Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-3262 1Redhat 1Openshift Apr 23, 2025 Dec 8, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search polic...Show more A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.Show less
CVE-2022-3260 1Redhat 1Openshift Apr 23, 2025 Dec 8, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
CVE-2022-4144 3Fedoraproject QemuRedhat 4Enterprise Linux Extra Packages For Enterprise LinuxFedora+1 more Apr 14, 2025 Nov 29, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past t...Show more An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.Show less
CVE-2022-4116 2Quarkus Redhat 2Build Of Quarkus Quarkus Apr 29, 2025 Nov 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
CVE-2022-3500 3Fedoraproject KeylimeRedhat 3Enterprise Linux FedoraKeylime Apr 29, 2025 Nov 22, 2022 N/A· v4 5.1 MEDIUM· v3 N/A· v2 A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that...Show more A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.Show less
CVE-2022-3821 3Fedoraproject RedhatSystemd Project 3Enterprise Linux FedoraSystemd May 2, 2025 Nov 8, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading...Show more An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.Show less
CVE-2022-3675 1Redhat 1Fedora Coreos Nov 21, 2024 Nov 3, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-d...Show more Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line. Show less
CVE-2022-3697 1Redhat 2Ansible Ansible Collection Nov 21, 2024 Oct 28, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is hand...Show more A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.Show less
CVE-2022-3644 2Pulpproject Redhat 4Ansible Automation Platform Pulp AnsibleSatellite+1 more May 7, 2025 Oct 25, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
CVE-2022-2805 1Redhat 1Virtualization May 9, 2025 Oct 19, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confide...Show more A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.Show less
CVE-2022-1414 1Redhat 13scale Api Management May 9, 2025 Oct 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct fur...Show more 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.Show less
CVE-2013-4281 1Redhat 1Openshift May 9, 2025 Oct 19, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
CVE-2013-4253 1Redhat 1Openshift May 9, 2025 Oct 19, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
CVE-2019-14841 1Redhat 2Decision Manager Process Automation May 13, 2025 Oct 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.
CVE-2019-14840 1Redhat 1Decision Manager May 13, 2025 Oct 17, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.
CVE-2017-7517 1Redhat 1Openshift May 13, 2025 Oct 17, 2022 N/A· v4 3.5 LOW· v3 N/A· v2 An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later de...Show more An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance.Show less
CVE-2022-2963 3Fedoraproject Jasper ProjectRedhat 3Enterprise Linux FedoraJasper May 15, 2025 Oct 14, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.
CVE-2022-2850 4Debian FedoraprojectPort389+1 more 5389 Ds Base Debian LinuxDirectory Server+2 more Nov 3, 2025 Oct 14, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker...Show more A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.Show less
CVE-2020-15855 1Redhat 1Bodhi Nov 21, 2024 Oct 7, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
CVE-2015-1931 3Ibm RedhatSuse 8Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+5 more Nov 21, 2024 Sep 29, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information i...Show more IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.Show less

Previous 1...333435...283 Next