Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-09 | CVE-2022-3259 | Unspecified vulnerability in Redhat Openshift 4.9 Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. | 7.4 |
| 2022-12-08 | CVE-2022-3262 | Insecure Default Initialization of Resource vulnerability in Redhat Openshift 4.9 A flaw was found in Openshift. | 8.1 |
| 2022-10-28 | CVE-2022-3697 | Unspecified vulnerability in Redhat Ansible and Ansible Collection A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. | 7.5 |
| 2022-10-19 | CVE-2013-4253 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0 The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. | 7.5 |
| 2022-10-19 | CVE-2022-1414 | Improper Input Validation vulnerability in Redhat 3Scale API Management 2.0 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. | 8.8 |
| 2022-10-17 | CVE-2019-14840 | Unspecified vulnerability in Redhat Decision Manager 7.0 A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. | 7.5 |
| 2022-10-17 | CVE-2019-14841 | Improper Preservation of Permissions vulnerability in Redhat Decision Manager and Process Automation A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. | 8.8 |
| 2022-10-14 | CVE-2022-2963 | Memory Leak vulnerability in multiple products A vulnerability found in jasper. | 7.5 |
| 2022-09-29 | CVE-2014-0144 | Improper Input Validation vulnerability in multiple products QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | 8.6 |
| 2022-09-13 | CVE-2022-1278 | Insecure Default Initialization of Resource vulnerability in Redhat products A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | 7.5 |