file systems, posing a risk for affected users.",Red Hat,"Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 8,Red Hat Openshift Container Platform 4",8.6,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-22T04:55:30.649Z,359
CVE-2024-12084,https://securityvulnerability.io/vulnerability/CVE-2024-12084,Heap-based Buffer Overflow Vulnerability in Rsync Daemon by Red Hat,"A heap-based buffer overflow vulnerability has been identified in the rsync daemon, attributable to improper management of attacker-controlled checksum lengths (s2length). This weakness arises when the maximum digest length exceeds the designated fixed length of 16 bytes, allowing an attacker to exploit the flaw and write outside the allocated memory in the sum2 buffer. Such exploitation could potentially compromise system integrity and lead to unauthorized access or data manipulation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",9.8,CRITICAL,0.0006300000241026282,false,,true,false,true,2025-01-15T17:00:18.000Z,false,true,true,2025-01-23T10:52:02.325Z,2025-01-15T14:16:35.363Z,6131
CVE-2024-11029,https://securityvulnerability.io/vulnerability/CVE-2024-11029,Flaw in FreeIPA API Audit Leads to Credential Exposure,"A significant flaw was identified in the FreeIPA API audit process where it logs entire FreeIPA command lines to journalctl. This flaw leads to unintended leakage of sensitive information, particularly administrative user credentials, during the installation phase. If the journal log is centralized, individuals with access to these logs could improperly obtain the administrator's password, posing a serious security risk. Proper remediation and patching are essential to protect administrative accounts and sensitive data.",Red Hat,"Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8",5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-15T12:55:30.964Z,0
CVE-2025-23366,https://securityvulnerability.io/vulnerability/CVE-2025-23366,Cross-Site Scripting Vulnerability in Wildfly by Red Hat,"A cross-site scripting vulnerability exists in the HAL Console of Wildfly. This flaw allows an attacker with authenticated access, specifically belonging to management groups such as 'SuperUser', 'Admin', or 'Maintainer', to execute arbitrary scripts in the context of other users' browsers. The issue arises due to inadequate neutralization of user-controllable input before it is rendered on web pages served to other users, posing significant security risks.",Red Hat,"Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack",6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-14T18:16:00.000Z,0
CVE-2024-12085,https://securityvulnerability.io/vulnerability/CVE-2024-12085,Rsync Daemon Memory Leak Vulnerability in Red Hat Products,"A vulnerability exists in the rsync daemon which can be exploited during the comparison of file checksums. An attacker can manipulate the checksum length, leading to potential leaks of one byte of uninitialized stack data at a time. This weakness could allow unauthorized access to sensitive information in memory, posing a security risk to affected systems.",Red Hat,"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - Extension,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Logging Subsystem For Red Hat Openshift,Red Hat Openshift Container Platform 4",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,242
CVE-2024-12088,https://securityvulnerability.io/vulnerability/CVE-2024-12088,Path Traversal Vulnerability in Rsync Affects Multiple Platforms,"A vulnerability exists in Rsync when utilizing the `--safe-links` option. The software fails to properly validate symbolic link destinations, allowing the potential for a path traversal attack. This flaw may permit unauthorized file writes to locations outside the intended directory, posing a significant risk to systems using affected Rsync versions. It is crucial for users to evaluate their use of Rsync and apply any necessary patches to mitigate this risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-12747,https://securityvulnerability.io/vulnerability/CVE-2024-12747,Race Condition in Rsync's Symbolic Link Handling Affects Red Hat Systems,"A vulnerability exists in rsync due to a race condition detected in its handling of symbolic links. By default, rsync skips symbolic links; however, if an attacker replaces a regular file with a symbolic link during a critical operation, they can exploit this timing issue. Such an exploit may allow the attacker to bypass rsync's default behavior, potentially leaking sensitive information or facilitating privilege escalation, depending on the permissions of the rsync process. This vulnerability necessitates immediate attention to mitigate unauthorized access risks.",Red Hat,,,,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-12087,https://securityvulnerability.io/vulnerability/CVE-2024-12087,Path Traversal Vulnerability in rsync Affects Red Hat,"A path traversal vulnerability in rsync allows a malicious server to exploit the `--inc-recursive` option, which is often enabled by default. This vulnerability arises from insufficient symlink verification and deduplication checks that occur on a per-file-list basis. An attacker could leverage this flaw to write files outside of the client's intended destination directory, potentially placing harmful files in arbitrary locations that mimic valid directories and paths on the client system.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-12086,https://securityvulnerability.io/vulnerability/CVE-2024-12086,File Enumeration Vulnerability in rsync by Red Hat,"A vulnerability in rsync has been identified that allows a server to expose the contents of files located on a client's machine. This issue arises during the process of file synchronization, where the rsync server transmits checksums of its local files to a client for comparison, determining which files need to be transferred. By exploiting this vulnerability, an attacker can craft specific checksum values to coax the rsync server into divulging sensitive information about arbitrary files. This enables a potential attacker to reconstruct the data from these files byte by byte, posing a significant risk to the integrity and confidentiality of sensitive information.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T17:37:54.960Z,0
