Filtered by vendor Redhat
Subscriptions
Total
21336 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1481 | 1 Redhat | 1 Enterprise Linux | 2024-11-06 | 5.3 Medium |
| A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | ||||
| CVE-2024-1459 | 1 Redhat | 8 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Bpms Platform and 5 more | 2024-11-06 | 5.3 Medium |
| A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. | ||||
| CVE-2024-1441 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2024-11-06 | 5.5 Medium |
| An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. | ||||
| CVE-2024-1300 | 1 Redhat | 20 A Mq Clients, Amq Broker, Amq Streams and 17 more | 2024-11-06 | 5.4 Medium |
| A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error. | ||||
| CVE-2024-1233 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jbosseapxp | 2024-11-06 | 7.3 High |
| A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability. | ||||
| CVE-2024-1141 | 2 Openstack, Redhat | 2 Glance-store, Openstack | 2024-11-06 | 5.5 Medium |
| A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled. | ||||
| CVE-2024-1062 | 2 Fedoraproject, Redhat | 15 Fedora, 389 Directory Server, Directory Server and 12 more | 2024-11-06 | 5.5 Medium |
| A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. | ||||
| CVE-2024-1048 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Grub2, Enterprise Linux | 2024-11-06 | 3.3 Low |
| A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks. | ||||
| CVE-2024-1023 | 1 Redhat | 20 A Mq Clients, Amq Broker, Amq Streams and 17 more | 2024-11-06 | 6.5 Medium |
| A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak. | ||||
| CVE-2023-52356 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-06 | 7.5 High |
| A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | ||||
| CVE-2023-52355 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-06 | 7.5 High |
| An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. | ||||
| CVE-2023-50782 | 3 Couchbase, Cryptography.io, Redhat | 7 Couchbase Server, Cryptography, Ansible Automation Platform and 4 more | 2024-11-06 | 7.5 High |
| A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | ||||
| CVE-2023-50781 | 2 M2crypto Project, Redhat | 5 M2crypto, Enterprise Linux, Rhev Hypervisor and 2 more | 2024-11-06 | 7.5 High |
| A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | ||||
| CVE-2023-47038 | 2 Perl, Redhat | 2 Perl, Enterprise Linux | 2024-11-06 | 7 High |
| A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. | ||||
| CVE-2023-46848 | 2 Redhat, Squid-cache | 6 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus and 3 more | 2024-11-06 | 8.6 High |
| Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. | ||||
| CVE-2023-46847 | 2 Redhat, Squid-cache | 15 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 12 more | 2024-11-06 | 8.6 High |
| Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | ||||
| CVE-2023-46846 | 2 Redhat, Squid-cache | 12 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 9 more | 2024-11-06 | 9.3 Critical |
| SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | ||||
| CVE-2023-43789 | 3 Fedoraproject, Libxpm Project, Redhat | 3 Fedora, Libxpm, Enterprise Linux | 2024-11-06 | 5.5 Medium |
| A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. | ||||
| CVE-2023-43788 | 3 Fedoraproject, Redhat, X.org | 3 Fedora, Enterprise Linux, Libxpm | 2024-11-06 | 5.5 Medium |
| A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. | ||||
| CVE-2023-43787 | 3 Fedoraproject, Redhat, X.org | 3 Fedora, Enterprise Linux, Libx11 | 2024-11-06 | 7.8 High |
| A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. | ||||