Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13562 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-26384 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-08-03 | 9.6 Critical |
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | ||||
CVE-2022-26386 | 4 Apple, Linux, Mozilla and 1 more | 7 Macos, Linux Kernel, Firefox Esr and 4 more | 2024-08-03 | 6.5 Medium |
Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. | ||||
CVE-2022-26354 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-03 | 3.2 Low |
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. | ||||
CVE-2022-26307 | 3 Debian, Libreoffice, Redhat | 3 Debian Linux, Libreoffice, Enterprise Linux | 2024-08-03 | 8.8 High |
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3. | ||||
CVE-2022-26306 | 3 Debian, Libreoffice, Redhat | 3 Debian Linux, Libreoffice, Enterprise Linux | 2024-08-03 | 7.5 High |
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1. | ||||
CVE-2022-26305 | 2 Libreoffice, Redhat | 2 Libreoffice, Enterprise Linux | 2024-08-03 | 7.5 High |
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1. | ||||
CVE-2022-26280 | 3 Fedoraproject, Libarchive, Redhat | 3 Fedora, Libarchive, Enterprise Linux | 2024-08-03 | 6.5 Medium |
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. | ||||
CVE-2022-26125 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2024-08-03 | 7.8 High |
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. | ||||
CVE-2022-25881 | 2 Http-cache-semantics Project, Redhat | 8 Http-cache-semantics, Acm, Enterprise Linux and 5 more | 2024-08-03 | 5.3 Medium |
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. | ||||
CVE-2022-25883 | 2 Npmjs, Redhat | 10 Semver, Acm, Enterprise Linux and 7 more | 2024-08-03 | 5.3 Medium |
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. | ||||
CVE-2022-25762 | 3 Apache, Oracle, Redhat | 3 Tomcat, Agile Plm, Enterprise Linux | 2024-08-03 | 8.6 High |
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. | ||||
CVE-2022-25636 | 5 Debian, Linux, Netapp and 2 more | 16 Debian Linux, Linux Kernel, H300e and 13 more | 2024-08-03 | 7.8 High |
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | ||||
CVE-2022-25308 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-08-03 | 7.8 High |
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. | ||||
CVE-2022-25309 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-08-03 | 5.5 Medium |
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service. | ||||
CVE-2022-25315 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 12 Debian Linux, Fedora, Libexpat and 9 more | 2024-08-03 | 9.8 Critical |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | ||||
CVE-2022-25310 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-08-03 | 5.5 Medium |
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. | ||||
CVE-2022-25314 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 8 Debian Linux, Fedora, Libexpat and 5 more | 2024-08-03 | 7.5 High |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | ||||
CVE-2022-25313 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 8 Debian Linux, Fedora, Libexpat and 5 more | 2024-08-03 | 6.5 Medium |
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | ||||
CVE-2022-25255 | 4 Linux, Opengroup, Qt and 1 more | 4 Linux Kernel, Unix, Qt and 1 more | 2024-08-03 | 7.8 High |
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | ||||
CVE-2022-25236 | 5 Debian, Libexpat Project, Oracle and 2 more | 11 Debian Linux, Libexpat, Http Server and 8 more | 2024-08-03 | 9.8 Critical |
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |