cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12243,https://securityvulnerability.io/vulnerability/CVE-2024-12243,Denial-of-Service Vulnerability in GnuTLS Affecting libtasn1,"A vulnerability has been identified in GnuTLS due to an inefficient algorithm within libtasn1 responsible for ASN.1 data processing. This flaw permits a remote attacker to craft specific DER-encoded certificates that can compel GnuTLS to consume excessive resources, leading to potential unresponsiveness or slow performance. Consequently, this may result in a denial-of-service condition, disrupting normal operations.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-02-10T15:28:10.328Z,0
CVE-2024-12133,https://securityvulnerability.io/vulnerability/CVE-2024-12133,Denial of Service Vulnerability in libtasn1 Affects Red Hat Products,"A vulnerability in libtasn1 leads to inefficient processing of certain certificate data, particularly when handling a large number of elements. This inefficiency can result in excessive delays or system crashes. Attackers could exploit this flaw by sending a specially crafted certificate, which may disrupt service availability and lead to denial of service conditions in affected systems.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-02-10T15:28:03.193Z,0
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2024-13484,https://securityvulnerability.io/vulnerability/CVE-2024-13484,ArgoCD Vulnerability Allows Creation of Rogue Monitoring Rules,"A flaw exists in ArgoCD where the openshift.io/cluster-monitoring label is automatically applied to all namespaces deploying an ArgoCD Custom Resource (CR) instance. This labeling enables potential malicious creation of a rogue PrometheusRule, which is then propagated across the entire cluster. Such an oversight could severely impact the integrity of the platform's monitoring stack, creating vulnerabilities in the overall security posture.",Red Hat,Red Hat Openshift Gitops,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T17:54:28.701Z,0
CVE-2025-0754,https://securityvulnerability.io/vulnerability/CVE-2025-0754,Log Injection Vulnerability in OpenShift Service Mesh by Red Hat,"An issue has been identified in OpenShift Service Mesh versions 2.6.3 and 2.5.6, stemming from improper sanitization of HTTP headers by Envoy, specifically the x-forwarded-for header. This flaw permits attackers to inject malicious payloads into service mesh logs, facilitating log injection and spoofing attacks. Consequently, this exploitation can distort logging processes, allowing adversaries to manipulate log entries or potentially execute reflected cross-site scripting (XSS) attacks, posing significant risks to the overall integrity and security of the environment.",Red Hat,Openshift Service Mesh 2,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-28T09:37:11.500Z,0
CVE-2025-0752,https://securityvulnerability.io/vulnerability/CVE-2025-0752,Access Control Vulnerabilities in OpenShift Service Mesh by Red Hat,"A flaw in OpenShift Service Mesh versions 2.6.3 and 2.5.6 has been identified, which may allow for rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and potential replay attacks. This vulnerability stems from inadequate sanitization of HTTP headers within Envoy, necessitating urgent attention to patch affected systems to prevent exploitation.",Red Hat,Openshift Service Mesh 2,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-28T09:29:33.073Z,0
CVE-2025-0750,https://securityvulnerability.io/vulnerability/CVE-2025-0750,Path Traversal Vulnerability in CRI-O Affects Node-Level Operations,"A significant vulnerability exists in the CRI-O log management functionalities, specifically within the UnMountPodLogs and LinkContainerLogs methods. This flaw allows a malicious actor, possessing the necessary permissions to create and delete Pods, to exploit path traversal techniques. By doing so, they may unmount arbitrary host paths, potentially compromising node stability and availability. Such actions could culminate in a denial of service at the node level, impacting the integrity and performance of critical system directories.",Red Hat,"Red Hat Openshift Container Platform 4.17,Red Hat Openshift Container Platform 4",6.6,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-28T09:29:30.831Z,0
CVE-2025-0650,https://securityvulnerability.io/vulnerability/CVE-2025-0650,Access Control Flaw in Open Virtual Network by Red Hat,"A flaw exists in the Open Virtual Network (OVN) where specially crafted UDP packets can bypass egress access control lists (ACLs). This vulnerability is present when a logical switch with DNS records configured and associated egress ACLs is utilized. Attackers could potentially exploit this flaw to gain unauthorized access to virtual machines and containers, leading to security breaches in OVN networks.",Red Hat,"Fast Datapath For Red Hat Enterprise Linux 8,Fast Datapath For Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",8.1,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-23T16:34:31.390Z,0
