Filtered by vendor Redhat
Subscribe
Total
5605 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3632 | 1 Redhat | 3 Enterprise Linux, Keycloak, Single Sign-on | 2024-02-28 | N/A | 7.5 HIGH |
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. | |||||
CVE-2022-2964 | 3 Linux, Netapp, Redhat | 12 Linux Kernel, H300s, H300s Firmware and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | |||||
CVE-2022-0171 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-28 | N/A | 5.5 MEDIUM |
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). | |||||
CVE-2022-2668 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-02-28 | N/A | 7.2 HIGH |
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | |||||
CVE-2022-2764 | 2 Netapp, Redhat | 9 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 6 more | 2024-02-28 | N/A | 4.9 MEDIUM |
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. | |||||
CVE-2021-3697 | 2 Gnu, Redhat | 12 Grub2, Codeready Linux Builder, Developer Tools and 9 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | |||||
CVE-2014-0144 | 2 Qemu, Redhat | 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2024-02-28 | N/A | 8.6 HIGH |
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | |||||
CVE-2022-1632 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible Automation Platform, Openshift Container Platform | 2024-02-28 | N/A | 6.5 MEDIUM |
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. | |||||
CVE-2022-1263 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | N/A | 5.5 MEDIUM |
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. | |||||
CVE-2021-3563 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Keystone, Openstack Platform | 2024-02-28 | N/A | 7.4 HIGH |
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
CVE-2022-1414 | 1 Redhat | 1 3scale Api Management | 2024-02-28 | N/A | 8.8 HIGH |
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. | |||||
CVE-2022-3205 | 1 Redhat | 1 Ansible Automation Platform | 2024-02-28 | N/A | 6.1 MEDIUM |
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | |||||
CVE-2021-35939 | 2 Redhat, Rpm | 2 Enterprise Linux, Rpm | 2024-02-28 | N/A | 6.7 MEDIUM |
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2022-1902 | 1 Redhat | 1 Advanced Cluster Security | 2024-02-28 | N/A | 8.8 HIGH |
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. | |||||
CVE-2022-28623 | 3 Hp, Hpe, Redhat | 3 Hp-ux, Icewall Sso Certd, Enterprise Linux | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX. | |||||
CVE-2021-3754 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-02-28 | N/A | 5.3 MEDIUM |
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. | |||||
CVE-2014-8164 | 1 Redhat | 1 Cloudforms Management Engine | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | |||||
CVE-2021-3827 | 1 Redhat | 4 Enterprise Linux, Keycloak, Openshift Container Platform and 1 more | 2024-02-28 | N/A | 6.8 MEDIUM |
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
CVE-2019-14841 | 1 Redhat | 2 Decision Manager, Process Automation | 2024-02-28 | N/A | 8.8 HIGH |
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. | |||||
CVE-2021-4217 | 3 Fedoraproject, Redhat, Unzip Project | 3 Fedora, Enterprise Linux, Unzip | 2024-02-28 | N/A | 3.3 LOW |
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. |