Filtered by vendor Redhat
Subscribe
Total
5530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19354 | 1 Redhat | 2 Enterprise Linux, Openshift Container Platform | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19352 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19351 | 1 Redhat | 1 Openshift | 2023-02-12 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. | |||||
| CVE-2019-19345 | 1 Redhat | 1 Openshift | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19335 | 1 Redhat | 1 Openshift | 2023-02-12 | 2.1 LOW | 4.4 MEDIUM |
| During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. | |||||
| CVE-2019-19332 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-12 | 5.6 MEDIUM | 6.1 MEDIUM |
| An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. | |||||
| CVE-2019-14906 | 2 Libsdl, Redhat | 2 Simple Directmedia Layer, Enterprise Linux | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. | |||||
| CVE-2019-14898 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2023-02-12 | 6.9 MEDIUM | 7.0 HIGH |
| The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. | |||||
| CVE-2019-14896 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. | |||||
| CVE-2019-14894 | 1 Redhat | 1 Cloudforms Management Engine | 2023-02-12 | 9.0 HIGH | 7.2 HIGH |
| A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root. | |||||
| CVE-2019-14886 | 1 Redhat | 2 Decision Manager, Process Automation Manager | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | |||||
| CVE-2019-14854 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. | |||||
| CVE-2019-14849 | 1 Redhat | 1 3scale | 2023-02-12 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information. | |||||
| CVE-2019-14845 | 1 Redhat | 1 Openshift | 2023-02-12 | 2.9 LOW | 5.3 MEDIUM |
| A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content. | |||||
| CVE-2019-14836 | 1 Redhat | 1 3scale | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks. | |||||
| CVE-2019-14823 | 3 Jss Cryptomanager Project, Linux, Redhat | 9 Jss Cryptomanager, Linux Kernel, Enterprise Linux and 6 more | 2023-02-12 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle. | |||||
| CVE-2019-14819 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints. | |||||
| CVE-2019-10213 | 1 Redhat | 2 Enterprise Linux, Openshift Container Platform | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. | |||||
| CVE-2019-10205 | 1 Redhat | 1 Quay | 2023-02-12 | 4.6 MEDIUM | 6.3 MEDIUM |
| A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry. | |||||
| CVE-2019-10202 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike. | |||||