Redhat Openshift_container_platform_for_power
23 CVEs affecting Redhat Openshift_container_platform_for_power. Latest disclosed: 2026-03-19. Critical: 1, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-4361 | Critical | 10.0 | 2023-07-07 | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerabili… |
CVE-2024-1132 | High | 8.1 | 2024-04-17 | A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious requ… |
CVE-2022-4039 | High | 8.0 | 2023-09-22 | A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allow… |
CVE-2022-4318 | High | 7.8 | 2023-09-25 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. |
CVE-2019-0211 | High | 7.8 | 2019-04-08 | In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including… |
CVE-2025-13601 | High | 7.7 | 2025-11-26 | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to… |
CVE-2023-6563 | High | 7.7 | 2023-12-14 | An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500… |
CVE-2026-4424 | High | 7.5 | 2026-03-19 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sl… |
CVE-2025-6021 | High | 7.5 | 2025-06-12 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue… |
CVE-2024-1635 | High | 7.5 | 2024-02-19 | A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and… |
CVE-2023-3223 | High | 7.5 | 2023-09-27 | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorize… |
CVE-2023-1108 | High | 7.5 | 2023-09-14 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the lo… |
CVE-2023-6291 | High | 7.1 | 2024-01-26 | A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may… |
CVE-2023-3089 | High | 7.0 | 2023-07-05 | A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic m… |
CVE-2022-3916 | Medium | 6.8 | 2023-09-20 | A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due t… |
CVE-2024-9676 | Medium | 6.5 | 2024-10-15 | A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI… |
CVE-2024-4629 | Medium | 6.5 | 2024-09-03 | A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating mu… |
CVE-2024-1725 | Medium | 6.5 | 2024-03-07 | A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to ga… |
CVE-2023-0056 | Medium | 6.5 | 2023-03-23 | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote atta… |
CVE-2024-8883 | Medium | 6.1 | 2024-09-19 | A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http… |