12 matches found
CVE-2022-0330
CVE-2022-0330 affects the Linux kernel i915 GPU driver. The root cause is a missing GPU TLB flush in the i915 driver, enabling a local attacker to cause a denial of service or privilege escalation by running code on the GPU. Public documents from connected sources confirm the flaw and its associa...
CVE-2019-10216
CVE-2019-10216 concerns GPL Ghostscript. The vulnerability is in the .buildfont1 procedure, which did not properly secure privileged calls, allowing a crafted PostScript file to bypass -dSAFER and escalate privileges to access restricted files. Affected: Ghostscript prior to 9.50. Impact: potenti...
CVE-2021-3656
CVE-2021-3656 describes a flaw in the KVM hypervisor for AMD processors where the L1 guest can provide a VMCB with an improperly validated virt_ext field, allowing the L1 to disable VMLOAD/VMSAVE intercepts and VLS for the L2 guest. This enables the L2 guest to read/write portions of the host’s p...
CVE-2021-3609
CVE-2021-3609 is a local privilege-escalation flaw in the Linux kernel CAN BCM subsystem. A race in net/can/bcm.c between bcm_rx_handler() and bcm_release() can free bcm_op/bcm_sock structures while the handler runs, enabling use-after-free and root access. Public advisories consistently describe...
CVE-2023-4910
CVE-2023-4910 affects Red Hat 3Scale Admin Portal. The issue arises when a user logs out from the personal tokens page and presses the browser back button, causing the tokens page to be served from the browser cache. According to sources in the CVE record, this can lead to exposure of protected i...
CVE-2020-25634
CVE-2020-25634 affects Red Hat 3scale: an API documentation URL is accessible without credentials. This exposes or allows modification of service APIs and sensitive information. Affected versions are those before 3scale-2.10.0-ER1. Remediation provided in the documents is to upgrade to 3scale-2.1...
CVE-2022-1414
CVE-2022-1414 affects Red Hat 3scale API Management 2. The issue is inadequate sanitation of user input in multiple fields, allowing an authenticated user to inject scripts and potentially access sensitive information or conduct further attacks. Base CVSS v3.1 score is 8.8 (High) with Network att...
CVE-2024-10295
CVE-2024-10295 affects Red Hat 3scale API Management Gateway (APICast). The issue arises in the authentication path where a non-base64 basic authentication header containing special characters can bypass checks due to a base64 decoding failure, allowing unauthorized access to the backend. Documen...
CVE-2020-14388
CVE-2020-14388 affects Red Hat 3scale API Management Platform. The issue is a permissions enforcement flaw where member permissions for an API's admin portal are not properly enforced, allowing an authenticated user to bypass normal account restrictions and access API services to which they do no...
CVE-2021-3412
CVE-2021-3412 affects the 3Scale developer portal, with the root cause being missing brute-force protections in all portal versions. The vulnerability could allow an attacker to bypass login controls and access privileged information, potentially enabling further attacks. Exploitation details are...
CVE-2019-14852
A vulnerability exists in Red Hat 3scale APIcast gateway that enables TLS 1.0. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Affected product: 3scale APIcast gateway (Red Hat 3scale API Management Platform). Root ...
CVE-2021-20252
CVE-2021-20252 affects Red Hat 3scale API Management Platform 2. The vulnerability arises because the 3scale backend does not properly constrain user-requested date ranges in certain queries, allowing an authenticated user to submit a sufficiently large date range that can trigger an internal ser...