CVE-2024-11218,https://securityvulnerability.io/vulnerability/CVE-2024-11218,Container Breakout Vulnerability in Podman and Buildah,"A vulnerability exists in Podman and Buildah that allows for a container breakout, particularly when using the '--jobs=2' option during the build process of a malicious Containerfile. This vulnerability exploits a race condition that may lead to the exposure of files and directories on the host system. Though using SELinux can provide some degree of mitigation, it does not completely prevent the enumeration of sensitive host file systems, posing a risk for affected users.",Red Hat,"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Red Hat Enterprise Linux 8,Red Hat Openshift Container Platform 4",8.6,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-22T04:55:30.649Z,359
CVE-2024-12084,https://securityvulnerability.io/vulnerability/CVE-2024-12084,Heap-based Buffer Overflow Vulnerability in Rsync Daemon by Red Hat,"A heap-based buffer overflow vulnerability has been identified in the rsync daemon, attributable to improper management of attacker-controlled checksum lengths (s2length). This weakness arises when the maximum digest length exceeds the designated fixed length of 16 bytes, allowing an attacker to exploit the flaw and write outside the allocated memory in the sum2 buffer. Such exploitation could potentially compromise system integrity and lead to unauthorized access or data manipulation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",9.8,CRITICAL,0.0006300000241026282,false,,true,false,true,2025-01-15T17:00:18.000Z,false,true,true,2025-01-23T10:52:02.325Z,2025-01-15T14:16:35.363Z,6131
CVE-2024-12087,https://securityvulnerability.io/vulnerability/CVE-2024-12087,Path Traversal Vulnerability in rsync Affects Red Hat,"A path traversal vulnerability in rsync allows a malicious server to exploit the `--inc-recursive` option, which is often enabled by default. This vulnerability arises from insufficient symlink verification and deduplication checks that occur on a per-file-list basis. An attacker could leverage this flaw to write files outside of the client's intended destination directory, potentially placing harmful files in arbitrary locations that mimic valid directories and paths on the client system.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-12088,https://securityvulnerability.io/vulnerability/CVE-2024-12088,Path Traversal Vulnerability in Rsync Affects Multiple Platforms,"A vulnerability exists in Rsync when utilizing the `--safe-links` option. The software fails to properly validate symbolic link destinations, allowing the potential for a path traversal attack. This flaw may permit unauthorized file writes to locations outside the intended directory, posing a significant risk to systems using affected Rsync versions. It is crucial for users to evaluate their use of Rsync and apply any necessary patches to mitigate this risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-12085,https://securityvulnerability.io/vulnerability/CVE-2024-12085,Rsync Daemon Memory Leak Vulnerability in Red Hat Products,"A vulnerability exists in the rsync daemon which can be exploited during the comparison of file checksums. An attacker can manipulate the checksum length, leading to potential leaks of one byte of uninitialized stack data at a time. This weakness could allow unauthorized access to sensitive information in memory, posing a security risk to affected systems.",Red Hat,"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - Extension,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.15,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Logging Subsystem For Red Hat Openshift",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,242
CVE-2024-12086,https://securityvulnerability.io/vulnerability/CVE-2024-12086,File Enumeration Vulnerability in rsync by Red Hat,"A vulnerability in rsync has been identified that allows a server to expose the contents of files located on a client's machine. This issue arises during the process of file synchronization, where the rsync server transmits checksums of its local files to a client for comparison, determining which files need to be transferred. By exploiting this vulnerability, an attacker can craft specific checksum values to coax the rsync server into divulging sensitive information about arbitrary files. This enables a potential attacker to reconstruct the data from these files byte by byte, posing a significant risk to the integrity and confidentiality of sensitive information.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T17:37:54.960Z,0
CVE-2024-12698,https://securityvulnerability.io/vulnerability/CVE-2024-12698,Incomplete Protection in Rapid Reset for Red Hat's ose-olm-catalogd-container,"CVE-2024-12698 represents a security vulnerability concerning the ose-olm-catalogd-container, identified by Red Hat. This issue stems from an inadequate resolution of the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487), where the focus was solely on unauthenticated streams, leaving authenticated streams vulnerable. As a result, the protocol does not fully secure all data streams, exposing systems to potential unauthorized access and manipulation by malicious actors. Users of affected versions are strongly encouraged to apply the latest security updates to mitigate risks associated with this threat.",Red Hat,Red Hat Openshift Container Platform 4,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-12-18T05:15:00.000Z,0
