Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2023-02-23 CVE-2022-4492 Unspecified vulnerability in Redhat products
The undertow client is not checking the server identity presented by the server certificate in https connections.
network
low complexity
redhat
7.5
7.5
2023-02-23 CVE-2023-0044 Cross-site Scripting vulnerability in multiple products
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure.
network
low complexity
quarkus redhat CWE-79
6.1
6.1
2023-02-17 CVE-2023-0482 Unspecified vulnerability in Redhat Resteasy
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
local
low complexity
redhat
5.5
5.5
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
high complexity
gnu redhat debian fedoraproject netapp CWE-203
7.4
7.4
2023-02-02 CVE-2022-3560 Path Traversal vulnerability in multiple products
A flaw was found in pesign.
local
low complexity
pesign-project fedoraproject redhat CWE-22
5.5
5.5
2023-02-01 CVE-2022-4254 sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
network
low complexity
fedoraproject redhat
8.8
8.8
2023-01-27 CVE-2022-4285 An illegal memory access flaw was found in the binutils package.
local
low complexity
gnu fedoraproject redhat
5.5
5.5
2023-01-26 CVE-2023-0229 Unspecified vulnerability in Redhat Openshift 4.11/4.12
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
network
low complexity
redhat
6.3
6.3
2023-01-18 CVE-2022-3100 A flaw was found in the openstack-barbican component.
network
high complexity
openstack redhat
5.9
5.9
2023-01-17 CVE-2023-0296 Unspecified vulnerability in Redhat Openshift 4.11
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component.
network
low complexity
redhat
5.3
5.3