Page 2 of 17 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. Se encontró una vulnerabilidad en cri-o. Este problema permite la adición de líneas arbitrarias en /etc/passwd mediante el uso de una variable de entorno especialmente manipulada. • https://access.redhat.com/errata/RHSA-2023:1033 https://access.redhat.com/errata/RHSA-2023:1503 https://access.redhat.com/security/cve/CVE-2022-4318 https://bugzilla.redhat.com/show_bug.cgi?id=2152703 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users. • https://bugzilla.redhat.com/show_bug.cgi?id=2073157 https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725 https://herolab.usd.de/security-advisories/usd-2021-0033 https://access.redhat.com/security/cve/CVE-2022-1274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 0

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. • https://access.redhat.com/security/cve/CVE-2023-0056 https://bugzilla.redhat.com/show_bug.cgi?id=2160808 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. Se encontró una falla en el alcance offline_access en Keycloak. Este problema afectaría más a los usuarios de ordenadores compartidos (especialmente si las cookies no se borran), debido a la falta de validación de la sesión root y a la reutilización de los identificadores de sesión en las sesiones de autenticación de usuario y root. • https://access.redhat.com/errata/RHSA-2022:8961 https://access.redhat.com/errata/RHSA-2022:8962 https://access.redhat.com/errata/RHSA-2022:8963 https://access.redhat.com/errata/RHSA-2022:8964 https://access.redhat.com/errata/RHSA-2022:8965 https://access.redhat.com/errata/RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1047 https://access.redhat.com/errata/RHSA • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •

CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. • https://access.redhat.com/security/cve/CVE-2021-3669 https://bugzilla.redhat.com/show_bug.cgi?id=1980619 https://bugzilla.redhat.com/show_bug.cgi?id=1986473 https://security-tracker.debian.org/tracker/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •