VYPR

Vendor CVEs

Red Hat

All CVEs

3,698 total · sorted by risk
  • CVE-2023-5568MedOct 25, 2023
    risk 0.38cvss 5.9epss 0.02

    A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.

  • CVE-2023-4806MedSep 18, 2023
    risk 0.38cvss 5.9epss 0.01

    A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and…

  • CVE-2023-4813MedSep 12, 2023
    risk 0.38cvss 5.9epss 0.02

    A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is…

  • CVE-2023-3347MedJul 20, 2023
    risk 0.38cvss 5.9epss 0.00

    A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to…

  • CVE-2023-1183MedJul 10, 2023
    risk 0.38cvss 5.0epss 0.66

    A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

  • CVE-2022-3100MedJan 18, 2023
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

  • CVE-2020-14312MedFeb 6, 2021
    risk 0.38cvss 5.9epss 0.01

    A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option…

  • CVE-2020-1741MedApr 24, 2020
    risk 0.38cvss 5.9epss 0.01

    A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could…

  • CVE-2011-2487MedMar 11, 2020
    risk 0.38cvss 5.9epss 0.02

    The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

  • CVE-2014-0245MedJan 2, 2020
    risk 0.38cvss 5.9epss 0.01

    It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote…

  • CVE-2014-8167MedNov 13, 2019
    risk 0.38cvss 5.9epss 0.01

    vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack

  • CVE-2019-10150MedJun 12, 2019
    risk 0.38cvss 5.9epss 0.01

    It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.

  • CVE-2015-1777MedApr 12, 2018
    risk 0.38cvss 5.9epss 0.01

    rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a…

  • CVE-2017-15085MedNov 8, 2017
    risk 0.38cvss 5.9epss 0.02

    It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

  • CVE-2014-3706MedOct 18, 2017
    risk 0.38cvss 5.9epss 0.01

    ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

  • CVE-2011-4600MedApr 14, 2016
    risk 0.38cvss 5.9epss 0.02

    The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP…

  • CVE-2015-3195MedDec 6, 2015
    risk 0.38cvss 5.3epss 0.39

    The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information…

  • CVE-2026-37982MedMay 19, 2026
    risk 0.37cvss 6.8epss 0.00

    A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercepting an execute-actions email link, an attacker can register their own…

  • CVE-2026-4878MedApr 9, 2026
    risk 0.37cvss 6.7epss 0.00

    A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an…

  • CVE-2026-5165MedMar 30, 2026
    risk 0.37cvss 6.7epss 0.00

    A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially…

  • CVE-2026-5164MedMar 30, 2026
    risk 0.37cvss 6.7epss 0.00

    A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading…

  • CVE-2025-25209MedJun 9, 2025
    risk 0.37cvss 5.7epss 0.00

    The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona…

  • CVE-2023-6395MedJan 16, 2024
    risk 0.37cvss 6.7epss 0.02

    The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of…

  • CVE-2023-4456MedAug 21, 2023
    risk 0.37cvss 5.7epss 0.00

    A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

  • CVE-2020-25655MedNov 9, 2020
    risk 0.37cvss 5.7epss 0.01

    An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user…

  • CVE-2017-5042MedApr 24, 2017
    risk 0.37cvss 5.7epss 0.00

    Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies…

  • CVE-2017-3265MedJan 27, 2017
    risk 0.37cvss 5.6epss 0.01

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to…

  • CVE-2016-0264MedMay 24, 2016
    risk 0.37cvss 5.6epss 0.04

    Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute…

  • CVE-2026-1767MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This…

  • CVE-2026-1766MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment)…

  • CVE-2026-54231MedJun 13, 2026
    risk 0.36cvss 5.5epss 0.00

    A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded…

  • CVE-2026-50263MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.

  • CVE-2026-50262MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists…

  • CVE-2026-6844MedApr 22, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead…

  • CVE-2026-6843MedApr 22, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This…

  • CVE-2026-40918MedApr 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that…

  • CVE-2026-40915MedApr 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when…

  • CVE-2026-5745MedApr 7, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the…

  • CVE-2026-4948MedMar 27, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper…

  • CVE-2026-0967MedMar 26, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts…

  • CVE-2026-4897MedMar 26, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of…

  • CVE-2025-13193MedNov 17, 2025
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

  • CVE-2025-12748MedNov 11, 2025
    risk 0.36cvss 5.5epss 0.00

    A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing…

  • CVE-2024-52337MedNov 26, 2024
    risk 0.36cvss 5.5epss 0.00

    A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD…

  • CVE-2024-1441MedMar 11, 2024
    risk 0.36cvss 5.5epss 0.00

    An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client…

  • CVE-2023-5992MedJan 31, 2024
    risk 0.36cvss 5.6epss 0.01

    A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

  • CVE-2023-40550MedJan 29, 2024
    risk 0.36cvss 5.5epss 0.00

    An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

  • CVE-2023-6679MedDec 11, 2023
    risk 0.36cvss 5.5epss 0.00

    A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.

  • CVE-2023-6560MedDec 9, 2023
    risk 0.36cvss 5.5epss 0.00

    An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

  • CVE-2023-4910MedNov 6, 2023
    risk 0.36cvss 5.5epss 0.00

    A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.

Page 28 of 74