Redhat

Openshift Container Platform

274 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2024-45782

  • EPSS 0.03%
  • Veröffentlicht 03.03.2025 17:15:12
  • Zuletzt bearbeitet 25.03.2025 05:15:39

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue ...

6.8

CVE-2025-26465

Medienbericht
  • EPSS 63.39%
  • Veröffentlicht 18.02.2025 19:15:29
  • Zuletzt bearbeitet 03.11.2025 22:18:41

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in spec...

6.6

CVE-2025-0750

  • EPSS 0.06%
  • Veröffentlicht 28.01.2025 10:15:09
  • Zuletzt bearbeitet 11.02.2025 12:15:34

A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level ...

7.5

CVE-2024-12085

Exploit
  • EPSS 13.04%
  • Veröffentlicht 14.01.2025 18:15:25
  • Zuletzt bearbeitet 20.11.2025 21:15:59

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of un...

6.8

CVE-2024-12086

Exploit
  • EPSS 0.47%
  • Veröffentlicht 14.01.2025 18:15:25
  • Zuletzt bearbeitet 03.11.2025 22:16:39

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send chec...

7.5

CVE-2024-12088

  • EPSS 2.53%
  • Veröffentlicht 14.01.2025 18:15:25
  • Zuletzt bearbeitet 03.11.2025 22:16:39

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, w...

6.5

CVE-2024-12698

  • EPSS 0.22%
  • Veröffentlicht 18.12.2024 05:15:07
  • Zuletzt bearbeitet 25.02.2025 08:15:28

An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources.

5.3

CVE-2024-6538

  • EPSS 0.31%
  • Veröffentlicht 25.11.2024 07:15:06
  • Zuletzt bearbeitet 07.11.2025 01:15:36

A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exp...

7.7

CVE-2024-0793

  • EPSS 0.14%
  • Veröffentlicht 17.11.2024 11:15:06
  • Zuletzt bearbeitet 18.11.2024 17:11:17

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.

4.9

CVE-2024-11217

  • EPSS 0.16%
  • Veröffentlicht 15.11.2024 21:15:06
  • Zuletzt bearbeitet 18.11.2024 17:11:56

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.