Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Software Collections
Subscriptions
Total
1793 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-31624 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-08-03 | 5.5 Medium |
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | ||||
CVE-2022-30556 | 4 Apache, Fedoraproject, Netapp and 1 more | 5 Http Server, Fedora, Clustered Data Ontap and 2 more | 2024-08-03 | 7.5 High |
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | ||||
CVE-2022-30522 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Clustered Data Ontap and 3 more | 2024-08-03 | 7.5 High |
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. | ||||
CVE-2022-29599 | 3 Apache, Debian, Redhat | 8 Maven Shared Utils, Debian Linux, Enterprise Linux and 5 more | 2024-08-03 | 9.8 Critical |
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | ||||
CVE-2022-29404 | 4 Apache, Fedoraproject, Netapp and 1 more | 5 Http Server, Fedora, Clustered Data Ontap and 2 more | 2024-08-03 | 7.5 High |
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. | ||||
CVE-2022-28738 | 2 Redhat, Ruby-lang | 3 Enterprise Linux, Rhel Software Collections, Ruby | 2024-08-03 | 9.8 Critical |
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. | ||||
CVE-2022-28739 | 4 Apple, Debian, Redhat and 1 more | 5 Macos, Debian Linux, Enterprise Linux and 2 more | 2024-08-03 | 7.5 High |
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. | ||||
CVE-2022-28615 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Clustered Data Ontap and 3 more | 2024-08-03 | 9.1 Critical |
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. | ||||
CVE-2022-28614 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Clustered Data Ontap and 3 more | 2024-08-03 | 5.3 Medium |
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. | ||||
CVE-2022-27449 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | ||||
CVE-2022-27456 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | ||||
CVE-2022-27452 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | ||||
CVE-2022-27445 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. | ||||
CVE-2022-27455 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-08-03 | 7.5 High |
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. | ||||
CVE-2022-27444 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-08-03 | 7.5 High |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. | ||||
CVE-2022-27446 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-08-03 | 7.5 High |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. | ||||
CVE-2022-27451 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-08-03 | 7.5 High |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. | ||||
CVE-2022-27380 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | ||||
CVE-2022-27448 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. | ||||
CVE-2022-27376 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. |