Red Hat Logging
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Logging.
Recent Red Hat Logging Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2025:7449 | (RHSA-2025:7449) Important: Logging for Red Hat OpenShift - 5.9.14 | May 14, 2025 |
| RHSA-2025:7451 | (RHSA-2025:7451) Important: Logging for Red Hat OpenShift - 5.8.20 | May 14, 2025 |
| RHSA-2025:3907 | (RHSA-2025:3907) Important: Logging for Red Hat OpenShift - 6.1.5 | April 16, 2025 |
| RHSA-2025:3905 | (RHSA-2025:3905) Important: Logging for Red Hat OpenShift - 6.0.7 | April 16, 2025 |
| RHSA-2025:3906 | (RHSA-2025:3906) Important: Logging for Red Hat OpenShift - 5.9.13 | April 16, 2025 |
| RHSA-2025:3448 | (RHSA-2025:3448) Important: Logging for Red Hat OpenShift - 5.8.19 | April 2, 2025 |
| RHSA-2025:3131 | (RHSA-2025:3131) Important: Logging for Red Hat OpenShift - 6.1.4 | March 26, 2025 |
| RHSA-2025:3132 | (RHSA-2025:3132) Important: Logging for Red Hat OpenShift - 6.0.6 | March 26, 2025 |
| RHSA-2025:1985 | (RHSA-2025:1985) Moderate: Logging for Red Hat OpenShift - 5.9.12 | March 5, 2025 |
| RHSA-2025:1225 | (RHSA-2025:1225) Important: Logging for Red Hat OpenShift - 5.8.17 | February 12, 2025 |
By the Year
In 2025 there have been 2 vulnerabilities in Red Hat Logging with an average score of 6.5 out of ten. Last year, in 2024 Logging had 9 security vulnerabilities published. Right now, Logging is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.37
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 2 | 6.45 |
| 2024 | 9 | 6.82 |
| 2023 | 5 | 6.56 |
It may take a day or so for new Logging vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Logging Security Vulnerabilities
serialize-javascript XSS via unsanitized regex input
CVE-2024-11831
5.4 - Medium
- February 10, 2025
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
XSS
Rsync: Checksum Length Manipulation Enables Stack Data Leak
CVE-2024-12085
7.5 - High
- January 14, 2025
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Use of Uninitialized Resource
OpenShift Telemeter JWT Auth 'iss' Bypass via Forged Token
CVE-2024-5037
7.5 - High
- June 05, 2024
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
Authentication Bypass by Spoofing
CoreDNS invalid cache entries due to flawed caching mechanism
CVE-2024-0874
5.3 - Medium
- April 25, 2024
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
Use of Cache Containing Sensitive Information
Linux NVMe Driver NULL Deref via Malicious TCP Packets
CVE-2023-6356
6.5 - Medium
- February 07, 2024
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.
NULL Pointer Dereference
Linux Kernel NVMe-over-TCP NULL ptr deref leads to DoS
CVE-2023-6535
6.5 - Medium
- February 07, 2024
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
NULL Pointer Dereference
Linux Kernel NVMe over TCP NULL ptr deref Kernel Panic/DoS
CVE-2023-6536
6.5 - Medium
- February 07, 2024
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
NULL Pointer Dereference
Linux Kernel kTLS splice OOB write flaw CVE-2024-0646
CVE-2024-0646
7 - High
- January 17, 2024
An out-of-bounds memory write flaw was found in the Linux kernels Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Memory Corruption
GnuTLS: DoS via Faulty Certificate Chain Validation in Cockpit
CVE-2024-0567
7.5 - High
- January 16, 2024
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Improper Verification of Cryptographic Signature
OOB Read in SMB Client due to Integer Underflow CVE-2024-0565
CVE-2024-0565
6.8 - Medium
- January 15, 2024
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
Integer underflow
Linux Kernel Netfilter UAF in NFT_CHAIN/Object Escalation
CVE-2024-0193
7.8 - High
- January 02, 2024
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.
Dangling pointer
Linux Kernel gsm tty multiplexer race leads to local privilege escalation
CVE-2023-6546
7 - High
- December 21, 2023
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Dangling pointer
Linux Kernel SMB2 OOB Read Leak (CVE-2023-6610)
CVE-2023-6610
7.1 - High
- December 08, 2023
An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
Out-of-bounds Read
Linux Kernel SMB client OOB read in smbCalcSize
CVE-2023-6606
7.1 - High
- December 08, 2023
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
Out-of-bounds Read
OpenSSL RSA-PSK ClientKeyExchange timing side channel
CVE-2023-5981
5.9 - Medium
- November 28, 2023
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Side Channel Attack
A flaw was found in openshift-logging LokiStack
CVE-2023-4456
5.7 - Medium
- August 21, 2023
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Insufficient Granularity of Access Control
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Logging or by Red Hat? Click the Watch button to subscribe.
