Filtered by vendor Redhat Subscriptions
Filtered by product Openshift Subscriptions
Total 1061 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-40370 3 Ibm, Microsoft, Redhat 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more 2024-11-21 3.7 Low
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.
CVE-2023-40225 2 Haproxy, Redhat 4 Haproxy, Enterprise Linux, Openshift and 1 more 2024-11-21 7.2 High
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
CVE-2023-3978 2 Golang, Redhat 8 Networking, Cryostat, Enterprise Linux and 5 more 2024-11-21 6.1 Medium
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
CVE-2023-3775 2 Hashicorp, Redhat 2 Vault, Openshift 2024-11-21 4.2 Medium
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
CVE-2023-3462 2 Hashicorp, Redhat 3 Vault, Openshift, Openshift Data Foundation 2024-11-21 5.3 Medium
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
CVE-2023-3153 2 Ovn, Redhat 6 Open Virtual Network, Enterprise Linux, Fast Datapath and 3 more 2024-11-21 5.3 Medium
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
CVE-2023-3089 1 Redhat 18 Acm, Amq Streams, Container Native Virtualization and 15 more 2024-11-21 7 High
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
CVE-2023-39615 2 Redhat, Xmlsoft 6 Enterprise Linux, Jboss Core Services, Openshift and 3 more 2024-11-21 6.5 Medium
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
CVE-2023-38734 3 Ibm, Microsoft, Redhat 3 Robotic Process Automation, Windows, Openshift 2024-11-21 6.6 Medium
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.
CVE-2023-38733 3 Ibm, Microsoft, Redhat 3 Robotic Process Automation, Windows, Openshift 2024-11-21 4.3 Medium
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.
CVE-2023-38732 3 Ibm, Microsoft, Redhat 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more 2024-11-21 4.3 Medium
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.
CVE-2023-38712 2 Libreswan, Redhat 5 Libreswan, Enterprise Linux, Openshift and 2 more 2024-11-21 6.5 Medium
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
CVE-2023-38711 2 Libreswan, Redhat 5 Libreswan, Enterprise Linux, Openshift and 2 more 2024-11-21 6.5 Medium
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
CVE-2023-37788 2 Goproxy Project, Redhat 6 Goproxy, Acm, Openshift and 3 more 2024-11-21 7.5 High
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.
CVE-2023-35901 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2024-11-21 2.7 Low
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.
CVE-2023-35900 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2024-11-21 4.3 Medium
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.
CVE-2023-29824 2 Redhat, Scipy 2 Openshift, Scipy 2024-11-21 9.8 Critical
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
CVE-2023-29483 1 Redhat 4 Ansible Automation Platform, Enterprise Linux, Openshift and 1 more 2024-11-21 7.0 High
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
CVE-2023-27540 2 Ibm, Redhat 3 Cloud Pak For Data, Watson Cp4d Data Stores, Openshift 2024-11-21 5.9 Medium
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.
CVE-2023-23468 2 Ibm, Redhat 2 Robotic Process Automation, Openshift 2024-11-21 5.1 Medium
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.