Filtered by vendor Redhat Subscriptions
Filtered by product Developer Tools Subscriptions
Total 15 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-27649 3 Fedoraproject, Podman Project, Redhat 15 Fedora, Podman, Developer Tools and 12 more 2024-11-21 7.5 High
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVE-2022-1227 4 Fedoraproject, Podman Project, Psgo Project and 1 more 19 Fedora, Podman, Psgo and 16 more 2024-11-21 8.8 High
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
CVE-2022-1011 6 Debian, Fedoraproject, Linux and 3 more 39 Debian Linux, Fedora, Linux Kernel and 36 more 2024-11-21 7.8 High
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2022-0330 4 Fedoraproject, Linux, Netapp and 1 more 52 Fedora, Linux Kernel, H300e and 49 more 2024-11-21 7.8 High
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2021-3744 5 Debian, Fedoraproject, Linux and 2 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2024-11-21 5.5 Medium
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
CVE-2021-3697 2 Gnu, Redhat 14 Grub2, Codeready Linux Builder, Developer Tools and 11 more 2024-11-21 7.0 High
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
CVE-2021-3696 3 Gnu, Netapp, Redhat 15 Grub2, Ontap Select Deploy Administration Utility, Codeready Linux Builder and 12 more 2024-11-21 4.5 Medium
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
CVE-2021-3695 4 Fedoraproject, Gnu, Netapp and 1 more 16 Fedora, Grub2, Ontap Select Deploy Administration Utility and 13 more 2024-11-21 4.5 Medium
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
CVE-2021-3669 5 Debian, Fedoraproject, Ibm and 2 more 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
CVE-2019-9741 4 Debian, Fedoraproject, Golang and 1 more 6 Debian Linux, Fedora, Go and 3 more 2024-11-21 6.1 Medium
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
CVE-2019-9514 13 Apache, Apple, Canonical and 10 more 44 Traffic Server, Mac Os X, Swiftnio and 41 more 2024-11-21 7.5 High
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
CVE-2019-17596 6 Arista, Debian, Fedoraproject and 3 more 13 Cloudvision Portal, Eos, Mos and 10 more 2024-11-21 7.5 High
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
CVE-2019-16276 6 Debian, Fedoraproject, Golang and 3 more 11 Debian Linux, Fedora, Go and 8 more 2024-11-21 7.5 High
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
CVE-2018-16871 3 Linux, Netapp, Redhat 31 Linux Kernel, Cloud Backup, H300e and 28 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
CVE-2017-15041 3 Debian, Golang, Redhat 9 Debian Linux, Go, Developer Tools and 6 more 2024-11-21 9.8 Critical
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."