Michael Kaplan

**Name of the Vulnerable Software and Affected Versions** OpenShift console (affected versions not specified) **Description** A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki `authToken` configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ghostscript (affected versions not specified) **Description** An integer overflow flaw was found in `pl glyph name` in `pcl/pl/plfont.c:418` of ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ghostscript (affected versions not specified) **Description** The issue is related to a buffer overflow flaw in the devn pcx write rle() function of the Ghostscript software, specifically in the base/gdevdevn.c component. This flaw may allow a local attacker to cause a denial of service by outputting a specially crafted PDF file for a DEVN device using Ghostscript. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenShift Assisted Installer (affected versions not specified) **Description** A vulnerability was found in OpenShift Assisted Installer where image pull secrets were leaked as plaintext in the installation logs during the generation of the Discovery ISO. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RHODS (affected versions not specified) **Description** A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues. The vulnerability is related to insufficient authorization procedures, allowing a remote attacker to send arbitrary API requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw was found in Keycloak where an attacker can register with a username that is the same as an existing user's email ID. This may cause issues with password recovery emails if the user forgets their password. The problem arises because Keycloak allows the use of email as a username and does not check if an account with that email already exists, leading to potential difficulties in resetting or logging in with the email for the affected user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DPDK (affected versions not specified) **Description** The issue is related to an uncontrolled resource consumption in the DPDK library and driver set, which can lead to a denial of service. A malicious vhost-user master can attach an unexpected number of file descriptors as ancillary data to `VHOST USER GET INFLIGHT FD` and `VHOST USER SET INFLIGHT FD` messages, causing the vhost-user slave process to exhaust available file descriptors when these messages are sent continuously. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A kernel information leak flaw was identified in the `scsi ioctl` function in `drivers/scsi/scsi ioctl.c` in the Linux kernel. This flaw allows a local attacker with special user privileges (`CAP SYS ADMIN` or `CAP SYS RAWIO`) to create issues with confidentiality. The flaw is related to a lack of protection for service data, which can be exploited to disclose protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** virglrenderer (affected versions not specified) **Description** The issue is related to an out-of-bounds write in the VirGL virtual OpenGL renderer. A malicious guest can create a specially crafted virgil resource and issue a VIRTGPU EXECBUFFER ioctl, potentially leading to a denial of service or code execution. This could allow an attacker to access confidential data, compromise its integrity, and cause a service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the "/dev/infiniband/rdma cm" device node. This access is unlikely to leak sensitive user information but can be used to defeat existing kernel protection mechanisms. The issue is related to insufficient protection of internal data in the `ib copy ah attr to user()` function of the RDMA connection manager. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR (affected versions not specified) **Description** A flaw in OpenEXR's hufDecode functionality allows an attacker to trigger an undefined right shift error by passing a crafted file to be processed by OpenEXR. The highest threat from this issue is to system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RESTEasy (affected versions not specified) **Description** A flaw in RESTEasy's RootNode allows incorrect caching of routes, resulting in hash flooding. This leads to slower requests and increased CPU time spent on searching and adding entries, potentially causing a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wildfly versions 19.0.0.Final through 21.0.0.Final **Description** A flaw in Wildfly allows for a memory leak when an application uses the OpenTracing API's java-interceptors. This issue can be exploited by an attacker to impact the availability of the server, with the highest threat being to system availability. **Recommendations** For versions 19.0.0.Final through 21.0.0.Final, update to a version that includes a fix for this issue to prevent potential memory leaks and impact on system availability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: The issue is related to the implementation of the scanline input file functionality in the OpenEXR library, specifically in the ImfScanLineInputFile.cpp file. It involves an uncontrolled resource consumption when handling the `to data->linesInBuffer` parameter. This can be exploited by an attacker to cause a denial of service by opening specially crafted EXR files, potentially consuming excessive system memory and impacting system availability. Recommendations: For versions prior to 3.0.0-beta, update to version 3.0.0-beta or later to resolve the issue. As a temporary workaround, consider restricting the use of the scanline input file functionality until a patch is available. Avoid processing untrusted or specially crafted EXR files with the vulnerable versions of OpenEXR to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: The issue is related to a flaw in OpenEXR's deep tile sample size calculations, which can lead to an integer overflow and subsequently an out-of-bounds read when a crafted file is processed. This flaw poses the greatest risk to application availability. An attacker could exploit this by submitting a specially crafted file to be processed by OpenEXR, potentially causing a denial of service or allowing the execution of arbitrary code. Recommendations: For versions prior to 3.0.0-beta, update to version 3.0.0-beta or later to resolve the issue. As a temporary workaround, consider restricting the processing of specially crafted EXR files to minimize the risk of exploitation. Avoid using the `DeepTiledInputFile::initialize()` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: The issue is related to an integer overflow in the B44 compression function of the OpenEXR library. This can be exploited by a remote attacker to cause a denial of service by opening specially crafted EXR files. The vulnerability affects the B44 uncompression functionality and can be triggered by submitting a crafted file to OpenEXR, potentially affecting application availability. Recommendations: For versions prior to 3.0.0-beta, update to version 3.0.0-beta or later to resolve the issue. As a temporary workaround, consider restricting the use of the B44 compression function until a patch is available. Avoid opening specially crafted EXR files with the vulnerable version of OpenEXR to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenEXR (affected versions not specified) **Description** The issue is related to a buffer overflow in the B44Compressor component of OpenEXR, which is used for storing images with high dynamic range. An attacker can exploit this by submitting a specially crafted file, potentially leading to a denial of service. The highest threat from this issue is to system availability, as it allows an attacker to exhaust all accessible memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR (affected versions not specified) **Description** A flaw was found in OpenEXR's TiledInputFile functionality, allowing an attacker to trigger a floating-point exception error by submitting a crafted single-part non-image. This flaw is related to insufficient input validation. The highest threat from this issue is to system availability, potentially allowing a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR (affected versions not specified) **Description** A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR (affected versions not specified) **Description** A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp, allowing an attacker to trigger an integer overflow by submitting a crafted file. The highest threat from this issue is to system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.