Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-06 CVE-2022-3277 Resource Exhaustion vulnerability in multiple products
An uncontrolled resource consumption flaw was found in openstack-neutron.
network
low complexity
redhat openstack CWE-400
6.5
6.5
2023-03-06 CVE-2022-3707 Double Free vulnerability in multiple products
A double-free memory flaw was found in the Linux kernel.
local
low complexity
linux redhat CWE-415
5.5
5.5
2023-03-06 CVE-2022-3854 Unspecified vulnerability in Redhat Ceph Storage 3.0/4.0/5.0
A flaw was found in Ceph, relating to the URL processing on RGW backends.
network
low complexity
redhat
6.5
6.5
2023-02-28 CVE-2023-1095 NULL Pointer Dereference vulnerability in multiple products
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object.
local
low complexity
linux redhat CWE-476
5.5
5.5
2023-02-27 CVE-2023-1055 Improper Certificate Validation vulnerability in multiple products
A flaw was found in RHDS 11 and RHDS 12.
local
low complexity
redhat fedoraproject CWE-295
5.5
5.5
2023-02-23 CVE-2023-0044 Cross-site Scripting vulnerability in multiple products
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure.
network
low complexity
quarkus redhat CWE-79
6.1
6.1
2023-02-17 CVE-2023-0482 Unspecified vulnerability in Redhat Resteasy
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
local
low complexity
redhat
5.5
5.5
2023-02-02 CVE-2022-3560 Path Traversal vulnerability in multiple products
A flaw was found in pesign.
local
low complexity
pesign-project fedoraproject redhat CWE-22
5.5
5.5
2023-01-27 CVE-2022-4285 NULL Pointer Dereference vulnerability in multiple products
An illegal memory access flaw was found in the binutils package.
local
low complexity
gnu fedoraproject redhat CWE-476
5.5
5.5
2023-01-26 CVE-2023-0229 Unspecified vulnerability in Redhat Openshift 4.11/4.12
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
network
low complexity
redhat
6.3
6.3