Search
Search Results (50 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6923 | 2 Python, Redhat | 7 Cpython, Enterprise Linux, Rhel Aus and 4 more | 2025-01-31 | 5.5 Medium |
| There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. | ||||
| CVE-2022-49043 | 1 Redhat | 5 Discovery, Enterprise Linux, Openshift and 2 more | 2025-01-27 | 8.1 High |
| xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | ||||
| CVE-2023-29400 | 2 Golang, Redhat | 22 Go, Acm, Advanced Cluster Security and 19 more | 2025-01-24 | 7.3 High |
| Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | ||||
| CVE-2023-24539 | 2 Golang, Redhat | 22 Go, Acm, Advanced Cluster Security and 19 more | 2025-01-24 | 7.3 High |
| Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | ||||
| CVE-2024-6345 | 1 Redhat | 9 Enterprise Linux, Openshift, Openshift Devspaces and 6 more | 2024-11-21 | 8.8 High |
| A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. | ||||
| CVE-2024-45492 | 3 Libexpat, Libexpat Project, Redhat | 5 Expat, Libexpat, Enterprise Linux and 2 more | 2024-11-21 | 7.3 High |
| An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||||
| CVE-2024-45491 | 3 Libexpat, Libexpat Project, Redhat | 5 Expat, Libexpat, Enterprise Linux and 2 more | 2024-11-21 | 7.3 High |
| An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||||
| CVE-2024-34156 | 2 Go Standard Library, Redhat | 19 Encoding\/gob, Advanced Cluster Security, Ceph Storage and 16 more | 2024-11-21 | 7.5 High |
| Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. | ||||
| CVE-2023-6597 | 2 Python Software Foundation, Redhat | 8 Cpython, Enterprise Linux, Openshift and 5 more | 2024-11-21 | 7.8 High |
| An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. | ||||
| CVE-2022-28327 | 3 Fedoraproject, Golang, Redhat | 20 Extra Packages For Enterprise Linux, Fedora, Go and 17 more | 2024-11-21 | 7.5 High |
| The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | ||||