Filtered by vendor Redhat
Subscribe
Total
5599 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-52160 | 6 Debian, Fedoraproject, Google and 3 more | 7 Debian Linux, Fedora, Android and 4 more | 2024-08-27 | N/A | 6.5 MEDIUM |
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | |||||
CVE-2021-38160 | 4 Debian, Linux, Netapp and 1 more | 9 Debian Linux, Linux Kernel, Element Software and 6 more | 2024-08-27 | 7.2 HIGH | 7.8 HIGH |
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior | |||||
CVE-2024-0562 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-27 | N/A | 7.8 HIGH |
A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback. | |||||
CVE-2022-1271 | 4 Debian, Gnu, Redhat and 1 more | 4 Debian Linux, Gzip, Jboss Data Grid and 1 more | 2024-08-26 | N/A | 8.8 HIGH |
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | |||||
CVE-2023-39191 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-08-21 | N/A | 8.2 HIGH |
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. | |||||
CVE-2024-1459 | 1 Redhat | 1 Undertow | 2024-08-21 | N/A | 5.3 MEDIUM |
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. | |||||
CVE-2024-5037 | 1 Redhat | 2 Openshift Container Platform, Openshift Distributed Tracing | 2024-08-19 | N/A | 7.5 HIGH |
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. | |||||
CVE-2024-0093 | 5 Canonical, Citrix, Nvidia and 2 more | 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more | 2024-08-15 | N/A | 5.5 MEDIUM |
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. | |||||
CVE-2024-0092 | 6 Canonical, Citrix, Microsoft and 3 more | 14 Ubuntu Linux, Hypervisor, Azure Stack Hci and 11 more | 2024-08-15 | N/A | 5.5 MEDIUM |
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. | |||||
CVE-2024-0091 | 7 Canonical, Citrix, Linux and 4 more | 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more | 2024-08-15 | N/A | 7.8 HIGH |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. | |||||
CVE-2024-0090 | 7 Canonical, Citrix, Linux and 4 more | 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more | 2024-08-15 | N/A | 7.8 HIGH |
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
CVE-2024-0086 | 5 Canonical, Citrix, Nvidia and 2 more | 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more | 2024-08-15 | N/A | 5.5 MEDIUM |
NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin. | |||||
CVE-2024-0085 | 6 Canonical, Citrix, Microsoft and 3 more | 7 Ubuntu Linux, Hypervisor, Azure Stack Hci and 4 more | 2024-08-15 | N/A | 7.8 HIGH |
NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service. | |||||
CVE-2024-0084 | 5 Canonical, Citrix, Nvidia and 2 more | 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more | 2024-08-15 | N/A | 7.8 HIGH |
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. | |||||
CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 311 Http Server, Opensearch Data Prepper, Apisix and 308 more | 2024-08-14 | N/A | 7.5 HIGH |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |||||
CVE-2024-1086 | 5 Debian, Fedoraproject, Linux and 2 more | 15 Debian Linux, Fedora, Linux Kernel and 12 more | 2024-08-14 | N/A | 7.8 HIGH |
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | |||||
CVE-2023-6228 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-08-07 | N/A | 5.5 MEDIUM |
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. | |||||
CVE-2021-3557 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-08-07 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2007-1865 | 1 Redhat | 1 Enterprise Linux | 2024-08-07 | 1.9 LOW | N/A |
The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when copying header info to the user's buffer. | |||||
CVE-2013-3734 | 1 Redhat | 1 Jboss Application Server | 2024-08-06 | 6.0 MEDIUM | 6.6 MEDIUM |
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console |