CVE-2024-12401,https://securityvulnerability.io/vulnerability/CVE-2024-12401,Cert-Manager Vulnerability Permits CPU-Based DoS Attack,"A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.",Red Hat,"Cert-manager Operator For Red Hat Openshift,Cryostat 3,Multicluster Engine For Kubernetes,Openshift Serverless,Red Hat Connectivity Link,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Gitops",4.4,MEDIUM,0.0021299999207258224,false,,false,false,false,,,false,false,,2024-12-12T09:06:03.612Z,0
CVE-2024-50312,https://securityvulnerability.io/vulnerability/CVE-2024-50312,Graphql: information disclosure via graphql introspection in openshift,"A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.",Red Hat,"Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-22T14:15:00.000Z,0
CVE-2024-50311,https://securityvulnerability.io/vulnerability/CVE-2024-50311,Graphql: denial of service (dos) vulnerability via graphql batching,"A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.",Red Hat,Red Hat Openshift Container Platform 4,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-22T14:15:00.000Z,0
CVE-2024-9676,https://securityvulnerability.io/vulnerability/CVE-2024-9676,Podman Vulnerable to Symlink Traversal Attack,"A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.",Red Hat,",Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Openshift Developer Tools And Services,Red Hat Openshift Container Platform 4,Red Hat Quay 3",6.5,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2024-10-15T15:27:33.665Z,0
CVE-2024-7207,https://securityvulnerability.io/vulnerability/CVE-2024-7207,Envoy Proxy Vulnerability Allows Header Manipulation and Request Forgery,"The vulnerability identified has been marked as a duplicate of CVE-2024-45806, suggesting a redundancy in reporting. However, it is critical to monitor and address any existing weaknesses in Envoy Proxy that may arise from overlapping vulnerabilities. Users and system administrators should stay informed about security advisories from the Envoy Project to ensure all systems running Envoy are updated and compliant with the latest security practices.",Red Hat,Openshift Service Mesh 2,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-19T22:17:51.582Z,0
CVE-2024-8418,https://securityvulnerability.io/vulnerability/CVE-2024-8418,Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service,"Aardvark-dns has a vulnerability that allows attackers to conduct Denial of Service (DoS) attacks through improper handling of TCP DNS queries. The flaw arises from the serial processing of these queries, which permits an attacker to maintain a TCP connection indefinitely. This behavior can lead to the DNS server becoming unresponsive as legitimate queries time out, greatly affecting DNS service availability and disrupting normal operations for users.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",7.5,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-04T15:15:00.000Z,0
CVE-2024-43168,https://securityvulnerability.io/vulnerability/CVE-2024-43168,Unbound: heap-buffer-overflow in unbound,"A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-43167,https://securityvulnerability.io/vulnerability/CVE-2024-43167,Segmentation Fault Vulnerability in Unbound's ub_ctx_set_fwd Function,"A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",2.8,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7557,https://securityvulnerability.io/vulnerability/CVE-2024-7557,Authentication Bypass and Privilege Escalation Vulnerability in OpenShift AI,"In OpenShift AI, a vulnerability exists that permits authentication bypass and privilege escalation across models within the same namespace. This concern arises during AI model deployment, where the user interface allows the configuration of authentication for models. Unfortunately, tokens from one model are inadvertently usable for accessing other models and APIs within the same namespace. The vulnerability is exacerbated by the exposure of ServiceAccount tokens in the UI, enabling malicious users to exploit these tokens through commands like 'oc --token={token}', thereby gaining unauthorized access to resources and elevating privileges significantly.",Red Hat,"Red Hat Openshift Ai (rhoai),Red Hat Openshift Data Science (rhods)",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7409,https://securityvulnerability.io/vulnerability/CVE-2024-7409,QEMU NBD Server Vulnerability: DoS Attack via Socket Closure,A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.,Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.15,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",,,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-05T13:19:27.498Z,0