CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2025-0678 – Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data
https://notcve.org/view.php?id=CVE-2025-0678
03 Mar 2025 — A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during d... • https://access.redhat.com/security/cve/CVE-2025-0678 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2024-45782 – Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)
https://notcve.org/view.php?id=CVE-2024-45782
03 Mar 2025 — A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass. • https://access.redhat.com/security/cve/CVE-2024-45782 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50312 – Graphql: information disclosure via graphql introspection in openshift
https://notcve.org/view.php?id=CVE-2024-50312
22 Oct 2024 — A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation. • https://access.redhat.com/security/cve/CVE-2024-50312 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50311 – Graphql: denial of service (dos) vulnerability via graphql batching
https://notcve.org/view.php?id=CVE-2024-50311
22 Oct 2024 — A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users. • https://access.redhat.com/security/cve/CVE-2024-50311 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 6%CPEs: 38EXPL: 0CVE-2024-9676 – Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)
https://notcve.org/view.php?id=CVE-2024-9676
15 Oct 2024 — A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to r... • https://access.redhat.com/errata/RHSA-2024:10289 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 0%CPEs: 43EXPL: 0CVE-2024-9675 – Buildah: buildah allows arbitrary directory mount
https://notcve.org/view.php?id=CVE-2024-9675
09 Oct 2024 — A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 U... • https://access.redhat.com/security/cve/CVE-2024-9675 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 1%CPEs: 23EXPL: 0CVE-2024-9341 – Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
https://notcve.org/view.php?id=CVE-2024-9341
01 Oct 2024 — A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. Red Hat OpenShift Container Platform release 4.15.... • https://access.redhat.com/security/cve/CVE-2024-9341 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2024-9355 – Golang-fips: golang fips zeroed buffer
https://notcve.org/view.php?id=CVE-2024-9355
01 Oct 2024 — A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This... • https://access.redhat.com/security/cve/CVE-2024-9355 • CWE-457: Use of Uninitialized Variable •
CVSS: 6.8EPSS: 69%CPEs: 11EXPL: 0CVE-2024-8883 – Keycloak: vulnerable redirect uri validation results in open redirec
https://notcve.org/view.php?id=CVE-2024-8883
19 Sep 2024 — A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking. A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common V... • https://access.redhat.com/security/cve/CVE-2024-8883 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-4629 – Keycloak: potential bypass of brute force protection
https://notcve.org/view.php?id=CVE-2024-4629
03 Sep 2024 — A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems. New images are available for Red Hat build of Keycloak 22.0.12 and ... • https://access.redhat.com/security/cve/CVE-2024-4629 • CWE-837: Improper Enforcement of a Single, Unique Action •