Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Tus
Subscriptions
Total
970 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2588 | 3 Canonical, Linux, Redhat | 9 Ubuntu Linux, Linux Kernel, Enterprise Linux and 6 more | 2024-11-21 | 5.3 Medium |
| It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | ||||
| CVE-2022-2414 | 2 Dogtagpki, Redhat | 7 Dogtagpki, Certificate System, Enterprise Linux and 4 more | 2024-11-21 | 7.5 High |
| Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. | ||||
| CVE-2022-2132 | 4 Debian, Dpdk, Fedoraproject and 1 more | 15 Debian Linux, Data Plane Development Kit, Fedora and 12 more | 2024-11-21 | 8.6 High |
| A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | ||||
| CVE-2022-23307 | 4 Apache, Oracle, Qos and 1 more | 44 Chainsaw, Log4j, Advanced Supply Chain Planning and 41 more | 2024-11-21 | 8.8 High |
| CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | ||||
| CVE-2022-23305 | 6 Apache, Broadcom, Netapp and 3 more | 46 Log4j, Brocade Sannav, Snapmanager and 43 more | 2024-11-21 | 9.8 Critical |
| By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
| CVE-2022-23302 | 6 Apache, Broadcom, Netapp and 3 more | 44 Log4j, Brocade Sannav, Snapmanager and 41 more | 2024-11-21 | 8.8 High |
| JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
| CVE-2022-22942 | 2 Redhat, Vmware | 8 Enterprise Linux, Rhel Aus, Rhel E4s and 5 more | 2024-11-21 | 7.8 High |
| The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | ||||
| CVE-2022-22720 | 6 Apache, Apple, Debian and 3 more | 16 Http Server, Mac Os X, Macos and 13 more | 2024-11-21 | 9.8 Critical |
| Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling | ||||
| CVE-2022-21698 | 4 Fedoraproject, Prometheus, Rdo Project and 1 more | 17 Extra Packages For Enterprise Linux, Fedora, Client Golang and 14 more | 2024-11-21 | 7.5 High |
| client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. | ||||
| CVE-2022-21166 | 6 Debian, Fedoraproject, Intel and 3 more | 14 Debian Linux, Fedora, Sgx Dcap and 11 more | 2024-11-21 | 5.5 Medium |
| Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-21125 | 6 Debian, Fedoraproject, Intel and 3 more | 14 Debian Linux, Fedora, Sgx Dcap and 11 more | 2024-11-21 | 5.5 Medium |
| Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-21123 | 6 Debian, Fedoraproject, Intel and 3 more | 14 Debian Linux, Fedora, Sgx Dcap and 11 more | 2024-11-21 | 5.5 Medium |
| Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-1789 | 4 Debian, Fedoraproject, Linux and 1 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2024-11-21 | 6.8 Medium |
| With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. | ||||
| CVE-2022-1729 | 3 Linux, Netapp, Redhat | 9 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux and 6 more | 2024-11-21 | 7.0 High |
| A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | ||||
| CVE-2022-1158 | 3 Fedoraproject, Linux, Redhat | 8 Fedora, Linux Kernel, Enterprise Linux and 5 more | 2024-11-21 | 7.8 High |
| A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. | ||||
| CVE-2022-1048 | 4 Debian, Linux, Netapp and 1 more | 22 Debian Linux, Linux Kernel, H300e and 19 more | 2024-11-21 | 7.0 High |
| A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||||
| CVE-2022-0778 | 8 Debian, Fedoraproject, Mariadb and 5 more | 25 Debian Linux, Fedora, Mariadb and 22 more | 2024-11-21 | 7.5 High |
| The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). | ||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 36 Ubuntu Linux, Debian Linux, Fedora and 33 more | 2024-11-21 | 7.8 High |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | ||||
| CVE-2022-0330 | 4 Fedoraproject, Linux, Netapp and 1 more | 52 Fedora, Linux Kernel, H300e and 49 more | 2024-11-21 | 7.8 High |
| A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | ||||
| CVE-2021-4155 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux, Rhel Aus and 6 more | 2024-11-21 | 5.5 Medium |
| A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | ||||