Redhat Openshift_container_platform_for_ibm_z
10 CVEs affecting Redhat Openshift_container_platform_for_ibm_z. Latest disclosed: 2025-11-26. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1132 | High | 8.1 | 2024-04-17 | A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious requ… |
CVE-2022-4039 | High | 8.0 | 2023-09-22 | A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allow… |
CVE-2025-13601 | High | 7.7 | 2025-11-26 | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to… |
CVE-2025-6021 | High | 7.5 | 2025-06-12 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue… |
CVE-2020-8945 | High | 7.5 | 2020-02-12 | The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This le… |
CVE-2023-6291 | High | 7.1 | 2024-01-26 | A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may… |
CVE-2024-9676 | Medium | 6.5 | 2024-10-15 | A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI… |
CVE-2024-1725 | Medium | 6.5 | 2024-03-07 | A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to ga… |
CVE-2024-8883 | Medium | 6.1 | 2024-09-19 | A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http… |
CVE-2023-2585 | Low | 3.5 | 2023-12-21 | Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof… |