cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0750,https://securityvulnerability.io/vulnerability/CVE-2025-0750,Path Traversal Vulnerability in CRI-O Affects Node-Level Operations,"A significant vulnerability exists in the CRI-O log management functionalities, specifically within the UnMountPodLogs and LinkContainerLogs methods. This flaw allows a malicious actor, possessing the necessary permissions to create and delete Pods, to exploit path traversal techniques. By doing so, they may unmount arbitrary host paths, potentially compromising node stability and availability. Such actions could culminate in a denial of service at the node level, impacting the integrity and performance of critical system directories.",Red Hat,"Red Hat Openshift Container Platform 4.17,Red Hat Openshift Container Platform 4",6.6,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-28T09:29:30.831Z,0
CVE-2024-11218,https://securityvulnerability.io/vulnerability/CVE-2024-11218,Container Breakout Vulnerability in Podman and Buildah,"A vulnerability exists in Podman and Buildah that allows for a container breakout, particularly when using the '--jobs=2' option during the build process of a malicious Containerfile. This vulnerability exploits a race condition that may lead to the exposure of files and directories on the host system. Though using SELinux can provide some degree of mitigation, it does not completely prevent the enumeration of sensitive host file systems, posing a risk for affected users.",Red Hat,"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Red Hat Enterprise Linux 8,Red Hat Openshift Container Platform 4",8.6,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-22T04:55:30.649Z,359
CVE-2024-12085,https://securityvulnerability.io/vulnerability/CVE-2024-12085,Rsync Daemon Memory Leak Vulnerability in Red Hat Products,"A vulnerability exists in the rsync daemon which can be exploited during the comparison of file checksums. An attacker can manipulate the checksum length, leading to potential leaks of one byte of uninitialized stack data at a time. This weakness could allow unauthorized access to sensitive information in memory, posing a security risk to affected systems.",Red Hat,"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - Extension,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.15,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Rhol-5.9-rhel-9",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,242
CVE-2024-50312,https://securityvulnerability.io/vulnerability/CVE-2024-50312,Graphql: information disclosure via graphql introspection in openshift,"A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.",Red Hat,"Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-22T14:15:00.000Z,0
CVE-2024-9676,https://securityvulnerability.io/vulnerability/CVE-2024-9676,Podman Vulnerable to Symlink Traversal Attack,"A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.",Red Hat,",Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Openshift Developer Tools And Services,Red Hat Openshift Container Platform 4,Red Hat Quay 3",6.5,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2024-10-15T15:27:33.665Z,0