CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-7557 – Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai
https://notcve.org/view.php?id=CVE-2024-7557
08 Aug 2024 — A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccoun... • https://access.redhat.com/security/cve/CVE-2024-7557 • CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43168 – Unbound: heap-buffer-overflow in unbound
https://notcve.org/view.php?id=CVE-2024-43168
08 Aug 2024 — A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NL... • https://access.redhat.com/security/cve/CVE-2024-43168 • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-43167 – Unbound: null pointer dereference in unbound
https://notcve.org/view.php?id=CVE-2024-43167
08 Aug 2024 — A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. DISPUTE NOTE: this issue does not pose ... • https://access.redhat.com/security/cve/CVE-2024-43167 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 25EXPL: 0CVE-2024-7409 – Qemu: denial of service via improper synchronization in qemu nbd server during socket closure
https://notcve.org/view.php?id=CVE-2024-7409
05 Aug 2024 — A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. Red Hat OpenShift Container Platform release 4.16.25 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include bypass and denial of service vulnerabilities. • https://access.redhat.com/security/cve/CVE-2024-7409 • CWE-662: Improper Synchronization •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-3056 – Podman: kernel: containers in shared ipc namespace are vulnerable to denial of service attack
https://notcve.org/view.php?id=CVE-2024-3056
02 Aug 2024 — A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all co... • https://access.redhat.com/security/cve/CVE-2024-3056 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7128 – Openshift-console: unauthenticated data exposure
https://notcve.org/view.php?id=CVE-2024-7128
26 Jul 2024 — A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification. A flaw was found in the Openshift console. • https://access.redhat.com/security/cve/CVE-2024-7128 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7079 – Openshift-console: unauthenticated installation of helm charts
https://notcve.org/view.php?id=CVE-2024-7079
24 Jul 2024 — A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint. • https://access.redhat.com/security/cve/CVE-2024-7079 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6501 – Networkmanager: denial of service
https://notcve.org/view.php?id=CVE-2024-6501
09 Jul 2024 — A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service. Se encontró un fallo en NetworkManager. Cuando un sistema ejecuta NetworkManager con registros DEBUG habilitados y una interfaz eth1 configurada con LLDP habilitado, un usuario malintencionado podría inyectar un paquete LLDP con formato incorrecto.... • https://access.redhat.com/security/cve/CVE-2024-6501 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 5%CPEs: 26EXPL: 0CVE-2024-3653 – Undertow: learningpushhandler can lead to remote memory dos attacks
https://notcve.org/view.php?id=CVE-2024-3653
08 Jul 2024 — A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request. • https://access.redhat.com/errata/RHSA-2024:4392 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.6EPSS: 72%CPEs: 14EXPL: 0CVE-2024-6409 – Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
https://notcve.org/view.php?id=CVE-2024-6409
08 Jul 2024 — A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd serve... • http://www.openwall.com/lists/oss-security/2024/07/08/2 • CWE-364: Signal Handler Race Condition •