Vulnerabilities > Redhat > Openshift Container Platform FOR Power > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2023-6291 Open Redirect vulnerability in Redhat products
A flaw was found in the redirect_uri validation logic in Keycloak.
network
low complexity
redhat CWE-601
7.1
2023-12-21 CVE-2023-2585 Unspecified vulnerability in Redhat products
Keycloak's device authorization grant does not correctly validate the device code and client ID.
network
low complexity
redhat
8.1
2023-12-14 CVE-2023-6563 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
An unconstrained memory consumption vulnerability was discovered in Keycloak.
network
low complexity
redhat CWE-770
7.7
2023-11-01 CVE-2023-5625 Resource Exhaustion vulnerability in Redhat products
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.
network
low complexity
redhat CWE-400
7.5
2023-09-27 CVE-2023-3223 Unspecified vulnerability in Redhat products
A flaw was found in undertow.
network
low complexity
redhat
7.5
2023-09-25 CVE-2022-4318 Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products
A vulnerability was found in cri-o.
local
low complexity
kubernetes redhat fedoraproject CWE-913
7.8
2023-09-14 CVE-2023-1108 Infinite Loop vulnerability in multiple products
A flaw was found in undertow.
network
low complexity
redhat netapp CWE-835
7.5
2023-07-05 CVE-2023-3089 Weak Password Requirements vulnerability in Redhat products
A compliance problem was found in the Red Hat OpenShift Container Platform.
network
low complexity
redhat CWE-521
7.5
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8