CVE-2024-11736,https://securityvulnerability.io/vulnerability/CVE-2024-11736,Configuration Vulnerability in Keycloak Affects Sensitive Server Information,"A configuration exposure vulnerability has been identified in Keycloak that allows admin users to access sensitive server environment variables and system properties through crafted user-configurable URLs. By manipulating backchannel logout URLs or admin URLs using placeholders like ${env.VARNAME} or ${PROPNAME}, administrators can inadvertently disclose critical server information, as the server processes and substitutes these placeholders with their actual values. This vulnerability poses a significant risk, particularly if the exposed variables contain sensitive data.",Red Hat,"Red Hat Build Of Keycloak 26.0,Rhbk 26.0.8,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack",4.9,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,false,,2025-01-14T08:36:08.583Z,0
CVE-2024-11734,https://securityvulnerability.io/vulnerability/CVE-2024-11734,Denial of Service Vulnerability in Keycloak by Red Hat,"A vulnerability exists in Keycloak that can be exploited by an administrative user possessing the authority to alter realm settings. By modifying security headers and introducing newline characters, the Keycloak server may attempt to process a request that has already been terminated. This can lead to a denial of service, effectively disrupting the service for users. It is crucial for administrators to be aware of this vulnerability and to apply the necessary mitigations promptly.",Red Hat,"Red Hat Build Of Keycloak 26.0,Rhbk 26.0.8,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack",6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,false,,2025-01-14T08:35:42.107Z,0
CVE-2025-0306,https://securityvulnerability.io/vulnerability/CVE-2025-0306,Ruby Interpreter Vulnerability Affecting Messaging Security,"A vulnerability exists within the Ruby interpreter that is susceptible to the Marvin Attack. This weakness enables attackers to decrypt previously secured messages and fabricate signatures. By exchanging an extensive number of messages with the affected Ruby service, an attacker can compromise the integrity and confidentiality of the communication, posing significant risks to sensitive data.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3",7.4,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-09T04:05:42.194Z,0
CVE-2024-56827,https://securityvulnerability.io/vulnerability/CVE-2024-56827,Heap Buffer Overflow in OpenJPEG Project Affecting Multiple Applications,"A vulnerability exists in the OpenJPEG project, where a heap buffer overflow may occur when specific parameters are utilized within the opj_decompress utility. This flaw can lead to application crashes or unpredictable behavior, compromising software reliability and security. Users are encouraged to review their OpenJPEG implementations and apply necessary mitigations to safeguard against potential exploitation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-09T03:40:30.512Z,0
CVE-2024-56826,https://securityvulnerability.io/vulnerability/CVE-2024-56826,Heap Buffer Overflow in OpenJPEG Affects Multiple Releases,"A heap buffer overflow vulnerability has been identified within the OpenJPEG project. This flaw arises when using specific options with the opj_decompress utility. Exploitation of this vulnerability may lead to application crashes or unexpected behavior, posing potential risks to data integrity and system stability. Users are advised to evaluate their use of affected OpenJPEG versions and implement necessary updates.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-09T03:40:24.613Z,0
CVE-2024-8447,https://securityvulnerability.io/vulnerability/CVE-2024-8447,Denial of Service Vulnerability in Narayana LRA Coordinator Component,"A security vulnerability exists within the LRA Coordinator component of the Narayana transaction manager that can lead to significant application disruptions. The flaw arises when the Cancel operation is invoked, resulting in a delay of about 2 seconds. If a Join request is made with the same LRA ID during this interval, it may cause the application to crash or hang indefinitely, resulting in a denial of service. It is crucial for users of affected Narayana versions to implement appropriate mitigations to prevent potential service outages.",Red Hat,,5.9,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-02T21:15:00.000Z,0
CVE-2024-45497,https://securityvulnerability.io/vulnerability/CVE-2024-45497,OpenShift Build Process Vulnerability Affecting Red Hat Products,"A significant vulnerability exists in the OpenShift build process, where the docker-build container is improperly configured with a hostPath volume mount that links the node's /var/lib/kubelet/config.json file to the build pod. This critical file contains sensitive credentials essential for accessing private repositories. The flawed configuration permits unprivileged write access, allowing attackers to overwrite this file. As a result, by modifying the config.json file, an attacker can cause a denial of service, disrupting the ability of the node to pull new container images. Additionally, this vulnerability poses significant risks by potentially allowing unauthorized access to sensitive credentials, which could lead to further compromises within the system.",Red Hat,"Red Hat Fuse 7,Red Hat Openshift Container Platform 4",7.6,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,false,,2024-12-31T02:19:22.553Z,0