Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-16 CVE-2021-41411 XXE vulnerability in Redhat Drools 6.1.0
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java.
network
low complexity
redhat CWE-611
7.5
2022-06-09 CVE-2022-1998 Use After Free vulnerability in multiple products
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user().
local
low complexity
linux fedoraproject redhat CWE-416
7.2
2022-06-07 CVE-2022-1708 Resource Exhaustion vulnerability in multiple products
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.
network
low complexity
kubernetes fedoraproject redhat CWE-400
7.8
2022-06-06 CVE-2022-1966 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c.
local
low complexity
linux redhat fedoraproject debian CWE-416
7.2
2022-06-02 CVE-2022-1652 Use After Free vulnerability in multiple products
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function.
local
low complexity
linux redhat CWE-416
7.2
2022-05-18 CVE-2022-30599 SQL Injection vulnerability in multiple products
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
network
low complexity
moodle redhat fedoraproject CWE-89
7.5
2022-05-18 CVE-2022-30600 Incorrect Calculation vulnerability in multiple products
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
network
low complexity
moodle redhat fedoraproject CWE-682
7.5
2022-03-23 CVE-2021-3748 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in the virtio-net device of QEMU.
7.2
2022-03-21 CVE-2022-26148 Cleartext Storage of Sensitive Information vulnerability in multiple products
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix.
network
low complexity
grafana redhat CWE-312
7.5
2022-03-10 CVE-2022-0847 Improper Initialization vulnerability in multiple products
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values.
local
low complexity
linux fedoraproject redhat ovirt CWE-665
7.2