Filtered by vendor Redhat
Subscriptions
Filtered by product Migration Toolkit Applications
Subscriptions
Total
64 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-35116 | 2 Fasterxml, Redhat | 7 Jackson-databind, Amq Broker, Apache-camel-spring-boot and 4 more | 2024-08-02 | 4.7 Medium |
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. | ||||
CVE-2023-36479 | 3 Debian, Eclipse, Redhat | 7 Debian Linux, Jetty, Jboss Fuse and 4 more | 2024-08-02 | 3.5 Low |
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2. | ||||
CVE-2023-34104 | 2 Fast-xml-parser Project, Redhat | 2 Fast-xml-parser, Migration Toolkit Applications | 2024-08-02 | 7.5 High |
fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option. | ||||
CVE-2024-29180 | 1 Redhat | 10 Advanced Cluster Security, Apicurio Registry, Jboss Data Grid and 7 more | 2024-08-02 | 7.4 High |
Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack. Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer's machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing. | ||||
CVE-2023-29409 | 2 Golang, Redhat | 20 Go, Ansible Automation Platform, Cert Manager and 17 more | 2024-08-02 | 5.3 Medium |
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. | ||||
CVE-2023-29406 | 2 Golang, Redhat | 19 Go, Advanced Cluster Security, Cryostat and 16 more | 2024-08-02 | 6.5 Medium |
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. | ||||
CVE-2023-29400 | 2 Golang, Redhat | 22 Go, Acm, Advanced Cluster Security and 19 more | 2024-08-02 | 7.3 High |
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | ||||
CVE-2023-26159 | 2 Follow-redirects, Redhat | 11 Follow Redirects, Container Native Virtualization, Logging and 8 more | 2024-08-02 | 7.3 High |
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | ||||
CVE-2023-26125 | 2 Gin-gonic, Redhat | 4 Gin, Migration Toolkit Applications, Migration Toolkit Virtualization and 1 more | 2024-08-02 | 5.6 Medium |
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic. | ||||
CVE-2023-24534 | 2 Golang, Redhat | 22 Go, Advanced Cluster Security, Ansible Automation Platform and 19 more | 2024-08-02 | 7.5 High |
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. | ||||
CVE-2023-24536 | 2 Golang, Redhat | 19 Go, Advanced Cluster Security, Ansible Automation Platform and 16 more | 2024-08-02 | 7.5 High |
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. | ||||
CVE-2023-24540 | 2 Golang, Redhat | 20 Go, Acm, Advanced Cluster Security and 17 more | 2024-08-02 | 9.8 Critical |
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. | ||||
CVE-2023-24537 | 2 Golang, Redhat | 21 Go, Advanced Cluster Security, Ansible Automation Platform and 18 more | 2024-08-02 | 7.5 High |
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. | ||||
CVE-2023-24538 | 2 Golang, Redhat | 21 Go, Advanced Cluster Security, Ansible Automation Platform and 18 more | 2024-08-02 | 9.8 Critical |
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. | ||||
CVE-2023-24539 | 2 Golang, Redhat | 22 Go, Acm, Advanced Cluster Security and 19 more | 2024-08-02 | 7.3 High |
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | ||||
CVE-2023-24532 | 2 Golang, Redhat | 10 Go, Enterprise Linux, Migration Toolkit Applications and 7 more | 2024-08-02 | 5.3 Medium |
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. | ||||
CVE-2023-22899 | 2 Redhat, Zip4j Project | 3 Migration Toolkit Applications, Migration Toolkit Runtimes, Zip4j | 2024-08-02 | 5.9 Medium |
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. | ||||
CVE-2023-2976 | 2 Google, Redhat | 10 Guava, Amq Broker, Amq Streams and 7 more | 2024-08-02 | 5.5 Medium |
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. | ||||
CVE-2023-2798 | 2 Htmlunit, Redhat | 3 Htmlunit, Migration Toolkit Applications, Migration Toolkit Runtimes | 2024-08-02 | 7.5 High |
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0. | ||||
CVE-2023-1436 | 2 Jettison Project, Redhat | 9 Jettison, Camel Quarkus, Camel Spring Boot and 6 more | 2024-08-02 | 5.9 Medium |
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. |