Filtered by vendor Redhat
Subscriptions
Total
21336 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3032 | 2 Mozilla, Redhat | 4 Thunderbird, Enterprise Linux, Rhel E4s and 1 more | 2024-08-03 | 6.5 Medium |
| When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. | ||||
| CVE-2022-3028 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-08-03 | 7.0 High |
| A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. | ||||
| CVE-2022-2953 | 4 Debian, Libtiff, Netapp and 1 more | 4 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2024-08-03 | 5.5 Medium |
| LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | ||||
| CVE-2022-2990 | 2 Buildah Project, Redhat | 4 Buildah, Enterprise Linux, Openshift and 1 more | 2024-08-03 | 7.1 High |
| An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2022-2989 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux, Openshift Container Platform | 2024-08-03 | 7.1 High |
| An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2022-2995 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-08-03 | 7.1 High |
| Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2022-2964 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, H300s, H300s Firmware and 15 more | 2024-08-03 | 7.8 High |
| A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | ||||
| CVE-2022-2963 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-08-03 | 7.5 High |
| A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. | ||||
| CVE-2022-2959 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2024-08-03 | 7.0 High |
| A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. | ||||
| CVE-2022-2905 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-08-03 | 5.5 Medium |
| An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. | ||||
| CVE-2022-2938 | 4 Fedoraproject, Linux, Netapp and 1 more | 15 Fedora, Linux Kernel, H300s and 12 more | 2024-08-03 | 7.8 High |
| A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. | ||||
| CVE-2022-2996 | 3 Debian, Python-scciclient Project, Redhat | 5 Debian Linux, Python-scciclient, Openshift and 2 more | 2024-08-03 | 7.4 High |
| A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. | ||||
| CVE-2022-2850 | 4 Debian, Fedoraproject, Port389 and 1 more | 6 Debian Linux, Fedora, 389-ds-base and 3 more | 2024-08-03 | 6.5 Medium |
| A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. | ||||
| CVE-2022-2873 | 5 Debian, Fedoraproject, Linux and 2 more | 16 Debian Linux, Fedora, Linux Kernel and 13 more | 2024-08-03 | 5.5 Medium |
| An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | ||||
| CVE-2022-2867 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2024-08-03 | 5.5 Medium |
| libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. | ||||
| CVE-2022-2880 | 2 Golang, Redhat | 20 Go, Acm, Ceph Storage and 17 more | 2024-08-03 | 7.5 High |
| Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. | ||||
| CVE-2022-2806 | 3 Ovirt, Redhat, Sos Project | 3 Log Collector, Rhev Manager, Sos | 2024-08-03 | 5.5 Medium |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | ||||
| CVE-2022-2832 | 2 Blender, Redhat | 2 Blender, Openshift Sandboxed Containers | 2024-08-03 | 7.5 High |
| A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity. | ||||
| CVE-2022-2879 | 2 Golang, Redhat | 16 Go, Container Native Virtualization, Devtools and 13 more | 2024-08-03 | 7.5 High |
| Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. | ||||
| CVE-2022-2868 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2024-08-03 | 5.5 Medium |
| libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | ||||