Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-08 | CVE-2022-1245 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Keycloak A privilege escalation flaw was found in the token exchange feature of keycloak. | 9.8 |
| 2022-07-06 | CVE-2014-8164 | Improper Certificate Validation vulnerability in Redhat Cloudforms Management Engine 5.0 A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | 9.1 |
| 2022-07-06 | CVE-2021-3695 | Out-of-bounds Write vulnerability in multiple products A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. | 4.5 |
| 2022-07-06 | CVE-2021-3696 | Out-of-bounds Write vulnerability in multiple products A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. | 4.5 |
| 2022-07-06 | CVE-2021-3697 | Out-of-bounds Write vulnerability in multiple products A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. | 7.0 |
| 2022-07-01 | CVE-2014-3648 | Resource Exhaustion vulnerability in Redhat Jboss Aerogear 1.0.0 The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. | 7.5 |
| 2022-07-01 | CVE-2014-3650 | Cross-site Scripting vulnerability in Redhat Jboss Aerogear 1.0.0 Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. | 5.4 |
| 2022-06-30 | CVE-2014-0068 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift-Origin-Node-Util It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | 5.5 |
| 2022-06-30 | CVE-2013-4561 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. | 9.1 |
| 2022-06-30 | CVE-2022-1852 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. | 5.5 |