Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-32547 3Fedoraproject ImagemagickRedhat 3Enterprise Linux FedoraImagemagick Nov 21, 2024 Jun 16, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input i...Show more In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Show less
CVE-2022-32546 3Fedoraproject ImagemagickRedhat 4Enterprise Linux Extra Packages For Enterprise LinuxFedora+1 more Nov 21, 2024 Jun 16, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to app...Show more A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Show less
CVE-2022-32545 3Fedoraproject ImagemagickRedhat 4Enterprise Linux Extra Packages For Enterprise LinuxFedora+1 more Nov 21, 2024 Jun 16, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to app...Show more A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Show less
CVE-2021-41411 1Redhat 1Drools Nov 21, 2024 Jun 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
CVE-2022-1998 4Fedoraproject LinuxNetapp+1 more 8Enterprise Linux FedoraH300s Firmware+5 more Nov 21, 2024 Jun 9, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the sys...Show more A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.Show less
CVE-2022-1708 3Fedoraproject KubernetesRedhat 4Cri O Enterprise LinuxFedora+1 more Nov 21, 2024 Jun 7, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. Thi...Show more A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.Show less
CVE-2022-1949 2Fedoraproject Redhat 4389 Directory Server Directory ServerEnterprise Linux+1 more Dec 13, 2024 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass....Show more An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.Show less
CVE-2022-1789 4Debian FedoraprojectLinux+1 more 4Debian Linux Enterprise LinuxFedora+1 more Nov 21, 2024 Jun 2, 2022 N/A· v4 6.8 MEDIUM· v3 6.9 MEDIUM· v2 With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
CVE-2022-1652 4Debian LinuxNetapp+1 more 8Debian Linux Enterprise LinuxH300s Firmware+5 more Nov 21, 2024 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exp...Show more Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.Show less
CVE-2022-1462 3Debian LinuxRedhat 3Debian Linux Enterprise LinuxLinux Kernel Nov 21, 2024 Jun 2, 2022 N/A· v4 6.3 MEDIUM· v3 3.3 LOW· v2 An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memor...Show more An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.Show less
CVE-2021-3717 1Redhat 3Jboss Enterprise Application Platform Single Sign OnWildfly Core Nov 21, 2024 May 24, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerabili...Show more A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.Show less
CVE-2021-3629 2Netapp Redhat 8Active Iq Unified Manager IntegrationJboss Enterprise Application Platform+5 more Nov 21, 2024 May 24, 2022 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability...Show more A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.Show less
CVE-2021-3597 2Netapp Redhat 8Active Iq Unified Manager FuseJboss Enterprise Application Platform+5 more Nov 21, 2024 May 24, 2022 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affect...Show more A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.Show less
CVE-2022-30600 3Fedoraproject MoodleRedhat 3Enterprise Linux FedoraMoodle Nov 21, 2024 May 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CVE-2022-30599 3Fedoraproject MoodleRedhat 3Enterprise Linux FedoraMoodle Nov 21, 2024 May 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
CVE-2022-30598 3Fedoraproject MoodleRedhat 3Enterprise Linux FedoraMoodle Nov 21, 2024 May 18, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
CVE-2022-30597 3Fedoraproject MoodleRedhat 3Enterprise Linux FedoraMoodle Nov 21, 2024 May 18, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
CVE-2022-30596 3Fedoraproject MoodleRedhat 3Enterprise Linux FedoraMoodle Nov 21, 2024 May 18, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
CVE-2022-1706 2Fedoraproject Redhat 4Enterprise Linux FedoraIgnition+1 more Nov 21, 2024 May 17, 2022 N/A· v4 6.5 MEDIUM· v3 3.5 LOW· v2 A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config conta...Show more A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.Show less
CVE-2022-1587 4Fedoraproject NetappPcre+1 more 12Active Iq Unified Manager Enterprise LinuxFedora+9 more Nov 21, 2024 May 16, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused...Show more An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.Show less

Previous 1...424344...284 Next