Filtered by vendor Redhat
Subscribe
Total
486 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20578 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. | |||||
CVE-2021-4048 | 5 Fedoraproject, Julialang, Lapack Project and 2 more | 8 Fedora, Julia, Lapack and 5 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. | |||||
CVE-2021-3466 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Libmicrohttpd, Enterprise Linux | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. | |||||
CVE-2020-27832 | 1 Redhat | 1 Quay | 2023-12-10 | 6.0 MEDIUM | 9.0 CRITICAL |
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2018-25012 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | |||||
CVE-2021-20195 | 1 Redhat | 1 Keycloak | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2018-25010 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | |||||
CVE-2018-10867 | 1 Redhat | 1 Certification | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. | |||||
CVE-2018-25009 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | |||||
CVE-2020-36328 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2020-36331 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
CVE-2021-20236 | 3 Fedoraproject, Redhat, Zeromq | 4 Fedora, Ceph Storage, Enterprise Linux and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2018-10866 | 1 Redhat | 1 Certification | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him. | |||||
CVE-2018-25011 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | |||||
CVE-2020-36329 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2018-25013 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | |||||
CVE-2018-25014 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). | |||||
CVE-2020-36330 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
CVE-2021-20231 | 4 Fedoraproject, Gnu, Netapp and 1 more | 5 Fedora, Gnutls, Active Iq Unified Manager and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. | |||||
CVE-2021-20232 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Enterprise Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. |