Filtered by vendor Redhat Subscriptions
Filtered by product Service Interconnect Subscriptions
Total 44 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-33600 1 Redhat 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2024-08-02 5.3 Medium
nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
CVE-2024-6345 1 Redhat 9 Enterprise Linux, Openshift, Openshift Devspaces and 6 more 2024-08-01 8.8 High
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
CVE-2024-2961 1 Redhat 8 Enterprise Linux, Openshift, Rhel Aus and 5 more 2024-08-01 7.3 High
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
CVE-2024-2398 1 Redhat 4 Enterprise Linux, Jboss Core Services, Rhel Eus and 1 more 2024-08-01 8.6 High
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.