Openshift Container Platform For Ibm Z
Monthly
Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and high-availability impacts through integer overflow in escaped string length calculation. The vulnerability affects Red Hat Enterprise Linux 9.0 and 10.0 across multiple architectures (x86_64, ARM64, IBM Z, PowerPC). Vendor patches are available via multiple RHSA advisories. Publicly available exploit code exists, but EPSS score remains extremely low (0.01%, 1st percentile), suggesting minimal real-world exploitation activity despite the availability of technical details.
Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affected systems via crafted XML input. The vulnerability affects libxml2 directly and downstream Red Hat products including OpenShift Container Platform 4.12-4.19, RHEL 7-10, and JBoss Core Services. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), EPSS 0.75% (73rd percentile), and publicly available exploit code, this represents a moderate real-world risk focused on availability disruption rather than code execution or data compromise.
A misconfiguration flaw was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Keycloak's device authorization grant does not correctly validate the device code and client ID. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and high-availability impacts through integer overflow in escaped string length calculation. The vulnerability affects Red Hat Enterprise Linux 9.0 and 10.0 across multiple architectures (x86_64, ARM64, IBM Z, PowerPC). Vendor patches are available via multiple RHSA advisories. Publicly available exploit code exists, but EPSS score remains extremely low (0.01%, 1st percentile), suggesting minimal real-world exploitation activity despite the availability of technical details.
Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affected systems via crafted XML input. The vulnerability affects libxml2 directly and downstream Red Hat products including OpenShift Container Platform 4.12-4.19, RHEL 7-10, and JBoss Core Services. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), EPSS 0.75% (73rd percentile), and publicly available exploit code, this represents a moderate real-world risk focused on availability disruption rather than code execution or data compromise.
A misconfiguration flaw was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Keycloak's device authorization grant does not correctly validate the device code and client ID. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.