Redhat Openshift Container Platform vulnerabilities

CVE-2025-6021 [HIGH] CWE-787 CVE-2025-6021: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calcula A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

CVE-2025-5914 [HIGH] CWE-190 CVE-2025-5914: A vulnerability has been identified in the libarchive library, specifically within the archive_read_ A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a

CVE-2025-5918 [MEDIUM] CWE-125 CVE-2025-5918: A vulnerability has been identified in the libarchive library. This flaw can be triggered when file A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CVE-2025-5916 [MEDIUM] CWE-190 CVE-2025-5916: A vulnerability has been identified in the libarchive library. This flaw involves an integer overflo A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior,

CVE-2025-5917 [MEDIUM] CWE-787 CVE-2025-5917: A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' mi A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstan

CVE-2025-5915 [MEDIUM] CWE-122 CVE-2025-5915: A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer o A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (de

CVE-2025-4598 [MEDIUM] CWE-364 CVE-2025-4598: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type o

CVE-2024-45782 [HIGH] CWE-787 CVE-2024-45782: A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HF A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually

CVE-2025-0678 [HIGH] CWE-190 CVE-2025-0678: A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module use A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it

CVE-2024-45778 [MEDIUM] CWE-190 CVE-2024-45778: A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

CVE-2025-26465 [MEDIUM] CWE-390 CVE-2025-26465: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-m A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker

CVE-2024-12088 [HIGH] CWE-22 CVE-2024-12088: A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

CVE-2024-12085 [HIGH] CWE-908 CVE-2024-12085: A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw all A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVE-2024-12086 [MEDIUM] CWE-390 CVE-2024-12086: A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file fr A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to

CVE-2024-50312 [MEDIUM] CWE-200 CVE-2024-50312: A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection qu A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's Graph

CVE-2024-50311 [MEDIUM] CWE-770 CVE-2024-50311: A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploi A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consu

CVE-2024-9676 [MEDIUM] CWE-22 CVE-2024-9676: A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the co A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/sto

CVE-2024-9675 [MEDIUM] CWE-22 CVE-2024-9675: A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified path A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

CVE-2024-9341 [HIGH] CWE-59 CVE-2024-9341: A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly ha A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attacker

CVE-2024-8883 [MEDIUM] CWE-601 CVE-2024-8883: A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.