Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift Serverless
Subscriptions
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26308 | 2 Apache, Redhat | 8 Commons Compress, Camel Quarkus, Jboss Data Grid and 5 more | 2024-08-02 | 5.5 Medium |
| Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. | ||||
| CVE-2024-25710 | 2 Apache, Redhat | 9 Commons Compress, Amq Streams, Camel Quarkus and 6 more | 2024-08-01 | 8.1 High |
| Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. | ||||
| CVE-2024-24786 | 1 Redhat | 20 Acm, Container Native Virtualization, Enterprise Linux and 17 more | 2024-08-01 | 5.9 Medium |
| The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | ||||
| CVE-2024-24783 | 1 Redhat | 20 Advanced Cluster Security, Ansible Automation Platform, Cryostat and 17 more | 2024-08-01 | 5.9 Medium |
| Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. | ||||
| CVE-2024-24789 | 2 Golang, Redhat | 9 Go, Enterprise Linux, Network Observ Optr and 6 more | 2024-08-01 | 5.5 Medium |
| The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | ||||
| CVE-2024-24785 | 1 Redhat | 16 Enterprise Linux, Kube Descheduler Operator, Logging and 13 more | 2024-08-01 | 6.5 Medium |
| If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. | ||||
| CVE-2024-24788 | 1 Redhat | 9 Ansible Automation Platform, Cost Management, Cryostat and 6 more | 2024-08-01 | 7.5 High |
| A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | ||||
| CVE-2024-6104 | 2 Hashicorp, Redhat | 8 Retryablehttp, Advanced Cluster Security, Enterprise Linux and 5 more | 2024-08-01 | 6 Medium |
| go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. | ||||
| CVE-2024-1597 | 3 Fedoraproject, Postgresql, Redhat | 12 Fedora, Postgresql Jdbc Driver, Apache Camel Spring Boot and 9 more | 2024-08-01 | 10 Critical |
| pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. | ||||