Filtered by vendor Redhat
Subscribe
Total
5603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3101 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2024-02-28 | N/A | 5.5 MEDIUM |
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. | |||||
CVE-2023-0180 | 5 Citrix, Linux, Nvidia and 2 more | 5 Hypervisor, Linux Kernel, Virtual Gpu and 2 more | 2024-02-28 | N/A | 7.1 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. | |||||
CVE-2023-0056 | 3 Fedoraproject, Haproxy, Redhat | 10 Extra Packages For Enterprise Linux, Fedora, Haproxy and 7 more | 2024-02-28 | N/A | 6.5 MEDIUM |
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | |||||
CVE-2023-0192 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Virtual Gpu, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. | |||||
CVE-2023-26590 | 3 Fedoraproject, Redhat, Sox Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2024-02-28 | N/A | 5.5 MEDIUM |
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. | |||||
CVE-2023-2977 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-02-28 | N/A | 7.1 HIGH |
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. | |||||
CVE-2022-3146 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2024-02-28 | N/A | 5.5 MEDIUM |
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. | |||||
CVE-2023-2455 | 3 Fedoraproject, Postgresql, Redhat | 4 Fedora, Postgresql, Enterprise Linux and 1 more | 2024-02-28 | N/A | 5.4 MEDIUM |
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. | |||||
CVE-2023-33203 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | N/A | 6.4 MEDIUM |
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. | |||||
CVE-2023-2088 | 1 Redhat | 1 Openstack | 2024-02-28 | N/A | 6.5 MEDIUM |
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality. | |||||
CVE-2023-1380 | 3 Linux, Netapp, Redhat | 12 Linux Kernel, H300s, H300s Firmware and 9 more | 2024-02-28 | N/A | 7.1 HIGH |
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. | |||||
CVE-2023-0494 | 3 Fedoraproject, Redhat, X.org | 18 Fedora, Enterprise Linux, Enterprise Linux Aus and 15 more | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. | |||||
CVE-2022-4361 | 1 Redhat | 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more | 2024-02-28 | N/A | 6.1 MEDIUM |
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. | |||||
CVE-2023-2603 | 4 Debian, Fedoraproject, Libcap Project and 1 more | 4 Debian Linux, Fedora, Libcap and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. | |||||
CVE-2023-2700 | 2 Fedoraproject, Redhat | 3 Fedora, Enterprise Linux, Libvirt | 2024-02-28 | N/A | 5.5 MEDIUM |
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. | |||||
CVE-2023-1073 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-02-28 | N/A | 6.6 MEDIUM |
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2023-0185 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Virtual Gpu, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2024-02-28 | N/A | 7.1 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure. | |||||
CVE-2023-32573 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-02-28 | N/A | 6.5 MEDIUM |
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | |||||
CVE-2023-27540 | 2 Ibm, Redhat | 3 Cloud Pak For Data, Watson Cp4d Data Stores, Openshift | 2024-02-28 | N/A | 7.5 HIGH |
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924. | |||||
CVE-2022-36769 | 2 Ibm, Redhat | 2 Cloud Pak For Data, Openshift | 2024-02-28 | N/A | 7.2 HIGH |
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034. |