VYPR

Vendor CVEs

Red Hat

All CVEs

3,664 total · sorted by risk
  • CVE-2020-10685MedMay 11, 2020
    risk 0.26cvss 5.0epss 0.00

    A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as…

  • CVE-2020-1753MedMar 16, 2020
    risk 0.26cvss 5.0epss 0.01

    A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are…

  • CVE-2020-1733MedMar 11, 2020
    risk 0.26cvss 5.0epss 0.00

    A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is…

  • CVE-2017-10295MedOct 19, 2017
    risk 0.26cvss 4.0epss 0.02

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows…

  • CVE-2017-3318MedJan 27, 2017
    risk 0.26cvss 4.0epss 0.00

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with…

  • CVE-2017-3317MedJan 27, 2017
    risk 0.26cvss 4.0epss 0.00

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the…

  • CVE-2026-37978MedMay 19, 2026
    risk 0.25cvss 4.9epss 0.00

    A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID (userId) parameter. This vulnerability allows for cross-role personally identifiable…

  • CVE-2026-2376MedMar 12, 2026
    risk 0.25cvss 4.9epss 0.00

    A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without…

  • CVE-2023-0091LowJan 13, 2023
    risk 0.25cvss 3.8epss 0.00

    A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

  • CVE-2019-3868LowApr 24, 2019
    risk 0.25cvss 3.8epss 0.01

    Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session.

  • CVE-2016-8647MedJul 26, 2018
    risk 0.25cvss 4.9epss 0.01

    An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

  • CVE-2016-3716LowMay 5, 2016
    risk 0.25cvss 3.3epss 0.11

    The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

  • CVE-2026-2708LowApr 23, 2026
    risk 0.24cvss 3.7epss 0.00

    A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields.…

  • CVE-2026-3184LowApr 3, 2026
    risk 0.24cvss 3.7epss 0.00

    A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname,…

  • CVE-2023-6918LowDec 19, 2023
    risk 0.24cvss 3.7epss 0.01

    A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes,…

  • CVE-2021-20238LowApr 1, 2022
    risk 0.24cvss 3.7epss 0.01

    It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include…

  • CVE-2019-10157MedJun 12, 2019
    risk 0.24cvss 4.7epss 0.00

    It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could…

  • CVE-2017-3544LowApr 24, 2017
    risk 0.24cvss 3.7epss 0.02

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows…

  • CVE-2017-3533LowApr 24, 2017
    risk 0.24cvss 3.7epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows…

  • CVE-2016-1000033LowOct 25, 2016
    risk 0.24cvss 3.7epss 0.01

    Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

  • CVE-2016-5444LowJul 21, 2016
    risk 0.24cvss 3.7epss 0.04

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

  • CVE-2016-3452LowJul 21, 2016
    risk 0.24cvss 3.7epss 0.04

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security:…

  • CVE-2015-4170MedMay 2, 2016
    risk 0.24cvss 4.7epss 0.00

    Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a…

  • CVE-2014-3611MedNov 10, 2014
    risk 0.24cvss 4.7epss 0.00

    Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.

  • CVE-2024-49502LowNov 28, 2024
    risk 0.23cvss 3.5epss 0.00

    A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects…

  • CVE-2023-6134MedDec 14, 2023
    risk 0.23cvss 4.6epss 0.01

    A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the…

  • CVE-2023-3748LowJul 24, 2023
    risk 0.23cvss 3.5epss 0.01

    A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV…

  • CVE-2017-7517LowOct 17, 2022
    risk 0.23cvss 3.5epss 0.00

    An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called…

  • CVE-2020-25688LowNov 23, 2020
    risk 0.23cvss 3.5epss 0.00

    A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network…

  • CVE-2016-7061LowSep 10, 2018
    risk 0.23cvss 3.5epss 0.02

    An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.

  • CVE-2017-12175LowJul 26, 2018
    risk 0.23cvss 3.5epss 0.01

    Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.

  • CVE-2017-7509LowJul 26, 2018
    risk 0.23cvss 3.5epss 0.01

    An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.

  • CVE-2017-7538LowJul 26, 2018
    risk 0.23cvss 3.5epss 0.01

    A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.

  • CVE-2023-5236MedDec 18, 2023
    risk 0.22cvss 4.4epss 0.01

    A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial…

  • CVE-2020-1702LowMay 27, 2021
    risk 0.22cvss 3.3epss 0.01

    A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container…

  • CVE-2015-2877LowMar 3, 2017
    risk 0.22cvss 3.3epss 0.01

    Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the…

  • CVE-2016-0643LowApr 21, 2016
    risk 0.22cvss 3.3epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.

  • CVE-2026-11792LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.00

    A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext…

  • CVE-2026-9791MedMay 28, 2026
    risk 0.21cvss 4.3epss 0.00

    A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata…

  • CVE-2026-8830MedMay 19, 2026
    risk 0.21cvss 4.3epss 0.00

    A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's…

  • CVE-2026-0965LowMar 26, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by…

  • CVE-2026-3190MedMar 26, 2026
    risk 0.21cvss 4.3epss 0.00

    A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection`…

  • CVE-2025-2157LowMar 15, 2025
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege…

  • CVE-2024-1048LowFeb 6, 2024
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the…

  • CVE-2023-6228LowDec 18, 2023
    risk 0.21cvss 3.3epss 0.00

    An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.

  • CVE-2023-3629MedDec 18, 2023
    risk 0.21cvss 4.3epss 0.01

    A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

  • CVE-2023-39194LowOct 9, 2023
    risk 0.21cvss 3.2epss 0.00

    A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds…

  • CVE-2022-4245MedSep 25, 2023
    risk 0.21cvss 4.3epss 0.01

    A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

  • CVE-2022-3962MedSep 23, 2023
    risk 0.21cvss 4.3epss 0.01

    A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved…

  • CVE-2022-20562LowDec 16, 2022
    risk 0.21cvss 3.3epss 0.00

    In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for…

Page 37 of 74