Filtered by vendor Redhat
Subscribe
Search
Total
1262 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19353 | 1 Redhat | 1 Openshift Container Platform | 2021-03-26 | 6.9 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19352 | 1 Redhat | 1 Openshift Container Platform | 2021-03-26 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-10200 | 1 Redhat | 1 Openshift Container Platform | 2021-03-26 | 9.0 HIGH | 7.2 HIGH |
| A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high. | |||||
| CVE-2021-20218 | 1 Redhat | 9 A-mq Online, Build Of Quarkus, Codeready Studio and 6 more | 2021-03-25 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2 | |||||
| CVE-2019-10161 | 2 Canonical, Redhat | 5 Ubuntu Linux, Enterprise Linux, Libvirt and 2 more | 2021-03-25 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. | |||||
| CVE-2021-20179 | 3 Dogtagpki, Fedoraproject, Redhat | 4 Dogtagpki, Fedora, Certificate System and 1 more | 2021-03-24 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2019-16276 | 6 Debian, Fedoraproject, Golang and 3 more | 9 Debian Linux, Fedora, Go and 6 more | 2021-03-22 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | |||||
| CVE-2016-9560 | 3 Debian, Jasper Project, Redhat | 8 Debian Linux, Jasper, Enterprise Linux Desktop and 5 more | 2021-03-15 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. | |||||
| CVE-2021-20198 | 1 Redhat | 1 Openshift Installer | 2021-02-27 | 6.8 MEDIUM | 8.1 HIGH |
| A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-27782 | 1 Redhat | 3 Jboss Fuse, Openshift Application Runtimes, Undertow | 2021-02-27 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. | |||||
| CVE-2017-15131 | 2 Freedesktop, Redhat | 2 Xdg-user-dirs, Enterprise Linux | 2021-02-25 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. | |||||
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 6 Ubuntu Linux, Fedora, Jasper and 3 more | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | |||||
| CVE-2019-11745 | 6 Canonical, Debian, Mozilla and 3 more | 23 Ubuntu Linux, Debian Linux, Firefox and 20 more | 2021-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||
| CVE-2021-20188 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux, Openshift Container Platform | 2021-02-17 | 6.9 MEDIUM | 7.0 HIGH |
| A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2016-4970 | 3 Apache, Netty, Redhat | 4 Cassandra, Netty, Jboss Data Grid and 1 more | 2021-02-14 | 7.8 HIGH | 7.5 HIGH |
| handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2020-14339 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2021-02-09 | 7.2 HIGH | 8.8 HIGH |
| A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-10758 | 1 Redhat | 3 Keycloak, Openshift Application Runtimes, Single Sign-on | 2021-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. | |||||
| CVE-2016-4978 | 2 Apache, Redhat | 3 Activemq Artemis, Enterprise Linux Server, Jboss Enterprise Application Platform | 2021-01-29 | 6.0 MEDIUM | 7.2 HIGH |
| The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath. | |||||
| CVE-2017-12174 | 2 Apache, Redhat | 4 Activemq Artemis, Enterprise Linux, Hornetq and 1 more | 2021-01-28 | 7.8 HIGH | 7.5 HIGH |
| It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. | |||||
| CVE-2020-29573 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2021-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. | |||||
| CVE-2018-5968 | 4 Debian, Fasterxml, Netapp and 1 more | 10 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 7 more | 2021-01-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | |||||
| CVE-2021-1060 | 7 Citrix, Linux, Microsoft and 4 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2021-01-14 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-1057 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-01-11 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-1059 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-01-11 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-1064 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-01-11 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-1065 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-01-11 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-1063 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-01-11 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2020-25692 | 2 Openldap, Redhat | 2 Openldap, Enterprise Linux | 2021-01-08 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. | |||||
| CVE-2015-5184 | 1 Redhat | 2 Amq, Jboss Enterprise Web Server | 2021-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Console: CORS headers set to allow all in Red Hat AMQ. | |||||
| CVE-2015-5183 | 1 Redhat | 3 Amq, Jboss A-mq, Jboss Enterprise Web Server | 2021-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. | |||||
| CVE-2020-15115 | 1 Redhat | 1 Etcd | 2021-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. | |||||
| CVE-2020-11100 | 3 Debian, Haproxy, Redhat | 3 Debian Linux, Haproxy, Openshift Container Platform | 2020-12-24 | 6.5 MEDIUM | 8.8 HIGH |
| In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. | |||||
| CVE-2020-10714 | 1 Redhat | 5 Codeready Studio, Descision Manager, Jboss Fuse and 2 more | 2020-12-23 | 5.1 MEDIUM | 7.5 HIGH |
| A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-1749 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2020-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-25712 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2020-12-16 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2019-9514 | 12 Apache, Apple, Canonical and 9 more | 29 Traffic Server, Mac Os X, Swiftnio and 26 more | 2020-12-09 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | |||||
| CVE-2020-27778 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2020-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. | |||||
| CVE-2018-14622 | 4 Canonical, Debian, Libtirpc Project and 1 more | 8 Ubuntu Linux, Debian Linux, Libtirpc and 5 more | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. | |||||
| CVE-2018-14657 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2020-12-04 | 4.3 MEDIUM | 8.1 HIGH |
| A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | |||||
| CVE-2019-10171 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux Server Eus | 2020-12-04 | 7.8 HIGH | 7.5 HIGH |
| It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service. | |||||
| CVE-2018-1048 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | |||||
| CVE-2020-14334 | 1 Redhat | 1 Satellite | 2020-12-04 | 4.6 MEDIUM | 8.8 HIGH |
| A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. | |||||
| CVE-2019-19340 | 1 Redhat | 2 Ansible Tower, Enterprise Linux | 2020-12-04 | 6.4 MEDIUM | 8.2 HIGH |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system. | |||||
| CVE-2019-10222 | 3 Ceph, Fedoraproject, Redhat | 3 Ceph, Fedora, Ceph Storage | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. | |||||
| CVE-2020-10772 | 2 Nlnetlabs, Redhat | 2 Unbound, Enterprise Linux | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound. | |||||
| CVE-2020-25708 | 2 Libvncserver Project, Redhat | 2 Libvncserver, Enterprise Linux | 2020-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | |||||
| CVE-2018-1100 | 3 Canonical, Redhat, Zsh | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-12-01 | 7.2 HIGH | 7.8 HIGH |
| zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. | |||||
| CVE-2018-1083 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2020-12-01 | 7.2 HIGH | 7.8 HIGH |
| Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. | |||||
| CVE-2017-5848 | 3 Debian, Gstreamer Project, Redhat | 8 Debian Linux, Gstreamer, Enterprise Linux Desktop and 5 more | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | |||||
| CVE-2020-25661 | 1 Redhat | 1 Enterprise Linux | 2020-11-19 | 8.3 HIGH | 8.8 HIGH |
| A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||