Filtered by vendor Redhat
Subscribe
Total
5572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0192 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Virtual Gpu, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2023-04-10 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. | |||||
| CVE-2023-0197 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Virtual Gpu, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2023-04-10 | N/A | 6.5 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. | |||||
| CVE-2021-3802 | 3 Fedoraproject, Redhat, Udisks Project | 3 Fedora, Enterprise Linux, Udisks | 2023-04-08 | 6.3 MEDIUM | 4.2 MEDIUM |
| A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-3787 | 1 Redhat | 2 Device-mapper-multipath, Enterprise Linux | 2023-04-06 | N/A | 7.8 HIGH |
| A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root. | |||||
| CVE-2022-2237 | 1 Redhat | 2 Keycloak Node.js Adapter, Single Sign-on | 2023-04-04 | N/A | 6.1 MEDIUM |
| A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function. | |||||
| CVE-2021-3684 | 1 Redhat | 3 Enterprise Linux, Openshift Assisted Installer, Openshift Container Platform | 2023-04-03 | N/A | 5.5 MEDIUM |
| A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user. | |||||
| CVE-2023-0056 | 3 Fedoraproject, Haproxy, Redhat | 10 Extra Packages For Enterprise Linux, Fedora, Haproxy and 7 more | 2023-04-03 | N/A | 6.5 MEDIUM |
| An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | |||||
| CVE-2023-0778 | 2 Podman Project, Redhat | 2 Podman, Enterprise Linux | 2023-04-03 | N/A | 6.8 MEDIUM |
| A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system. | |||||
| CVE-2021-3682 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2023-03-31 | 6.0 MEDIUM | 8.5 HIGH |
| A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. | |||||
| CVE-2022-4492 | 1 Redhat | 10 Build Of Quarkus, Integration Camel For Spring Boot, Integration Camel K and 7 more | 2023-03-24 | N/A | 7.5 HIGH |
| The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. | |||||
| CVE-2022-1278 | 1 Redhat | 8 Amq, Amq Online, Integration Camel K and 5 more | 2023-03-22 | N/A | 7.5 HIGH |
| A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | |||||
| CVE-2018-18506 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2023-03-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. | |||||
| CVE-2022-3277 | 2 Openstack, Redhat | 2 Neutron, Openstack Platform | 2023-03-13 | N/A | 6.5 MEDIUM |
| An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. | |||||
| CVE-2022-3854 | 1 Redhat | 1 Ceph Storage | 2023-03-13 | N/A | 6.5 MEDIUM |
| A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | |||||
| CVE-2022-4134 | 2 Openstack, Redhat | 2 Glance, Openstack | 2023-03-13 | N/A | 2.8 LOW |
| A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. | |||||
| CVE-2021-3596 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 4 Debian Linux, Fedora, Imagemagick and 1 more | 2023-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. | |||||
| CVE-2020-27776 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2023-03-11 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27775 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2023-03-11 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27774 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2023-03-11 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27772 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2023-03-11 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||