Total
318116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1102 | 2 Jberet, Redhat | 7 Jberet, Build Keycloak, Jboss Data Grid and 4 more | 2025-11-11 | 6.5 Medium |
| A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection. | ||||
| CVE-2024-1459 | 1 Redhat | 8 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Bpms Platform and 5 more | 2025-11-11 | 5.3 Medium |
| A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. | ||||
| CVE-2025-5914 | 2 Libarchive, Redhat | 16 Libarchive, Cert Manager, Confidential Compute Attestation and 13 more | 2025-11-11 | 7.3 High |
| A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | ||||
| CVE-2025-1634 | 1 Redhat | 3 Amq Streams, Camel Quarkus, Quarkus | 2025-11-11 | 7.5 High |
| A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError. | ||||
| CVE-2025-1247 | 1 Redhat | 2 Camel Quarkus, Quarkus | 2025-11-11 | 8.3 High |
| A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information. | ||||
| CVE-2024-1488 | 2 Fedoraproject, Redhat | 23 Unbound, Codeready Linux Builder, Codeready Linux Builder Eus and 20 more | 2025-11-11 | 8 High |
| A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. | ||||
| CVE-2024-7012 | 1 Redhat | 4 Satellite, Satellite Capsule, Satellite Maintenance and 1 more | 2025-11-11 | 9.8 Critical |
| An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. | ||||
| CVE-2024-6508 | 1 Redhat | 1 Openshift | 2025-11-11 | 8 High |
| An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions. | ||||
| CVE-2024-5037 | 1 Redhat | 4 Logging, Openshift, Openshift Container Platform and 1 more | 2025-11-11 | 7.5 High |
| A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. | ||||
| CVE-2024-45496 | 1 Redhat | 1 Openshift | 2025-11-11 | 9.9 Critical |
| A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container. | ||||
| CVE-2024-7387 | 1 Redhat | 1 Openshift | 2025-11-11 | 9.1 Critical |
| A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container. | ||||
| CVE-2024-2419 | 1 Redhat | 1 Build Keycloak | 2025-11-11 | 7.1 High |
| A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291. | ||||
| CVE-2025-9713 | 1 Ivanti | 1 Endpoint Manager | 2025-11-11 | 8.8 High |
| Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2025-61984 | 1 Openbsd | 1 Openssh | 2025-11-11 | 3.6 Low |
| ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) | ||||
| CVE-2025-58726 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-11-11 | 7.5 High |
| Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-54115 | 1 Microsoft | 15 Hyper-v, Windows, Windows 10 and 12 more | 2025-11-11 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-11622 | 1 Ivanti | 1 Endpoint Manager | 2025-11-11 | 7.8 High |
| Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2023-6563 | 1 Redhat | 9 Build Keycloak, Enterprise Linux, Keycloak and 6 more | 2025-11-11 | 7.7 High |
| An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system. | ||||
| CVE-2024-25420 | 1 Igniterealtime | 1 Openfire | 2025-11-11 | 7.2 High |
| An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. | ||||
| CVE-2025-12105 | 1 Redhat | 1 Enterprise Linux | 2025-11-11 | 7.5 High |
| A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition. | ||||