Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-28 CVE-2022-3697 Unspecified vulnerability in Redhat Ansible and Ansible Collection
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module.
network
low complexity
redhat
7.5
2022-10-19 CVE-2013-4253 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
network
low complexity
redhat CWE-668
7.5
2022-10-19 CVE-2022-1414 Improper Input Validation vulnerability in Redhat 3Scale API Management 2.0
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields.
network
low complexity
redhat CWE-20
8.8
2022-10-17 CVE-2019-14840 Insufficiently Protected Credentials vulnerability in Redhat Decision Manager 7.0
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.
network
low complexity
redhat CWE-522
7.5
2022-10-17 CVE-2019-14841 Improper Preservation of Permissions vulnerability in Redhat Decision Manager and Process Automation
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header.
network
low complexity
redhat CWE-281
8.8
2022-10-14 CVE-2022-2963 Memory Leak vulnerability in multiple products
A vulnerability found in jasper.
network
low complexity
jasper-project fedoraproject redhat CWE-401
7.5
2022-09-29 CVE-2014-0144 Improper Input Validation vulnerability in multiple products
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
local
low complexity
qemu redhat CWE-20
8.6
2022-09-09 CVE-2020-10735 Incorrect Type Conversion or Cast vulnerability in multiple products
A flaw was found in python.
network
low complexity
python redhat fedoraproject CWE-704
7.5
2022-09-01 CVE-2022-2738 Use After Free vulnerability in multiple products
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117.
network
high complexity
redhat podman-project CWE-416
7.5
2022-08-31 CVE-2022-1259 Resource Exhaustion vulnerability in multiple products
A flaw was found in Undertow.
network
low complexity
redhat netapp CWE-400
7.5