Filtered by vendor Redhat
Subscribe
Total
5741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0487 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. | |||||
| CVE-2022-0485 | 1 Redhat | 2 Enterprise Linux, Libnbd | 2024-11-21 | N/A | 4.8 MEDIUM |
| A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image. | |||||
| CVE-2022-0480 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. | |||||
| CVE-2022-0435 | 5 Fedoraproject, Linux, Netapp and 2 more | 37 Fedora, Linux Kernel, H300e and 34 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. | |||||
| CVE-2022-0358 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-11-21 | N/A | 7.8 HIGH |
| A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. | |||||
| CVE-2022-0330 | 4 Fedoraproject, Linux, Netapp and 1 more | 46 Fedora, Linux Kernel, H300e and 43 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2022-0225 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | N/A | 5.4 MEDIUM |
| A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. | |||||
| CVE-2022-0207 | 2 Ovirt, Redhat | 5 Vdsm, Enterprise Linux, Virtualization and 2 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. | |||||
| CVE-2022-0175 | 2 Redhat, Virglrenderer Project | 2 Enterprise Linux, Virglrenderer | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. | |||||
| CVE-2022-0171 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). | |||||
| CVE-2022-0168 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 4.4 MEDIUM |
| A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. | |||||
| CVE-2022-0135 | 3 Debian, Redhat, Virglrenderer Project | 3 Debian Linux, Enterprise Linux, Virglrenderer | 2024-11-21 | N/A | 7.8 HIGH |
| An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. | |||||
| CVE-2022-0084 | 1 Redhat | 4 Integration Camel K, Integration Camel Quarkus, Single Sign-on and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. | |||||
| CVE-2021-4294 | 1 Redhat | 2 Openshift Container Platform, Openshift Osin | 2024-11-21 | N/A | 2.6 LOW |
| A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987. | |||||
| CVE-2021-4217 | 3 Fedoraproject, Redhat, Unzip Project | 3 Fedora, Enterprise Linux, Unzip | 2024-11-21 | N/A | 3.3 LOW |
| A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | |||||
| CVE-2021-4213 | 3 Debian, Dogtagpki, Redhat | 3 Debian Linux, Network Security Services For Java, Enterprise Linux | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service. | |||||
| CVE-2021-4209 | 3 Gnu, Netapp, Redhat | 6 Gnutls, Active Iq Unified Manager, Hci Bootstrap Os and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | |||||
| CVE-2021-4204 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, H300s and 10 more | 2024-11-21 | N/A | 7.1 HIGH |
| An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. | |||||
| CVE-2021-4189 | 4 Debian, Netapp, Python and 1 more | 5 Debian Linux, Ontap Select Deploy Administration Utility, Python and 2 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | |||||
| CVE-2021-4180 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1. | |||||