Vulnerabilities > Redhat > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-18 | CVE-2021-3657 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in mbsync versions prior to 1.4.4. | 9.8 |
2022-02-18 | CVE-2022-0671 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Vscode-Xml A flaw was found in vscode-xml in versions prior to 0.19.0. | 9.1 |
2022-02-16 | CVE-2021-3773 | A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. | 9.8 |
2021-12-08 | CVE-2021-4048 | An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. | 9.1 |
2021-09-21 | CVE-2021-31917 | Improper Authentication vulnerability in multiple products A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). | 9.8 |
2021-08-12 | CVE-2021-20314 | Out-of-bounds Write vulnerability in multiple products Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. | 9.8 |
2021-05-28 | CVE-2021-20195 | Improper Encoding or Escaping of Output vulnerability in Redhat Keycloak A flaw was found in keycloak in versions before 13.0.0. | 9.6 |
2021-05-28 | CVE-2021-20236 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the ZeroMQ server in versions before 4.3.3. | 9.8 |
2021-05-27 | CVE-2020-27832 | Unspecified vulnerability in Redhat Quay A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. | 9.0 |
2021-05-26 | CVE-2018-10866 | Missing Authorization vulnerability in Redhat Certification 7.0 It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him. | 9.1 |