Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2023-09-30 CVE-2023-44488 Improper Handling of Exceptional Conditions vulnerability in multiple products
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
network
low complexity
webmproject redhat debian fedoraproject CWE-755
7.5
2023-09-28 CVE-2023-5217 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2023-09-28 CVE-2023-42756 Race Condition vulnerability in multiple products
A flaw was found in the Netfilter subsystem of the Linux kernel.
local
high complexity
linux redhat debian fedoraproject CWE-362
4.7
2023-09-28 CVE-2023-5215 Unchecked Return Value vulnerability in Redhat Enterprise Linux and Libnbd
A flaw was found in libnbd.
low complexity
redhat CWE-252
6.5
2023-09-27 CVE-2023-4066 Cleartext Storage of Sensitive Information vulnerability in Redhat products
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
local
low complexity
redhat CWE-312
5.5
2023-09-27 CVE-2023-4065 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log.
local
low complexity
redhat CWE-276
5.5
2023-09-27 CVE-2023-5157 A vulnerability was found in MariaDB.
network
low complexity
mariadb fedoraproject redhat
7.5
2023-09-27 CVE-2023-3223 Unspecified vulnerability in Redhat products
A flaw was found in undertow.
network
low complexity
redhat
7.5
2023-09-27 CVE-2023-0456 Missing Authorization vulnerability in Redhat Apicast 2.0.0
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm.
network
low complexity
redhat CWE-862
7.5
2023-09-27 CVE-2023-0833 Information Exposure Through an Error Message vulnerability in multiple products
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value.
local
low complexity
squareup redhat CWE-209
5.5