Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 61 |
| CVE-ID | CVE-2025-22868 CVE-2025-32462 CVE-2025-22871 CVE-2019-12900 CVE-2020-11023 CVE-2021-43618 CVE-2022-48468 CVE-2022-48554 CVE-2022-49043 CVE-2022-49846 CVE-2023-7104 CVE-2023-22745 CVE-2023-29491 CVE-2023-37920 CVE-2023-52477 CVE-2023-52565 CVE-2023-52595 CVE-2023-52781 CVE-2023-52834 CVE-2024-2236 CVE-2024-3596 CVE-2024-3651 CVE-2024-5535 CVE-2024-6345 CVE-2024-11187 CVE-2024-11614 CVE-2024-12085 CVE-2024-12133 CVE-2024-12243 CVE-2024-12718 CVE-2024-23337 CVE-2024-24806 CVE-2024-26717 CVE-2024-28182 CVE-2024-34397 CVE-2024-35790 CVE-2024-35807 CVE-2024-35924 CVE-2024-36006 CVE-2024-36940 CVE-2024-37891 CVE-2024-38428 CVE-2024-39471 CVE-2024-41092 CVE-2024-41097 CVE-2024-43880 CVE-2024-46826 CVE-2024-50602 CVE-2024-54661 CVE-2024-56171 CVE-2024-56614 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4517 CVE-2025-4802 CVE-2025-6020 CVE-2025-6032 CVE-2025-22126 CVE-2025-24928 CVE-2025-48060 |
| CWE-ID | CWE-400 CWE-693 CWE-444 CWE-787 CWE-79 CWE-190 CWE-125 CWE-416 CWE-119 CWE-345 CWE-908 CWE-667 CWE-682 CWE-208 CWE-327 CWE-94 CWE-457 CWE-22 CWE-918 CWE-476 CWE-20 CWE-399 CWE-415 CWE-200 CWE-377 CWE-59 CWE-440 CWE-426 CWE-284 CWE-295 CWE-121 CWE-122 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Vulnerability #5 is being exploited in the wild. Public exploit code for vulnerability #21 is available. Public exploit code for vulnerability #23 is available. |
| Vulnerable software |
Red Hat OpenShift Container Platform Client/Desktop applications / Software for system administration |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 61 vulnerability.
1) Resource exhaustion
EUVDB-ID: #VU105461
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-22868
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the jws package does not properly control consumption of internal resources when handling malformed tokens. A remote attacker can pass a malformed JWT token to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Protection mechanism failure
EUVDB-ID: #VU112067
Risk: Low
CVSSv4.0: 6.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2025-32462
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient implementation of security measures when running sudo with -h (--host) option. If the current configuration provides access to users based on the host they are allowed to execute commands, a local user can bypass such a restriction by providing the hostname via the "-h" option they are allowed to execute commands. The vulnerability affects systems that use a common sudoers file that is distributed to multiple machines or when LDAP-based sudoers (including SSSD) is used.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU107019
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-22871
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when handling chunked data in net/http. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU19178
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-12900
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU27519
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:A/U:Clear]
CVE-ID: CVE-2020-11023
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when passing <option> elements to jQuery’s DOM manipulation methods. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
6) Integer overflow
EUVDB-ID: #VU63553
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-43618
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU75482
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-48468
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within parse_required_member() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU80421
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48554
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the file_copystr() function in funcs.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and crash the application.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU103502
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-49043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the xmlXIncludeAddNode() function in xinclude.c. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and crash the application or potentially execute arbitrary code.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU108250
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49846
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the udf_find_entry() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU84985
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-7104
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sessionReadRecord() function in ext/session/sqlite3session.c when processing a corrupt changeset. A remote user can send a specially crafted request to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU71458
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-22745
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in "Tss2_RC_SetHandler" and "Tss2_RC_Decode". A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU75141
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29491
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Insufficient verification of data authenticity
EUVDB-ID: #VU79296
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37920
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exist due to software recognizes "e-Tugra" root certificates, which were subject to an investigation prompted by reporting of security issues in their systems. An attacker with ability to generate certificates signed with the compromised "e-Tugra" root certificate can perform MitM attack.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use of uninitialized resource
EUVDB-ID: #VU89393
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52477
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU90351
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52565
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the uvc_query_v4l2_menu() function in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU90803
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Incorrect calculation
EUVDB-ID: #VU93611
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52781
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the usb_get_bos_descriptor() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU93304
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52834
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the atl1c_set_mac_addr(), atl1c_init_ring_ptrs(), atl1c_free_ring_resources(), atl1c_rx_checksum() and atl1c_alloc_rx_buffer() functions in drivers/net/ethernet/atheros/atl1c/atl1c_main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Information Exposure Through Timing Discrepancy
EUVDB-ID: #VU87339
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2236
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to an error in libgcrypt's RSA implementation. A remote attacker can initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU94063
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-3596
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in RADIUS Protocol. A remote user can perform a man-in-the-middle (MitM) attack and gain access to target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
22) Resource exhaustion
EUVDB-ID: #VU88828
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-3651
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU93424
Risk: Low
CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-5535
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the SSL_select_next_proto() function when using NPN. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
24) Code Injection
EUVDB-ID: #VU95339
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6345
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Resource exhaustion
EUVDB-ID: #VU103436
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-11187
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling DNS zones with numerous records in the Additional section. A remote attacker can trigger resource exhaustion by sending multiple queries to he affected server and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU101871
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2024-11614
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the Vhost library checksum offload feature. A malicious guest can forge Virtio descriptors to trigger an out-of-bounds read and crash the hypervisor's vSwitch.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use of Uninitialized Variable
EUVDB-ID: #VU102730
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-12085
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to information leak when comparing file checksums. A remote attacker can pass specially crafted data to the daemon and read 1 byte of uninitialized memory from stack.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Resource exhaustion
EUVDB-ID: #VU103980
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-12133
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources processing a large number of SEQUENCE OF or SET OF elements in a certificate. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Resource exhaustion
EUVDB-ID: #VU104044
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-12243
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to libtasn1 does not properly control consumption of internal resources when decoding certain DER-encoded certificate data. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Path traversal
EUVDB-ID: #VU111969
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-12718
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify arbitrary files on the system.
