Filtered by vendor Redhat
Subscribe
Total
5605 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3529 | 1 Redhat | 2 Noobaa-operator, Openshift Container Platform | 2024-02-28 | 6.8 MEDIUM | 7.1 HIGH |
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. | |||||
CVE-2020-10698 | 1 Redhat | 1 Ansible Tower | 2024-02-28 | 2.1 LOW | 3.3 LOW |
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6. | |||||
CVE-2020-36328 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-3482 | 4 Debian, Exiv2, Fedoraproject and 1 more | 4 Debian Linux, Exiv2, Fedora and 1 more | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. | |||||
CVE-2021-20178 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible, Ansible Tower | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. | |||||
CVE-2021-20191 | 2 Oracle, Redhat | 8 Virtualization, Ansible, Ansible Tower and 5 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. | |||||
CVE-2021-3514 | 1 Redhat | 1 389 Directory Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. | |||||
CVE-2021-3536 | 1 Redhat | 9 Build Of Quarkus, Data Grid, Descision Manager and 6 more | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. | |||||
CVE-2020-35510 | 1 Redhat | 1 Jboss-remoting | 2024-02-28 | 7.1 HIGH | 5.9 MEDIUM |
A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-30469 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. | |||||
CVE-2020-27826 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-02-28 | 4.9 MEDIUM | 4.2 MEDIUM |
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application. | |||||
CVE-2021-20486 | 3 Ibm, Linux, Redhat | 3 Cloud Pak For Data, Linux Kernel, Enterprise Linux | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668. | |||||
CVE-2020-10688 | 1 Redhat | 5 Enterprise Linux, Fuse, Jboss Enterprise Application Platform and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. | |||||
CVE-2021-3412 | 1 Redhat | 2 3scale, 3scale Api Management | 2024-02-28 | 5.0 MEDIUM | 7.3 HIGH |
It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks. | |||||
CVE-2018-10865 | 1 Redhat | 1 Certification | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him. | |||||
CVE-2020-10701 | 1 Redhat | 1 Libvirt | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0. | |||||
CVE-2021-3447 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible, Ansible Tower | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2. | |||||
CVE-2021-20201 | 2 Redhat, Spice Project | 2 Enterprise Linux, Spice | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. | |||||
CVE-2020-27769 | 3 Fedoraproject, Imagemagick, Redhat | 3 Fedora, Imagemagick, Enterprise Linux Desktop | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. | |||||
CVE-2021-3642 | 2 Quarkus, Redhat | 13 Quarkus, Build Of Quarkus, Codeready Studio and 10 more | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. |