Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-4144 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU.
local
low complexity
qemu fedoraproject redhat CWE-125
6.5
2022-11-22 CVE-2022-3500 Uncaught Exception vulnerability in multiple products
A vulnerability was found in keylime.
local
high complexity
keylime redhat fedoraproject CWE-248
5.1
2022-11-08 CVE-2022-3821 Off-by-one Error vulnerability in multiple products
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c.
5.5
2022-11-03 CVE-2022-3675 Missing Authorization vulnerability in Redhat Fedora Coreos 36.20220820.3.0
Fedora CoreOS supports setting a GRUB bootloader password using a Butane config.
local
low complexity
redhat CWE-862
5.5
2022-10-25 CVE-2022-3644 Insufficiently Protected Credentials vulnerability in multiple products
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
local
low complexity
pulpproject redhat CWE-522
5.5
2022-10-19 CVE-2013-4281 Incorrect Default Permissions vulnerability in Redhat Openshift 1.0
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
local
low complexity
redhat CWE-276
5.5
2022-10-19 CVE-2022-2805 Cleartext Storage of Sensitive Information vulnerability in Redhat Virtualization 4.0
A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style.
network
low complexity
redhat CWE-312
6.5
2022-10-14 CVE-2022-2850 NULL Pointer Dereference vulnerability in multiple products
A flaw was found In 389-ds-base.
network
low complexity
redhat fedoraproject CWE-476
6.5
2022-10-07 CVE-2020-15855 Cross-site Scripting vulnerability in Redhat Bodhi
Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
network
low complexity
redhat CWE-79
6.1
2022-09-29 CVE-2014-0147 Integer Overflow or Wraparound vulnerability in multiple products
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
local
low complexity
qemu fedoraproject redhat CWE-190
6.2