Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2022-27651 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. | 6.8 |
| 2022-04-01 | CVE-2019-14839 | Information Exposure vulnerability in Redhat products It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | 7.5 |
| 2022-04-01 | CVE-2021-20238 | Missing Authentication for Critical Function vulnerability in Redhat products It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. | 3.7 |
| 2022-04-01 | CVE-2021-3461 | Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | 7.1 |
| 2022-03-30 | CVE-2020-35501 | A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | 3.4 |
| 2022-03-29 | CVE-2022-1055 | Use After Free vulnerability in multiple products A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. | 7.8 |
| 2022-03-25 | CVE-2021-20323 | Cross-site Scripting vulnerability in Redhat Keycloak A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. | 6.1 |
| 2022-03-25 | CVE-2021-3814 | Missing Authorization vulnerability in Redhat 3Scale It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. | 7.5 |
| 2022-03-25 | CVE-2021-3941 | In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. | 6.5 |
| 2022-03-25 | CVE-2021-4147 | Improper Locking vulnerability in multiple products A flaw was found in the libvirt libxl driver. | 6.5 |