Search Results (23506 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0981 2 Quarkus, Redhat 4 Quarkus, Camel Quarkus, Quarkus and 1 more 2024-11-21 8.8 High
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
CVE-2022-0943 5 Apple, Debian, Fedoraproject and 2 more 5 Macos, Debian Linux, Fedora and 2 more 2024-11-21 7.8 High
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
CVE-2022-0924 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 5.5 Medium
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
CVE-2022-0909 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 5.5 Medium
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
CVE-2022-0908 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 7.7 High
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
CVE-2022-0897 2 Netapp, Redhat 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt 2024-11-21 4.3 Medium
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
CVE-2022-0891 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 6.1 Medium
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
CVE-2022-0865 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 5.5 Medium
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
CVE-2022-0854 3 Debian, Linux, Redhat 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more 2024-11-21 5.5 Medium
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
CVE-2022-0853 1 Redhat 6 Descision Manager, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Expansion Pack and 3 more 2024-11-21 7.5 High
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
CVE-2022-0852 2 Convert2rhel Project, Redhat 3 Convert2rhel, Convert2rhel, Enterprise Linux 2024-11-21 5.5 Medium
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.
CVE-2022-0851 2 Convert2rhel Project, Redhat 3 Convert2rhel, Convert2rhel, Enterprise Linux 2024-11-21 5.5 Medium
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.
CVE-2022-0850 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 7.1 High
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
CVE-2022-0811 2 Kubernetes, Redhat 2 Cri-o, Openshift 2024-11-21 8.8 High
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
CVE-2022-0759 1 Redhat 3 Kubeclient, Logging, Satellite 2024-11-21 8.1 High
A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).
CVE-2022-0722 2 Parse-url Project, Redhat 2 Parse-url, Jboss Enterprise Bpms Platform 2024-11-21 7.5 High
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.
CVE-2022-0718 3 Debian, Openstack, Redhat 5 Debian Linux, Oslo.utils, Openshift Container Platform and 2 more 2024-11-21 4.9 Medium
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
CVE-2022-0711 3 Debian, Haproxy, Redhat 6 Debian Linux, Haproxy, Enterprise Linux and 3 more 2024-11-21 7.5 High
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
CVE-2022-0691 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 9.8 Critical
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
CVE-2022-0686 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 9.1 Critical
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.