Show filters
531 Total Results
Displaying 111-120 of 531
Sort by:
Attacker Value
Unknown

CVE-2023-5625

Disclosure Date: November 01, 2023 (last updated July 04, 2024)
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.
Attacker Value
Unknown

CVE-2023-5366

Disclosure Date: October 06, 2023 (last updated October 13, 2023)
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
Attacker Value
Unknown

CVE-2022-3248

Disclosure Date: October 05, 2023 (last updated October 13, 2023)
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
Attacker Value
Unknown

CVE-2022-4145

Disclosure Date: October 05, 2023 (last updated October 13, 2023)
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.
Attacker Value
Unknown

CVE-2023-3361

Disclosure Date: October 04, 2023 (last updated October 09, 2023)
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.
Attacker Value
Unknown

CVE-2023-3153

Disclosure Date: October 04, 2023 (last updated October 09, 2023)
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
Attacker Value
Unknown

CVE-2023-2422

Disclosure Date: October 04, 2023 (last updated May 03, 2024)
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.
Attacker Value
Unknown

CVE-2023-4066

Disclosure Date: September 27, 2023 (last updated October 09, 2024)
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
Attacker Value
Unknown

CVE-2023-4065

Disclosure Date: September 27, 2023 (last updated October 09, 2024)
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.
Attacker Value
Unknown

CVE-2023-3223

Disclosure Date: September 27, 2023 (last updated May 03, 2024)
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.