Redhat
redhat
5,674 CVEs • 537 products
Products (537)
Click to collapseToggle
Products (537)
Click to collapse
CVEs (5,674)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious a...Show more |
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the H...Show more |
3Fedoraproject RedhatUpx3Enterprise Linux FedoraUpxApr 11, 2025 May 27, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. |
3Fedoraproject RedhatUpx3Enterprise Linux FedoraUpxApr 11, 2025 May 27, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file. |
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they d...Show more |
3Debian QemuRedhat3Debian Linux Enterprise LinuxQemuNov 21, 2024 May 26, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk trans...Show more |
3Fedoraproject Podofo ProjectRedhat3Enterprise Linux FedoraPodofoNov 21, 2024 May 26, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. |
3Fedoraproject Podofo ProjectRedhat3Enterprise Linux FedoraPodofoNov 21, 2024 May 26, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. |
3Fedoraproject Podofo ProjectRedhat3Enterprise Linux FedoraPodofoNov 21, 2024 May 26, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. |
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks....Show more |
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges. |
3Fedoraproject GnomeRedhat4Enterprise Linux FedoraNetworkmanager+1 moreNov 21, 2024 May 26, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. |
2Oracle Redhat8Ansible Ansible TowerCisco Nx Os Collection+5 moreNov 21, 2024 May 26, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to...Show more |
2Quarkus Redhat2Quarkus ResteasyNov 21, 2024 May 26, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidenti...Show more |
1Redhat 23scale 3scale Api ManagementNov 21, 2024 May 26, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affe...Show more |
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when gett...Show more |
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. |
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related info...Show more |
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system,...Show more |
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker...Show more |