Vulnerabilities > Redhat > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-0435 Out-of-bounds Write vulnerability in multiple products
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
network
low complexity
linux redhat ovirt fedoraproject CWE-787
critical
9.0
2022-02-21 CVE-2021-44142 Out-of-bounds Write vulnerability in multiple products
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes.
network
low complexity
samba debian canonical synology fedoraproject redhat CWE-787
critical
9.0
2022-02-18 CVE-2021-20325 Server-Side Request Forgery (SSRF) vulnerability in Redhat Enterprise Linux 8.5.0
Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4.
network
low complexity
redhat CWE-918
critical
10.0
2022-02-18 CVE-2020-25719 Improper Authentication vulnerability in multiple products
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication.
network
low complexity
samba debian fedoraproject canonical redhat CWE-287
critical
9.0
2021-12-23 CVE-2021-3621 Command Injection vulnerability in multiple products
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands.
network
sssd redhat fedoraproject CWE-77
critical
9.3
2021-12-23 CVE-2021-3584 OS Command Injection vulnerability in multiple products
A server side remote code execution vulnerability was found in Foreman project.
network
low complexity
theforeman redhat CWE-78
critical
9.0
2021-03-25 CVE-2021-3466 Classic Buffer Overflow vulnerability in multiple products
A flaw was found in libmicrohttpd.
network
low complexity
gnu redhat fedoraproject CWE-120
critical
10.0
2021-03-19 CVE-2019-10200 Improper Access Control vulnerability in Redhat Openshift Container Platform 4.0
A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes.
network
low complexity
redhat CWE-284
critical
9.0
2021-03-19 CVE-2019-10196 Improper Initialization vulnerability in multiple products
A flaw was found in http-proxy-agent, prior to version 2.1.0.
network
low complexity
http-proxy-agent-project fedoraproject redhat CWE-665
critical
9.0
2020-12-21 CVE-2020-27846 Misinterpretation of Input vulnerability in multiple products
A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject CWE-115
critical
10.0