Filtered by vendor Redhat
Subscribe
Total
5605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0084 | 1 Redhat | 4 Integration Camel K, Integration Camel Quarkus, Single Sign-on and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. | |||||
| CVE-2022-1259 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 7 more | 2024-02-28 | N/A | 7.5 HIGH |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | |||||
| CVE-2022-2403 | 1 Redhat | 1 Openshift | 2024-02-28 | N/A | 6.5 MEDIUM |
| A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. | |||||
| CVE-2022-34301 | 3 Kidan, Microsoft, Redhat | 10 Cryptopro Securedisk For Bitlocker, Windows 10, Windows 11 and 7 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | |||||
| CVE-2022-34302 | 3 Horizondatasys, Microsoft, Redhat | 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | |||||
| CVE-2021-3586 | 1 Redhat | 2 Openshift Service Mesh, Servicemesh-operator | 2024-02-28 | N/A | 9.8 CRITICAL |
| A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2022-23238 | 5 Canonical, Centos, Linux and 2 more | 5 Ubuntu Linux, Centos, Linux Kernel and 2 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content. | |||||
| CVE-2022-0934 | 2 Redhat, Thekelleys | 2 Enterprise Linux, Dnsmasq | 2024-02-28 | N/A | 7.5 HIGH |
| A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | |||||
| CVE-2022-2509 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Gnutls and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | |||||
| CVE-2022-2568 | 1 Redhat | 2 Ansible Automation Platform, Enterprise Linux | 2024-02-28 | N/A | 6.5 MEDIUM |
| A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges. | |||||
| CVE-2022-3644 | 2 Pulpproject, Redhat | 4 Pulp Ansible, Ansible Automation Platform, Satellite and 1 more | 2024-02-28 | N/A | 5.5 MEDIUM |
| The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | |||||
| CVE-2022-2963 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-02-28 | N/A | 7.5 HIGH |
| A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. | |||||
| CVE-2020-15855 | 1 Redhat | 1 Bodhi | 2024-02-28 | N/A | 6.1 MEDIUM |
| Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. | |||||
| CVE-2022-1655 | 1 Redhat | 1 Openstack | 2024-02-28 | N/A | 6.5 MEDIUM |
| An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity. | |||||
| CVE-2021-3696 | 3 Gnu, Netapp, Redhat | 13 Grub2, Ontap Select Deploy Administration Utility, Codeready Linux Builder and 10 more | 2024-02-28 | 6.9 MEDIUM | 4.5 MEDIUM |
| A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2022-1677 | 1 Redhat | 1 Openshift Container Platform | 2024-02-28 | N/A | 6.3 MEDIUM |
| In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. | |||||
| CVE-2022-2905 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-28 | N/A | 5.5 MEDIUM |
| An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. | |||||
| CVE-2021-3659 | 3 Fedoraproject, Linux, Redhat | 17 Fedora, Linux Kernel, Codeready Linux Builder and 14 more | 2024-02-28 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3629 | 2 Netapp, Redhat | 9 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 6 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | |||||
| CVE-2022-27651 | 3 Buildah Project, Fedoraproject, Redhat | 3 Buildah, Fedora, Enterprise Linux | 2024-02-28 | 4.9 MEDIUM | 6.8 MEDIUM |
| A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. | |||||