Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-10686 | 1 Redhat | 1 Keycloak | 2022-08-05 | 6.5 MEDIUM | 4.7 MEDIUM |
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users. | |||||
CVE-2020-35518 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2022-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. | |||||
CVE-2019-2627 | 5 Canonical, Mariadb, Opensuse and 2 more | 10 Ubuntu Linux, Mariadb, Leap and 7 more | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2021-20228 | 2 Debian, Redhat | 4 Debian Linux, Ansible Automation Platform, Ansible Engine and 1 more | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. | |||||
CVE-2020-27824 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2022-08-05 | 4.3 MEDIUM | 5.5 MEDIUM |
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-20250 | 1 Redhat | 2 Jboss-ejb-client, Jboss Enterprise Application Platform Expansion Pack | 2022-08-05 | 4.0 MEDIUM | 4.3 MEDIUM |
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2020-1761 | 1 Redhat | 1 Openshift | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4. | |||||
CVE-2021-20236 | 3 Fedoraproject, Redhat, Zeromq | 4 Fedora, Ceph Storage, Enterprise Linux and 1 more | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2021-20195 | 1 Redhat | 1 Keycloak | 2022-08-05 | 6.8 MEDIUM | 9.6 CRITICAL |
A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-20239 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2022-08-05 | 2.1 LOW | 3.3 LOW |
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. | |||||
CVE-2021-20306 | 1 Redhat | 3 Descision Manager, Jbpm, Process Automation | 2022-08-05 | 4.0 MEDIUM | 4.3 MEDIUM |
A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality. | |||||
CVE-2019-9516 | 12 Apache, Apple, Canonical and 9 more | 21 Traffic Server, Mac Os X, Swiftnio and 18 more | 2022-08-05 | 6.8 MEDIUM | 6.5 MEDIUM |
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. | |||||
CVE-2012-0876 | 6 Canonical, Debian, Libexpat Project and 3 more | 11 Ubuntu Linux, Debian Linux, Libexpat and 8 more | 2022-08-05 | 4.3 MEDIUM | N/A |
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | |||||
CVE-2015-8080 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Leap, Opensuse and 2 more | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | |||||
CVE-2019-2628 | 5 Canonical, Mariadb, Opensuse and 2 more | 8 Ubuntu Linux, Mariadb, Leap and 5 more | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2015-4879 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2022-08-05 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. | |||||
CVE-2017-3456 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2016-5629 | 3 Mariadb, Oracle, Redhat | 8 Mariadb, Mysql, Enterprise Linux Desktop and 5 more | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. | |||||
CVE-2021-32029 | 2 Postgresql, Redhat | 2 Postgresql, Jboss Enterprise Application Platform | 2022-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2019-2455 | 5 Canonical, Mariadb, Netapp and 2 more | 13 Ubuntu Linux, Mariadb, Active Iq Unified Manager and 10 more | 2022-08-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |