Lucene search
K
Redhat3scale Api Management

12 matches found

CVE
CVE
added 2022/03/25 12:0 a.m.493 views

CVE-2022-0330

CVE-2022-0330 affects the Linux kernel i915 GPU driver. The root cause is a missing GPU TLB flush in the i915 driver, enabling a local attacker to cause a denial of service or privilege escalation by running code on the GPU. Public documents from connected sources confirm the flaw and its associa...

7.8CVSS7.7AI score0.00379EPSS
CVE
CVE
added 2019/11/27 12:10 p.m.398 views

CVE-2019-10216

CVE-2019-10216 concerns GPL Ghostscript. The vulnerability is in the .buildfont1 procedure, which did not properly secure privileged calls, allowing a crafted PostScript file to bypass -dSAFER and escalate privileges to access restricted files. Affected: Ghostscript prior to 9.50. Impact: potenti...

7.8CVSS7.6AI score0.02295EPSS
CVE
CVE
added 2022/03/04 6:41 p.m.386 views

CVE-2021-3656

CVE-2021-3656 describes a flaw in the KVM hypervisor for AMD processors where the L1 guest can provide a VMCB with an improperly validated virt_ext field, allowing the L1 to disable VMLOAD/VMSAVE intercepts and VLS for the L2 guest. This enables the L2 guest to read/write portions of the host’s p...

8.8CVSS8.6AI score0.00658EPSS
CVE
CVE
added 2022/03/03 6:24 p.m.357 views

CVE-2021-3609

CVE-2021-3609 is a local privilege-escalation flaw in the Linux kernel CAN BCM subsystem. A race in net/can/bcm.c between bcm_rx_handler() and bcm_release() can free bcm_op/bcm_sock structures while the handler runs, enabling use-after-free and root access. Public advisories consistently describe...

7CVSS7.2AI score0.00431EPSS
CVE
CVE
added 2023/11/06 12:49 p.m.100 views

CVE-2023-4910

CVE-2023-4910 affects Red Hat 3Scale Admin Portal. The issue arises when a user logs out from the personal tokens page and presses the browser back button, causing the tokens page to be served from the browser cache. According to sources in the CVE record, this can lead to exposure of protected i...

5.5CVSS5.4AI score0.00212EPSS
CVE
CVE
added 2021/05/26 8:54 p.m.83 views

CVE-2020-25634

CVE-2020-25634 affects Red Hat 3scale: an API documentation URL is accessible without credentials. This exposes or allows modification of service APIs and sensitive information. Affected versions are those before 3scale-2.10.0-ER1. Remediation provided in the documents is to upgrade to 3scale-2.1...

5.5CVSS5.2AI score0.00517EPSS
CVE
CVE
added 2022/10/19 12:0 a.m.76 views

CVE-2022-1414

CVE-2022-1414 affects Red Hat 3scale API Management 2. The issue is inadequate sanitation of user input in multiple fields, allowing an authenticated user to inject scripts and potentially access sensitive information or conduct further attacks. Base CVSS v3.1 score is 8.8 (High) with Network att...

8.8CVSS8.6AI score0.00764EPSS
CVE
CVE
added 2024/10/24 5:55 p.m.76 views

CVE-2024-10295

CVE-2024-10295 affects Red Hat 3scale API Management Gateway (APICast). The issue arises in the authentication path where a non-base64 basic authentication header containing special characters can bypass checks due to a base64 decoding failure, allowing unauthorized access to the backend. Documen...

7.5CVSS7.5AI score0.00387EPSS
CVE
CVE
added 2021/06/02 12:37 p.m.72 views

CVE-2020-14388

CVE-2020-14388 affects Red Hat 3scale API Management Platform. The issue is a permissions enforcement flaw where member permissions for an API's admin portal are not properly enforced, allowing an authenticated user to bypass normal account restrictions and access API services to which they do no...

6.5CVSS6.2AI score0.00598EPSS
CVE
CVE
added 2021/06/01 1:47 p.m.69 views

CVE-2021-3412

CVE-2021-3412 affects the 3Scale developer portal, with the root cause being missing brute-force protections in all portal versions. The vulnerability could allow an attacker to bypass login controls and access privileged information, potentially enabling further attacks. Exploitation details are...

7.3CVSS7.3AI score0.0076EPSS
CVE
CVE
added 2021/03/18 7:7 p.m.66 views

CVE-2019-14852

A vulnerability exists in Red Hat 3scale APIcast gateway that enables TLS 1.0. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Affected product: 3scale APIcast gateway (Red Hat 3scale API Management Platform). Root ...

7.5CVSS7.3AI score0.00433EPSS
CVE
CVE
added 2021/02/23 10:24 p.m.63 views

CVE-2021-20252

CVE-2021-20252 affects Red Hat 3scale API Management Platform 2. The vulnerability arises because the 3scale backend does not properly constrain user-requested date ranges in certain queries, allowing an authenticated user to submit a sufficiently large date range that can trigger an internal ser...

6.8CVSS6.2AI score0.00972EPSS