Vulnerabilities > Redhat > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2014-8164 Improper Certificate Validation vulnerability in Redhat Cloudforms Management Engine 5.0
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.
network
low complexity
redhat CWE-295
critical
 9.1
9.1
2022-06-30 CVE-2013-4561 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file.
network
low complexity
redhat CWE-668
critical
 9.1
9.1
2022-06-16 CVE-2021-41411 XXE vulnerability in Redhat Drools 6.1.0
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java.
network
low complexity
redhat CWE-611
critical
 9.8
9.8
2022-05-18 CVE-2022-30599 SQL Injection vulnerability in multiple products
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
network
low complexity
moodle redhat fedoraproject CWE-89
critical
 9.8
9.8
2022-05-18 CVE-2022-30600 Incorrect Calculation vulnerability in multiple products
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
network
low complexity
moodle redhat fedoraproject CWE-682
critical
 9.8
9.8
2022-05-16 CVE-2022-1586 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.
network
low complexity
pcre fedoraproject redhat netapp CWE-125
critical
 9.1
9.1
2022-05-16 CVE-2022-1587 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file.
network
low complexity
pcre redhat fedoraproject netapp CWE-125
critical
 9.1
9.1
2022-03-21 CVE-2022-26148 Cleartext Storage of Sensitive Information vulnerability in multiple products
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix.
network
low complexity
grafana redhat CWE-312
critical
 9.8
9.8
2022-03-03 CVE-2021-3762 Path Traversal vulnerability in Redhat Clair and Quay
A directory traversal vulnerability was found in the ClairCore engine of Clair.
network
low complexity
redhat CWE-22
critical
 9.8
9.8
2022-02-18 CVE-2021-20325 Server-Side Request Forgery (SSRF) vulnerability in Redhat Enterprise Linux 8.5.0
Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4.
network
low complexity
redhat CWE-918
critical
 9.8
9.8