CVE-2024-9675
- EPSS 0.39%
- Veröffentlicht 09.10.2024 15:15:17
- Zuletzt bearbeitet 29.06.2026 21:16:30
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/w...
CVE-2024-9341
- EPSS 0.97%
- Veröffentlicht 01.10.2024 19:15:09
- Zuletzt bearbeitet 11.12.2024 04:15:06
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and tri...
CVE-2024-8883
- EPSS 1.96%
- Veröffentlicht 19.09.2024 16:15:06
- Zuletzt bearbeitet 26.11.2024 19:15:32
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes...
CVE-2024-4629
- EPSS 0.79%
- Veröffentlicht 03.09.2024 20:15:09
- Zuletzt bearbeitet 21.11.2024 09:43:14
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed...
CVE-2024-3056
- EPSS 0.51%
- Veröffentlicht 02.08.2024 21:16:30
- Zuletzt bearbeitet 27.12.2024 16:15:24
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious ...
CVE-2024-7079
- EPSS 0.36%
- Veröffentlicht 24.07.2024 16:15:07
- Zuletzt bearbeitet 21.11.2024 09:50:50
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middl...
CVE-2024-6387
- EPSS 99.51%
- Veröffentlicht 01.07.2024 13:15:06
- Zuletzt bearbeitet 12.05.2026 12:17:20
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to aut...
CVE-2024-5154
- EPSS 1.24%
- Veröffentlicht 12.06.2024 09:15:19
- Zuletzt bearbeitet 23.06.2025 14:15:26
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
CVE-2024-5037
- EPSS 0.81%
- Veröffentlicht 05.06.2024 18:15:11
- Zuletzt bearbeitet 21.11.2024 09:46:49
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
CVE-2024-0874
- EPSS 0.76%
- Veröffentlicht 25.04.2024 17:15:47
- Zuletzt bearbeitet 15.04.2026 00:35:42
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.