Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux
Total 2032 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4361 1 Redhat 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more 2024-11-21 N/A 10.0 CRITICAL
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
CVE-2022-4318 3 Fedoraproject, Kubernetes, Redhat 8 Extra Packages For Enterprise Linux, Fedora, Cri-o and 5 more 2024-11-21 N/A 7.8 HIGH
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
CVE-2022-4137 1 Redhat 3 Enterprise Linux, Keycloak, Single Sign-on 2024-11-21 N/A 8.1 HIGH
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
CVE-2022-4132 2 Dogtagpki, Redhat 2 Network Security Services For Java, Enterprise Linux 2024-11-21 N/A 5.9 MEDIUM
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).
CVE-2022-4039 1 Redhat 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 3 more 2024-11-21 N/A 8.0 HIGH
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
CVE-2022-46344 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-40982 5 Debian, Intel, Netapp and 2 more 1052 Debian Linux, Celeron 5205u, Celeron 5205u Firmware and 1049 more 2024-11-21 N/A 6.5 MEDIUM
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-3962 2 Kiali, Redhat 5 Kiali, Enterprise Linux, Enterprise Linux For Ibm Z Systems and 2 more 2024-11-21 N/A 4.3 MEDIUM
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
CVE-2022-3916 1 Redhat 7 Enterprise Linux, Keycloak, Openshift Container Platform and 4 more 2024-11-21 N/A 6.8 MEDIUM
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
CVE-2022-3775 2 Gnu, Redhat 2 Grub2, Enterprise Linux 2024-11-21 N/A 7.1 HIGH
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
CVE-2022-35653 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 N/A 6.1 MEDIUM
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.
CVE-2022-35651 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 N/A 6.1 MEDIUM
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
CVE-2022-34303 3 Eurosoft-uk, Microsoft, Redhat 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more 2024-11-21 N/A 6.7 MEDIUM
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34302 3 Horizondatasys, Microsoft, Redhat 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more 2024-11-21 N/A 6.7 MEDIUM
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34301 3 Kidan, Microsoft, Redhat 10 Cryptopro Securedisk For Bitlocker, Windows 10, Windows 11 and 7 more 2024-11-21 N/A 6.7 MEDIUM
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-32547 3 Fedoraproject, Imagemagick, Redhat 3 Fedora, Imagemagick, Enterprise Linux 2024-11-21 6.8 MEDIUM 7.8 HIGH
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
CVE-2022-32546 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVE-2022-32545 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVE-2022-30600 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 7.5 HIGH 9.8 CRITICAL
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CVE-2022-30599 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 7.5 HIGH 9.8 CRITICAL
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.