CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-3056 – Podman: kernel: containers in shared ipc namespace are vulnerable to denial of service attack
https://notcve.org/view.php?id=CVE-2024-3056
02 Aug 2024 — A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all co... • https://access.redhat.com/security/cve/CVE-2024-3056 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7079 – Openshift-console: unauthenticated installation of helm charts
https://notcve.org/view.php?id=CVE-2024-7079
24 Jul 2024 — A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint. • https://access.redhat.com/security/cve/CVE-2024-7079 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.1EPSS: 83%CPEs: 54EXPL: 99CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
01 Jul 2024 — A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anter... • https://packetstorm.news/files/id/179290 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-5154 – Cri-o: malicious container can create symlink on host
https://notcve.org/view.php?id=CVE-2024-5154
12 Jun 2024 — A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. Se encontró un defecto en cri-o. Un contenedor malicioso puede crear un enlace simbólico que apunte a un directorio o archivo arbitrario en el host mediante el directory traversal (“../”). • https://access.redhat.com/errata/RHSA-2024:3676 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5037 – Openshift/telemeter: iss check during jwt authentication can be bypassed
https://notcve.org/view.php?id=CVE-2024-5037
05 Jun 2024 — A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. Se encontró una falla en Telemeter de OpenShift. Si se cumplen ciertas condiciones, un atacante puede usar un token falsificado para evitar la verificación del problema ("iss") durante la autenticación del token web JSON (JWT). Red Hat OpenShift Container Platform release 4.16.1 is now available with updates to package... • https://access.redhat.com/errata/RHSA-2024:4151 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.3EPSS: 0%CPEs: 44EXPL: 0CVE-2024-3727 – Containers/image: digest type does not guarantee valid type
https://notcve.org/view.php?id=CVE-2024-3727
09 May 2024 — A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. Se encontró una falla en la librería github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario víctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques. Red Hat ... • https://access.redhat.com/errata/RHSA-2024:0045 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 1%CPEs: 38EXPL: 0CVE-2024-1394 – Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
https://notcve.org/view.php?id=CVE-2024-1394
21 Mar 2024 — A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fa... • https://access.redhat.com/errata/RHSA-2024:1462 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-1725 – Kubevirt-csi: persistentvolume allows access to hcp's root node
https://notcve.org/view.php?id=CVE-2024-1725
07 Mar 2024 — A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node. Se encontró una falla en el componente kubevirt-csi del plano de control alojado (HCP) de OpenShift Virtualization. Este problema podría permitir que un atacante autenticado obtenga acceso al volumen del nodo trabajador HCP raí... • https://access.redhat.com/errata/RHSA-2024:1559 • CWE-501: Trust Boundary Violation •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2023-6291 – Keycloak: redirect_uri validation bypass
https://notcve.org/view.php?id=CVE-2023-6291
26 Jan 2024 — A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. Se encontró un fallo en la lógica de validación de redirect_uri en Keycloak. Este problema puede permitir la omisión de hosts permitidos explícitamente. • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6476 – Cri-o: pods are able to break out of resource confinement on cgroupv2
https://notcve.org/view.php?id=CVE-2023-6476
09 Jan 2024 — A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node. Se encontró una falla en CRI-O que involucra una anotación experimental que lleva a que un contenedor no esté confinado. Esto puede permitir que un pod especifique y obtenga cualquier cantidad de memoria/CPU, eludiendo el programador de ... • https://access.redhat.com/errata/RHSA-2024:0195 • CWE-770: Allocation of Resources Without Limits or Throttling •