Filtered by vendor Redhat Subscriptions
Filtered by product Rhosemc Subscriptions
Total 105 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-41678 2 Apache, Redhat 4 Activemq, Amq Broker, Jboss Fuse and 1 more 2024-08-03 8.8 High
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.
CVE-2022-41715 2 Golang, Redhat 24 Go, Acm, Ceph Storage and 21 more 2024-08-03 7.5 High
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.
CVE-2022-40149 3 Debian, Jettison Project, Redhat 10 Debian Linux, Jettison, Amq Streams and 7 more 2024-08-03 6.5 Medium
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
CVE-2022-40150 3 Debian, Jettison Project, Redhat 10 Debian Linux, Jettison, Amq Streams and 7 more 2024-08-03 6.5 Medium
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
CVE-2022-38749 3 Debian, Redhat, Snakeyaml Project 11 Debian Linux, Amq Broker, Amq Clients and 8 more 2024-08-03 6.5 Medium
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CVE-2022-38751 3 Debian, Redhat, Snakeyaml Project 9 Debian Linux, Amq Broker, Camel Spring Boot and 6 more 2024-08-03 6.5 Medium
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CVE-2022-38752 2 Redhat, Snakeyaml Project 9 Amq Streams, Camel Spring Boot, Jboss Data Grid and 6 more 2024-08-03 6.5 Medium
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CVE-2022-37603 2 Redhat, Webpack.js 8 Jboss Data Grid, Logging, Migration Toolkit Applications and 5 more 2024-08-03 7.5 High
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
CVE-2022-32189 2 Golang, Redhat 13 Go, Ceph Storage, Container Native Virtualization and 10 more 2024-08-03 7.5 High
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
CVE-2022-31129 4 Debian, Fedoraproject, Momentjs and 1 more 17 Debian Linux, Fedora, Moment and 14 more 2024-08-03 7.5 High
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
CVE-2022-27664 3 Fedoraproject, Golang, Redhat 19 Fedora, Go, Acm and 16 more 2024-08-03 7.5 High
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
CVE-2022-24785 6 Debian, Fedoraproject, Momentjs and 3 more 15 Debian Linux, Fedora, Moment and 12 more 2024-08-03 7.5 High
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
CVE-2022-23305 6 Apache, Broadcom, Netapp and 3 more 46 Log4j, Brocade Sannav, Snapmanager and 43 more 2024-08-03 9.8 Critical
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2022-23307 4 Apache, Oracle, Qos and 1 more 44 Chainsaw, Log4j, Advanced Supply Chain Planning and 41 more 2024-08-03 8.8 High
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CVE-2022-23302 6 Apache, Broadcom, Netapp and 3 more 44 Log4j, Brocade Sannav, Snapmanager and 41 more 2024-08-03 8.8 High
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2022-21698 4 Fedoraproject, Prometheus, Rdo Project and 1 more 17 Extra Packages For Enterprise Linux, Fedora, Client Golang and 14 more 2024-08-03 7.5 High
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.
CVE-2022-4492 1 Redhat 16 Build Of Quarkus, Camel Spring Boot, Integration Camel For Spring Boot and 13 more 2024-08-03 7.5 High
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
CVE-2022-3916 1 Redhat 9 Enterprise Linux, Keycloak, Openshift Container Platform and 6 more 2024-08-03 6.8 Medium
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
CVE-2022-3782 1 Redhat 8 Amq Broker, Jboss Enterprise Bpms Platform, Keycloak and 5 more 2024-08-03 9.1 Critical
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
CVE-2022-2880 2 Golang, Redhat 20 Go, Acm, Ceph Storage and 17 more 2024-08-03 7.5 High
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.