CVE-2024-9453
- EPSS 0.04%
- Published 04.07.2025 08:36:35
- Last modified 18.08.2025 19:02:46
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a mal...
CVE-2024-1485
- EPSS 0.81%
- Published 14.02.2024 00:15:46
- Last modified 21.11.2024 08:50:41
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious a...
CVE-2023-48795
- EPSS 64.06%
- Published 18.12.2023 16:15:10
- Last modified 29.09.2025 21:56:10
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...
CVE-2023-44487
- EPSS 94.44%
- Published 10.10.2023 14:15:10
- Last modified 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-2253
- EPSS 0.09%
- Published 06.06.2023 20:15:12
- Last modified 07.01.2025 22:15:29
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large ...