Filtered by vendor Redhat
Subscribe
Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3971 | 1 Redhat | 5 Ansible Automation Controller, Ansible Automation Platform, Ansible Developer and 2 more | 2023-11-07 | N/A | 5.4 MEDIUM |
| An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise. | |||||
| CVE-2023-3637 | 1 Redhat | 1 Openstack Platform | 2023-11-07 | N/A | 6.5 MEDIUM |
| An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. | |||||
| CVE-2023-3361 | 2 Opendatahub, Redhat | 2 Open Data Hub Dashboard, Openshift Data Science | 2023-11-07 | N/A | 7.5 HIGH |
| A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret. | |||||
| CVE-2023-3269 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2023-11-07 | N/A | 7.8 HIGH |
| A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. | |||||
| CVE-2023-3301 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2023-11-07 | N/A | 5.6 MEDIUM |
| A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. | |||||
| CVE-2023-3153 | 2 Ovn, Redhat | 4 Open Virtual Network, Enterprise Linux, Fast Datapath and 1 more | 2023-11-07 | N/A | 5.3 MEDIUM |
| A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. | |||||
| CVE-2023-3384 | 1 Redhat | 1 Quay | 2023-11-07 | N/A | 5.4 MEDIUM |
| A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS). | |||||
| CVE-2023-3089 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Arm64 and 3 more | 2023-11-07 | N/A | 7.5 HIGH |
| A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | |||||
| CVE-2023-34432 | 3 Fedoraproject, Redhat, Sound Exchange Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2023-11-07 | N/A | 7.8 HIGH |
| A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. | |||||
| CVE-2023-2974 | 1 Redhat | 1 Build Of Quarkus | 2023-11-07 | N/A | 8.1 HIGH |
| A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol. | |||||
| CVE-2023-2422 | 1 Redhat | 4 Enterprise Linux, Keycloak, Openshift Container Platform and 1 more | 2023-11-07 | N/A | 7.1 HIGH |
| A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. | |||||
| CVE-2023-22863 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2023-11-07 | N/A | 5.9 MEDIUM |
| IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. | |||||
| CVE-2023-22592 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift | 2023-11-07 | N/A | 7.8 HIGH |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. | |||||
| CVE-2023-22594 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2023-11-07 | N/A | 5.4 MEDIUM |
| IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. | |||||
| CVE-2023-1832 | 2 Candlepinproject, Redhat | 2 Candlepin, Satellite | 2023-11-07 | N/A | 8.1 HIGH |
| An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant. | |||||
| CVE-2023-1636 | 2 Openstack, Redhat | 2 Barbican, Openstack Platform | 2023-11-07 | N/A | 5.0 MEDIUM |
| A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. | |||||
| CVE-2023-1625 | 2 Openstack, Redhat | 2 Heat, Openstack Platform | 2023-11-07 | N/A | 5.0 MEDIUM |
| An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. | |||||
| CVE-2023-1633 | 2 Openstack, Redhat | 2 Barbican, Openstack Platform | 2023-11-07 | N/A | 5.5 MEDIUM |
| A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. | |||||
| CVE-2023-1055 | 2 Fedoraproject, Redhat | 2 Fedora, Directory Server | 2023-11-07 | N/A | 5.5 MEDIUM |
| A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2023-0833 | 2 Redhat, Squareup | 2 A-mq Streams, Okhttp | 2023-11-07 | N/A | 5.5 MEDIUM |
| A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. | |||||