VYPR

Vendor CVEs

Red Hat

All CVEs

3,661 total · sorted by risk
  • CVE-2010-3282LowJan 9, 2020
    risk 0.21cvss 3.3epss 0.00

    389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local…

  • CVE-2019-10183LowJul 3, 2019
    risk 0.21cvss 3.2epss 0.00

    Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It…

  • CVE-2019-3815LowJan 28, 2019
    risk 0.21cvss 3.3epss 0.00

    A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this…

  • CVE-2016-8612MedMar 9, 2018
    risk 0.21cvss 4.3epss 0.05

    Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.

  • CVE-2017-5081LowOct 27, 2017
    risk 0.21cvss 3.3epss 0.00

    Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.

  • CVE-2015-0238LowSep 26, 2017
    risk 0.21cvss 3.3epss 0.00

    selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.

  • CVE-2016-4455LowApr 14, 2017
    risk 0.21cvss 3.3epss 0.00

    The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.

  • CVE-2016-5432LowOct 3, 2016
    risk 0.21cvss 3.3epss 0.00

    The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

  • CVE-2016-3711LowJun 8, 2016
    risk 0.21cvss 3.3epss 0.00

    HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

  • CVE-2016-3727MedMay 17, 2016
    risk 0.21cvss 4.3epss 0.02

    The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

  • CVE-2026-0968LowMar 26, 2026
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory…

  • CVE-2026-4874LowMar 26, 2026
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the…

  • CVE-2024-12369MedDec 9, 2024
    risk 0.20cvss 4.2epss 0.00

    A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's…

  • CVE-2024-6501LowJul 9, 2024
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.

  • CVE-2023-39418LowAug 11, 2023
    risk 0.20cvss 3.1epss 0.01

    A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

  • CVE-2023-3603LowJul 21, 2023
    risk 0.20cvss 3.1epss 0.01

    A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely…

  • CVE-2020-1735MedMar 16, 2020
    risk 0.20cvss 4.2epss 0.00

    A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

  • CVE-2009-3552LowNov 9, 2019
    risk 0.20cvss 3.1epss 0.00

    In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization…

  • CVE-2019-3828MedMar 27, 2019
    risk 0.20cvss 4.2epss 0.01

    Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

  • CVE-2018-16859MedNov 29, 2018
    risk 0.20cvss 4.2epss 0.01

    Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the…

  • CVE-2016-8651LowAug 1, 2018
    risk 0.20cvss 3.1epss 0.01

    An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained…

  • CVE-2017-10345LowOct 19, 2017
    risk 0.20cvss 3.1epss 0.02

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows…

  • CVE-2017-3653LowAug 8, 2017
    risk 0.20cvss 3.1epss 0.02

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access…

  • CVE-2017-10193LowAug 8, 2017
    risk 0.20cvss 3.1epss 0.02

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network…

  • CVE-2017-3539LowApr 24, 2017
    risk 0.20cvss 3.1epss 0.02

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network…

  • CVE-2026-9088LowJun 5, 2026
    risk 0.18cvss 2.7epss 0.00

    A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured…

  • CVE-2026-10078LowMay 29, 2026
    risk 0.18cvss 2.7epss 0.00

    A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure…

  • CVE-2026-2239LowMar 26, 2026
    risk 0.18cvss 2.8epss 0.00

    A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an…

  • CVE-2020-14341LowJan 12, 2021
    risk 0.18cvss 2.7epss 0.01

    The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing…

  • CVE-2020-1740LowMar 16, 2020
    risk 0.18cvss 3.9epss 0.00

    A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file…

  • CVE-2020-1739LowMar 12, 2020
    risk 0.18cvss 3.9epss 0.00

    A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the…

  • CVE-2017-15136LowFeb 27, 2018
    risk 0.18cvss 2.7epss 0.01

    When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.

  • CVE-2026-3832LowApr 30, 2026
    risk 0.17cvss 3.7epss 0.01

    A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with…

  • CVE-2026-37977LowApr 6, 2026
    risk 0.17cvss 3.7epss 0.00

    A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used…

  • CVE-2026-4633LowMar 23, 2026
    risk 0.17cvss 3.7epss 0.00

    A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user…

  • CVE-2025-8283LowJul 28, 2025
    risk 0.17cvss 3.7epss 0.00

    A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name,…

  • CVE-2025-6052LowJun 13, 2025
    risk 0.17cvss 3.7epss 0.00

    A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a…

  • CVE-2016-8609LowAug 1, 2018
    risk 0.17cvss 3.7epss 0.02

    It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.

  • CVE-2023-2585LowDec 21, 2023
    risk 0.16cvss 3.5epss 0.01

    Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible…

  • CVE-2015-5313LowApr 11, 2016
    risk 0.16cvss 2.5epss 0.00

    Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write…

  • CVE-2023-5870LowDec 10, 2023
    risk 0.15cvss 2.2epss 0.03

    A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient…

  • CVE-2020-1736LowMar 16, 2020
    risk 0.14cvss 2.2epss 0.00

    A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less…

  • CVE-2013-4209LowMay 1, 2018
    risk 0.14cvss 3.3epss 0.00

    Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.

  • CVE-2015-7561LowAug 7, 2017
    risk 0.13cvss 3.1epss 0.01

    Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

  • CVE-2026-11786LowJun 9, 2026
    risk 0.12cvss 1.9epss 0.00

    A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.

  • CVE-2026-3911LowMar 11, 2026
    risk 0.11cvss 2.7epss 0.00

    A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This…

  • CVE-2024-5967LowJun 18, 2024
    risk 0.11cvss 2.7epss 0.01

    A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL  independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP…

  • CVE-2019-14825LowNov 25, 2019
    risk 0.11cvss 2.7epss 0.01

    A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged…

  • CVE-2015-0235Jan 28, 2015
    risk 0.11cvss epss 0.95

    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

  • CVE-2017-12165LowJul 27, 2018
    risk 0.10cvss 2.6epss 0.02

    It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Page 38 of 74