CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-4432 – Ring: some aes functions may panic when overflow checking is enabled in ring
https://notcve.org/view.php?id=CVE-2025-4432
09 May 2025 — A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received. • https://access.redhat.com/security/cve/CVE-2025-4432 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-4382 – Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm
https://notcve.org/view.php?id=CVE-2025-4382
09 May 2025 — A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may al... • https://access.redhat.com/security/cve/CVE-2025-4382 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3528 – Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry
https://notcve.org/view.php?id=CVE-2025-3528
09 May 2025 — A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. • https://access.redhat.com/security/cve/CVE-2025-3528 • CWE-276: Incorrect Default Permissions •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-3576 – Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
https://notcve.org/view.php?id=CVE-2025-3576
15 Apr 2025 — A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. • https://access.redhat.com/security/cve/CVE-2025-3576 • CWE-328: Use of Weak Hash •
CVSS: 3.7EPSS: 0%CPEs: 10EXPL: 0CVE-2025-3416 – Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
https://notcve.org/view.php?id=CVE-2025-3416
08 Apr 2025 — A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. • https://access.redhat.com/security/cve/CVE-2025-3416 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2842 – Tempo-operator: tempo operator token exposition lead to read sensitive data
https://notcve.org/view.php?id=CVE-2025-2842
02 Apr 2025 — A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be exploited if a user has 'create' permissions on TempoStack and 'get' permissions on Secret in a namespace (for example, a user has ClusterAdmin permissions for a specific namespace), as the user can read the token o... • https://access.redhat.com/security/cve/CVE-2025-2842 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2786 – Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator
https://notcve.org/view.php?id=CVE-2025-2786
02 Apr 2025 — A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gatherin... • https://access.redhat.com/security/cve/CVE-2025-2786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2586 – Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion
https://notcve.org/view.php?id=CVE-2025-2586
31 Mar 2025 — A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability. • https://access.redhat.com/security/cve/CVE-2025-2586 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7631 – Openshift-console: openshift console: path traversal
https://notcve.org/view.php?id=CVE-2024-7631
19 Mar 2025 — A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths. • https://access.redhat.com/security/cve/CVE-2024-7631 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 1CVE-2024-8176 – Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
https://notcve.org/view.php?id=CVE-2024-8176
14 Mar 2025 — A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. It was discovered that Expat could crash due to stack overflow when p... • https://github.com/uthrasri/Expat_2.6.2_CVE-2024-8176 • CWE-674: Uncontrolled Recursion •