Vulnerabilities > Redhat > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2021-3657 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in mbsync versions prior to 1.4.4.
network
low complexity
isync-project fedoraproject redhat debian CWE-119
critical
9.8
2022-02-18 CVE-2022-0671 Server-Side Request Forgery (SSRF) vulnerability in Redhat Vscode-Xml
A flaw was found in vscode-xml in versions prior to 0.19.0.
network
low complexity
redhat CWE-918
critical
9.1
2022-02-16 CVE-2021-3773 A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
network
low complexity
linux fedoraproject redhat oracle
critical
9.8
2021-12-08 CVE-2021-4048 An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. 9.1
2021-09-21 CVE-2021-31917 Improper Authentication vulnerability in multiple products
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0).
network
low complexity
redhat infinispan CWE-287
critical
9.8
2021-08-12 CVE-2021-20314 Out-of-bounds Write vulnerability in multiple products
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
network
low complexity
libspf2 redhat fedoraproject CWE-787
critical
9.8
2021-05-28 CVE-2021-20195 Improper Encoding or Escaping of Output vulnerability in Redhat Keycloak
A flaw was found in keycloak in versions before 13.0.0.
network
low complexity
redhat CWE-116
critical
9.6
2021-05-28 CVE-2021-20236 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the ZeroMQ server in versions before 4.3.3.
network
low complexity
zeromq redhat fedoraproject CWE-787
critical
9.8
2021-05-27 CVE-2020-27832 Unspecified vulnerability in Redhat Quay
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification.
network
low complexity
redhat
critical
9.0
2021-05-26 CVE-2018-10866 Missing Authorization vulnerability in Redhat Certification 7.0
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.
network
low complexity
redhat CWE-862
critical
9.1