Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-3748 | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in the virtio-net device of QEMU. | 7.5 |
| 2022-03-23 | CVE-2021-4180 | Exposure of Resource to Wrong Sphere vulnerability in multiple products An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. | 4.3 |
| 2022-03-23 | CVE-2022-0996 | Improper Authentication vulnerability in multiple products A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | 6.5 |
| 2022-03-23 | CVE-2022-27666 | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. | 7.8 |
| 2022-03-21 | CVE-2022-26148 | Cleartext Storage of Sensitive Information vulnerability in multiple products An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. | 9.8 |
| 2022-03-18 | CVE-2022-1011 | Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). | 7.8 |
| 2022-03-18 | CVE-2022-27191 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | 7.5 |
| 2022-03-16 | CVE-2021-20180 | Information Exposure Through Log Files vulnerability in Redhat Ansible A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. | 5.5 |
| 2022-03-16 | CVE-2021-20257 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. | 6.5 |
| 2022-03-16 | CVE-2022-0918 | A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. | 7.5 |