Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
1087 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30631 | 2 Golang, Redhat | 21 Go, Acm, Advanced Cluster Security and 18 more | 2024-11-21 | 7.5 High |
| Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | ||||
| CVE-2022-30629 | 2 Golang, Redhat | 15 Go, Acm, Ceph Storage and 12 more | 2024-11-21 | 3.1 Low |
| Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | ||||
| CVE-2022-30323 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-30322 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-30321 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-2996 | 3 Debian, Python-scciclient Project, Redhat | 5 Debian Linux, Python-scciclient, Openshift and 2 more | 2024-11-21 | 7.4 High |
| A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. | ||||
| CVE-2022-2990 | 2 Buildah Project, Redhat | 4 Buildah, Enterprise Linux, Openshift and 1 more | 2024-11-21 | 7.1 High |
| An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2022-2403 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.5 Medium |
| A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. | ||||
| CVE-2022-2048 | 5 Debian, Eclipse, Jenkins and 2 more | 12 Debian Linux, Jetty, Jenkins and 9 more | 2024-11-21 | 7.5 High |
| In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | ||||
| CVE-2022-29810 | 2 Hashicorp, Redhat | 4 Go-getter, Acm, Openshift and 1 more | 2024-11-21 | 5.5 Medium |
| The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. | ||||
| CVE-2022-29599 | 3 Apache, Debian, Redhat | 8 Maven Shared Utils, Debian Linux, Enterprise Linux and 5 more | 2024-11-21 | 9.8 Critical |
| In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | ||||
| CVE-2022-29526 | 5 Fedoraproject, Golang, Linux and 2 more | 15 Fedora, Go, Linux Kernel and 12 more | 2024-11-21 | 5.3 Medium |
| Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | ||||
| CVE-2022-29047 | 2 Jenkins, Redhat | 3 Pipeline\, Ocp Tools, Openshift | 2024-11-21 | 5.3 Medium |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. | ||||
| CVE-2022-29046 | 3 Apple, Jenkins, Redhat | 3 Macos, Subversion, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-29041 | 2 Jenkins, Redhat | 2 Jira, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-29036 | 2 Jenkins, Redhat | 2 Credentials, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-28327 | 3 Fedoraproject, Golang, Redhat | 20 Extra Packages For Enterprise Linux, Fedora, Go and 17 more | 2024-11-21 | 7.5 High |
| The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | ||||
| CVE-2022-27664 | 3 Fedoraproject, Golang, Redhat | 19 Fedora, Go, Acm and 16 more | 2024-11-21 | 7.5 High |
| In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. | ||||
| CVE-2022-27652 | 4 Fedoraproject, Kubernetes, Mobyproject and 1 more | 5 Fedora, Cri-o, Moby and 2 more | 2024-11-21 | 5.3 Medium |
| A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | ||||
| CVE-2022-27191 | 3 Fedoraproject, Golang, Redhat | 12 Extra Packages For Enterprise Linux, Fedora, Ssh and 9 more | 2024-11-21 | 7.5 High |
| The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | ||||