Filtered by vendor Redhat Subscriptions
Filtered by product Multicluster Engine Subscriptions
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-25881 2 Http-cache-semantics Project, Redhat 8 Http-cache-semantics, Acm, Enterprise Linux and 5 more 2024-11-21 5.3 Medium
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
CVE-2022-1962 2 Golang, Redhat 16 Go, Acm, Application Interconnect and 13 more 2024-11-21 5.5 Medium
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
CVE-2022-1705 2 Golang, Redhat 22 Go, Acm, Application Interconnect and 19 more 2024-11-21 6.5 Medium
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
CVE-2024-48949 2 Indutny, Redhat 6 Elliptic, Acm, Multicluster Engine and 3 more 2024-10-15 9.1 Critical
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.
CVE-2024-42461 2 Elliptic Project, Redhat 4 Elliptic, Acm, Multicluster Engine and 1 more 2024-08-16 5.3 Medium
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
CVE-2024-42460 2 Elliptic Project, Redhat 4 Elliptic, Acm, Multicluster Engine and 1 more 2024-08-02 5.3 Medium
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
CVE-2024-42459 2 Elliptic Project, Redhat 4 Elliptic, Acm, Multicluster Engine and 1 more 2024-08-02 5.3 Medium
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.