The vulnerability exists due to input validation error in the tarfile module. A remote attacker can pass a specially crafted archive to the application and modify some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Integer overflow
EUVDB-ID: #VU111913
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-23337
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in src/jv.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU86707
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-24806
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input when handling hostnames longer than 256 characters within the uv_getaddrinfo() function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c. A remote attacker can pass a specially crafted hostname to the application, which can be resolved to an attacker controlled IP address and initiate unauthorized requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU93058
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26717
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_hid_of_probe() function in drivers/hid/i2c-hid/i2c-hid-of.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Input validation error
EUVDB-ID: #VU88144
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28182
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to reading the unbounded number of HTTP/2 CONTINUATION frames. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Insufficient verification of data authenticity
EUVDB-ID: #VU89351
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-34397
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU90554
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35790
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hpd_show(), dp_altmode_probe(), dp_altmode_remove() and module_typec_altmode_driver() functions in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Resource management error
EUVDB-ID: #VU93270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35807
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU93623
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35924
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ucsi_read_message_in(), ucsi_read_error(), ucsi_send_command() and ucsi_register() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Resource management error
EUVDB-ID: #VU93838
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36006
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Information disclosure
EUVDB-ID: #VU92262
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37891
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Prox-Authorization header is not stripped during cross-origin redirects when using urllib3's proxy support with ProxyManager. A remote attacker can gain obtain proxy credentials used by the library.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU93077
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38428
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper input validation of URL when parsing strings with semicolons within the scheme_leading_string() function in url.c. A remote attacker can pass a specially crafted URL to the application and influence its behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU93326
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39471
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU94938
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41092
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Resource management error
EUVDB-ID: #VU95067
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41097
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Resource management error
EUVDB-ID: #VU96305
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Input validation error
EUVDB-ID: #VU97839
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46826
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU99614
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-50602
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the XML_ResumeParser function. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Insecure temporary file
EUVDB-ID: #VU101797
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54661
CWE-ID:
CWE-377 - Insecure Temporary File
Exploit availability: No
DescriptionThe vulnerability allows a local user to overwrite arbitrary files on the system.
The vulnerability exists due to usage of a predictable temporary file name in readline.sh. A local user can create a symbolic link from the temporary file to an arbitrary files on the system and overwrite it with the application's output, corrupting the file.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU104099
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-56171
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the xmlSchemaIDCFillNodeTables() and xmlSchemaBubbleIDCNodeTables() functions in xmlschemas.c. A remote attacker can pass specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds read
EUVDB-ID: #VU102084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56614
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_map_delete_elem() function in net/xdp/xskmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Link following
EUVDB-ID: #VU111968
Risk: High
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-4138
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory during extraction with filter="data"..
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Link following
EUVDB-ID: #VU111967
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-4330
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Expected behavior violation
EUVDB-ID: #VU111970
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-4435
CWE-ID:
CWE-440 - Expected Behavior Violation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to change expected behavior.
The vulnerability exists due to an error when using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior. A remote attacker can force the application to extract files that were meant to be skipped.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Path traversal
EUVDB-ID: #VU111966
Risk: High
CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-4517
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error in the tarfile module when extracting files from an archive with filter="data". A remote attacker can pass specially crafted archive to the application and write files to arbitrary locations on the system outside the extraction directory.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Untrusted search path
EUVDB-ID: #VU109844
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-4802
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted LD_LIBRARY_PATH environment variable. A local user can use the LD_LIBRARY_PATH environment variable to point to a malicious binary and execute arbitrary code with escalated privileges.
The vulnerability affects statically linked setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improper access control
EUVDB-ID: #VU111389
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-6020
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions within the pam_namespace module when handling user-controlled paths. A local user can use specially crafted symlinks and race conditions to execute arbitrary code as root.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper Certificate Validation
EUVDB-ID: #VU111945
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-6032
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. A remote attacker can perform MitM attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU107662
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22126
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mddev_put(), md_seq_show(), EXPORT_SYMBOL_GPL(), md_notify_reboot(), md_autostart_arrays() and md_exit() functions in drivers/md/md.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Stack-based buffer overflow
EUVDB-ID: #VU104098
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24928
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xmlSnprintfElements() function in valid.c. A remote attacker can pass specially crafted XML data to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Heap-based buffer overflow
EUVDB-ID: #VU111912
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-48060
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the jv_string_vfmt() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.16.44
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2025:10781
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
