Vulnerabilities > Redhat > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-17 | CVE-2017-7517 | Improper Input Validation vulnerability in Redhat Openshift 3.0 An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. | 3.5 |
| 2022-09-01 | CVE-2022-2256 | Cross-site Scripting vulnerability in Redhat Single Sign-On 7.0 A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. | 3.8 |
| 2022-08-24 | CVE-2021-4217 | NULL Pointer Dereference vulnerability in multiple products A flaw was found in unzip. | 3.3 |
| 2022-08-17 | CVE-2020-14394 | Infinite Loop vulnerability in multiple products An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. | 3.2 |
| 2022-07-01 | CVE-2014-3650 | Cross-site Scripting vulnerability in Redhat Jboss Aerogear 1.0.0 Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. | 3.5 |
| 2022-06-30 | CVE-2014-0068 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift-Origin-Node-Util It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | 2.1 |
| 2022-06-28 | CVE-2022-0987 | A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. | 2.1 |
| 2022-04-13 | CVE-2022-1280 | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. | 3.3 |
| 2022-04-01 | CVE-2021-3461 | Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | 3.3 |
| 2022-04-01 | CVE-2021-20238 | Missing Authentication for Critical Function vulnerability in Redhat products It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. | 3.7 |