rhcos vulnerabilities

Known vulnerabilities in the rhcos package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Missing Authentication for Critical Function	*
M Integer Overflow or Wraparound	*
L Improper Validation of Specified Quantity in Input	*
H Heap-based Buffer Overflow	*
M Reversible One-Way Hash	*
M Expected Behavior Violation	*
M Out-of-bounds Read	*
M Return of Wrong Status Code	*
L Memory Leak	*
H NULL Pointer Dereference	*
M Arbitrary Argument Injection	*
M Uncontrolled Recursion	*
H Out-of-bounds Write	*
H Use After Free	*
H Use After Free	*
H Buffer Overflow	*
M Use of Uninitialized Resource	*
M Information Exposure	*
M Unchecked Return Value	*
L Improper Resource Shutdown or Release	*
H Directory Traversal	*
L Use After Free	*
M Out-of-bounds Write	*
M Out-of-bounds Write	*
M Improper Update of Reference Count	*
H Stack-based Buffer Overflow	*
M Unchecked Return Value	*
M Out-of-bounds Write	*
M Out-of-bounds Write	*
H Use After Free	*
M Integer Overflow or Wraparound	*
M Out-of-bounds Write	*
L NULL Pointer Dereference	*
M Trust Boundary Violation	*
M Use After Free	*
H Out-of-bounds Write	*
M Detection of Error Condition Without Action	*
L Out-of-Bounds	*
L Memory Leak	*
L Memory Leak	*
L Out-of-Bounds	*
L Memory Leak	*
H Out-of-bounds Write	*
L Integer Overflow to Buffer Overflow	*
M Algorithmic Complexity	*
M Algorithmic Complexity	*
M Out-of-bounds Write	*
M Incorrect Calculation of Buffer Size	*
H Resource Exhaustion	*
H Resource Exhaustion	*
M Use After Free	*
L Improper Check for Unusual or Exceptional Conditions	*
L Improper Encoding or Escaping of Output	*
M Information Exposure	*
L Heap-based Buffer Overflow	*
M Directory Traversal	*
M Improper Encoding or Escaping of Output	*
L Covert Timing Channel	*
L Out-of-bounds Write	*
M Directory Traversal	*
H Symlink Following	*
M Race Condition	*
L Improper Encoding or Escaping of Output	*
M Detection of Error Condition Without Action	*
H Out-of-Bounds	*
L Insecure Default Initialization of Resource	*
M NULL Pointer Dereference	*
M Out-of-Bounds	*
L Information Exposure	*
M Insecure Temporary File	*
M Symlink Following	*
H Improper Authentication	*
L Comparison Using Wrong Factors	*
M Use of Insufficiently Random Values	*
M Small Space of Random Values	*
M Improper Input Validation	*
M Unchecked Input for Loop Condition	*
L Improper Certificate Validation	*
L Use After Free	*
H Out-of-bounds Write	*
M Improper Finite State Machines (FSMs) in Hardware Logic	*
M Improper Certificate Validation	*
M Heap-based Buffer Overflow	*
M Integer Overflow or Wraparound	*
M Integer Overflow or Wraparound	*
M Integer Overflow or Wraparound	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
L Directory Traversal	*
M Double Free	*
L Heap-based Buffer Overflow	*
L Heap-based Buffer Overflow	*
L Use After Free	*
L Use After Free	*
L Heap-based Buffer Overflow	*
L NULL Pointer Dereference	*
L Double Free	*
H Use After Free	*
L Out-of-bounds Read	*
M Improper Synchronization	*
L NULL Pointer Dereference	*
H Resource Exhaustion	*
H Resource Exhaustion	*
H CVE-2024-4076	*
H Arbitrary Code Injection	*
M Race Condition	*
H Race Condition	*
L Information Exposure	*
M CVE-2024-26602	*

Vulnerability

Vulnerable Version

Missing Authentication for Critical Function