Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
1092 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6395 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 6.5 Medium |
| A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). | ||||
| CVE-2025-7519 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 6.7 Medium |
| A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly. | ||||
| CVE-2025-8114 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 4.7 Medium |
| A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. | ||||
| CVE-2025-26466 | 4 Canonical, Debian, Openbsd and 1 more | 5 Ubuntu Linux, Debian Linux, Openssh and 2 more | 2025-07-25 | 5.9 Medium |
| A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. | ||||
| CVE-2025-26465 | 4 Debian, Netapp, Openbsd and 1 more | 9 Debian Linux, Active Iq Unified Manager, Ontap and 6 more | 2025-07-25 | 6.8 Medium |
| A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. | ||||
| CVE-2025-0677 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 6.4 Medium |
| A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms. | ||||
| CVE-2025-0622 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 6.4 Medium |
| A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections. | ||||
| CVE-2025-4432 | 1 Redhat | 5 Enterprise Linux, Openshift, Satellite and 2 more | 2025-07-25 | 5.3 Medium |
| A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received. | ||||
| CVE-2025-4598 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 4.7 Medium |
| A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality. | ||||
| CVE-2024-8418 | 2 Containers, Redhat | 3 Aardvark-dns, Enterprise Linux, Openshift | 2025-07-24 | 7.5 High |
| A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. | ||||
| CVE-2024-6387 | 9 Amazon, Canonical, Debian and 6 more | 24 Linux 2023, Ubuntu Linux, Debian Linux and 21 more | 2025-07-24 | 8.1 High |
| A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | ||||
| CVE-2024-5154 | 2 Kubernetes, Redhat | 4 Cri-o, Enterprise Linux, Openshift and 1 more | 2025-07-24 | 8.1 High |
| A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. | ||||
| CVE-2024-7128 | 1 Redhat | 1 Openshift | 2025-07-24 | 5.3 Medium |
| A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification. | ||||
| CVE-2024-8176 | 1 Redhat | 9 Devworkspace, Discovery, Enterprise Linux and 6 more | 2025-07-23 | 7.5 High |
| A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. | ||||
| CVE-2024-11831 | 1 Redhat | 33 Acm, Advanced Cluster Security, Ansible Automation Platform and 30 more | 2025-07-23 | 5.4 Medium |
| A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package. | ||||
| CVE-2024-9676 | 1 Redhat | 20 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 17 more | 2025-07-23 | 6.5 Medium |
| A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. | ||||
| CVE-2024-3727 | 1 Redhat | 18 Acm, Advanced Cluster Security, Ansible Automation Platform and 15 more | 2025-07-23 | 8.3 High |
| A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. | ||||
| CVE-2024-9675 | 2 Buildah Project, Redhat | 21 Buildah, Enterprise Linux, Enterprise Linux Eus and 18 more | 2025-07-23 | 7.8 High |
| A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. | ||||
| CVE-2024-1394 | 1 Redhat | 23 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 20 more | 2025-07-23 | 7.5 High |
| A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. | ||||
| CVE-2025-24928 | 1 Redhat | 12 Enterprise Linux, Jboss Core Services, Network Observ Optr and 9 more | 2025-07-23 | 7.8 High |
| libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | ||||