|
195521
|
3.7 |
LOW
Network
|
redhat
|
openshift_container_platform
openshift_machine-config-operator
|
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-20238
|
2024-11-21 14:46 |
2022-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195522
|
6.1 |
MEDIUM
Network
|
redhat
|
keycloak
|
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20323
|
2024-11-21 14:46 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195523
|
6.1 |
MEDIUM
Local
|
theforeman
|
openscap
|
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw…
|
CWE-863
Incorrect Authorization
|
CVE-2021-20290
|
2024-11-21 14:46 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195524
|
7.5 |
HIGH
Network
|
openexr
debian
|
openexr
debian_linux
|
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerabili…
|
-
|
CVE-2021-20299
|
2024-11-21 14:46 |
2022-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195525
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-20180
|
2024-11-21 14:46 |
2022-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195526
|
6.5 |
MEDIUM
Local
|
qemu
fedoraproject
redhat
debian
|
qemu
fedora
enterprise_linux
openstack_platform
enterprise_linux_for_power_little_endian
enterprise_linux_for_ibm_z_systems
codeready_linux_builder
debian_linux
|
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized wi…
|
-
|
CVE-2021-20257
|
2024-11-21 14:46 |
2022-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195527
|
5.5 |
MEDIUM
Local
|
kexec-tools_project
|
kexec-tools
|
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The …
|
-
|
CVE-2021-20269
|
2024-11-21 14:46 |
2022-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195528
|
7.8 |
HIGH
Local
|
redhat
|
coreos-installer
|
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead t…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2021-20319
|
2024-11-21 14:46 |
2022-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195529
|
6.1 |
MEDIUM
Local
|
openexr
debian
|
openexr
debian_linux
|
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an o…
|
-
|
CVE-2021-20303
|
2024-11-21 14:46 |
2022-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195530
|
5.5 |
MEDIUM
Local
|
openexr
debian
|
openexr
debian_linux
|
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point excepti…
|
NVD-CWE-noinfo
|
CVE-2021-20302
|
2024-11-21 14:46 |
2022-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
