Filtered by vendor Redhat
Subscribe
Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12121 | 2 Nodejs, Redhat | 8 Node.js, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. | |||||
| CVE-2013-0648 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2024-12-20 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. | |||||
| CVE-2013-0643 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2024-12-20 | 9.3 HIGH | 8.8 HIGH |
| The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. | |||||
| CVE-2014-0502 | 8 Adobe, Apple, Google and 5 more | 14 Adobe Air, Adobe Air Sdk, Flash Player and 11 more | 2024-12-20 | 10.0 HIGH | 8.8 HIGH |
| Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. | |||||
| CVE-2014-0497 | 8 Adobe, Apple, Google and 5 more | 14 Flash Player, Mac Os X, Macos and 11 more | 2024-12-20 | 10.0 HIGH | 9.8 CRITICAL |
| Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2024-10041 | 2 Linux-pam, Redhat | 2 Linux-pam, Enterprise Linux | 2024-12-18 | N/A | N/A |
| A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. | |||||
| CVE-2023-46846 | 2 Redhat, Squid-cache | 8 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 5 more | 2024-12-18 | N/A | 5.3 MEDIUM |
| SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | |||||
| CVE-2022-1949 | 2 Fedoraproject, Redhat | 4 Fedora, 389 Directory Server, Directory Server and 1 more | 2024-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | |||||
| CVE-2024-7885 | 1 Redhat | 9 Build Of Apache Camel - Hawtio, Build Of Apache Camel For Spring Boot, Build Of Keycloak and 6 more | 2024-12-12 | N/A | 7.5 HIGH |
| A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. | |||||
| CVE-2024-9341 | 2 Containers, Redhat | 3 Common, Enterprise Linux, Openshift Container Platform | 2024-12-11 | N/A | 8.2 HIGH |
| A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. | |||||
| CVE-2023-27561 | 3 Debian, Linuxfoundation, Redhat | 4 Debian Linux, Runc, Enterprise Linux and 1 more | 2024-12-06 | N/A | 7.0 HIGH |
| runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | |||||
| CVE-2023-39418 | 3 Debian, Postgresql, Redhat | 3 Debian Linux, Postgresql, Enterprise Linux | 2024-12-06 | N/A | 4.3 MEDIUM |
| A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. | |||||
| CVE-2023-3347 | 3 Fedoraproject, Redhat, Samba | 4 Fedora, Enterprise Linux, Storage and 1 more | 2024-12-06 | N/A | 5.9 MEDIUM |
| A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. | |||||
| CVE-2023-5625 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform For Arm64, Openshift Container Platform For Linuxone and 3 more | 2024-12-06 | N/A | 7.5 HIGH |
| A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. | |||||
| CVE-2023-5189 | 1 Redhat | 2 Ansible Automation Platform, Satellite | 2024-12-06 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. | |||||
| CVE-2023-5115 | 2 Debian, Redhat | 5 Debian Linux, Ansible Automation Platform, Ansible Developer and 2 more | 2024-12-06 | N/A | 6.3 MEDIUM |
| An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. | |||||
| CVE-2023-34968 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2024-12-06 | N/A | 5.3 MEDIUM |
| A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. | |||||
| CVE-2023-40660 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-12-04 | N/A | 6.6 MEDIUM |
| A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness. | |||||
| CVE-2024-9671 | 1 Redhat | 1 3scale Api Management Platform | 2024-12-04 | N/A | N/A |
| A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed. | |||||
| CVE-2023-41175 | 3 Fedoraproject, Libtiff, Redhat | 3 Fedora, Libtiff, Enterprise Linux | 2024-12-04 | N/A | 6.5 MEDIUM |
| A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | |||||