Redhat

Openshift

166 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.12%
  • Veröffentlicht 12.06.2026 09:42:36
  • Zuletzt bearbeitet 12.06.2026 16:06:17

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a ma...

  • EPSS 0.33%
  • Veröffentlicht 04.06.2026 12:04:49
  • Zuletzt bearbeitet 30.06.2026 03:17:08

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-s...

  • EPSS 0.18%
  • Veröffentlicht 28.04.2026 12:33:55
  • Zuletzt bearbeitet 07.05.2026 02:16:00

A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantia...

Exploit
  • EPSS 0.99%
  • Veröffentlicht 01.04.2026 13:18:55
  • Zuletzt bearbeitet 26.05.2026 16:16:23

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading ...

Exploit
  • EPSS 0.87%
  • Veröffentlicht 01.04.2026 13:18:53
  • Zuletzt bearbeitet 26.05.2026 16:16:23

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to a...

  • EPSS 0.5%
  • Veröffentlicht 11.12.2025 07:16:00
  • Zuletzt bearbeitet 30.06.2026 00:16:53

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribu...

  • EPSS 1.01%
  • Veröffentlicht 05.09.2025 19:54:30
  • Zuletzt bearbeitet 02.07.2026 17:16:57

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful...

  • EPSS 0.22%
  • Veröffentlicht 20.08.2025 12:19:18
  • Zuletzt bearbeitet 15.04.2026 00:35:42

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this f...

  • EPSS 0.19%
  • Veröffentlicht 16.06.2025 15:24:05
  • Zuletzt bearbeitet 08.07.2026 15:16:24

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow...

  • EPSS 0.51%
  • Veröffentlicht 31.03.2025 12:15:15
  • Zuletzt bearbeitet 25.06.2026 23:17:00

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead t...