Filtered by vendor Redhat
Subscribe
Total
5670 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8443 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-10-01 | N/A | 2.9 LOW |
| A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution. | |||||
| CVE-2024-45619 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-23 | N/A | 4.3 MEDIUM |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. | |||||
| CVE-2024-45620 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-19 | N/A | 3.9 LOW |
| A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. | |||||
| CVE-2024-7557 | 1 Redhat | 2 Openshift Ai, Openshift Data Science | 2024-09-18 | N/A | 8.8 HIGH |
| A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources. | |||||
| CVE-2024-7700 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-09-16 | N/A | 6.5 MEDIUM |
| A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script. | |||||
| CVE-2024-45615 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). | |||||
| CVE-2024-45616 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. | |||||
| CVE-2024-45617 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | |||||
| CVE-2024-45618 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
| A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | |||||
| CVE-2024-44070 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2024-08-30 | N/A | 7.5 HIGH |
| An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. | |||||