Filtered by vendor Redhat
Subscriptions
Total
21354 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33743 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-08-03 | 7.8 High |
| network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. | ||||
| CVE-2022-33681 | 2 Apache, Redhat | 2 Pulsar, Camel Spring Boot | 2024-08-03 | 5.9 Medium |
| Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication data is sent before verifying the server’s TLS certificate matches the hostname, which means authentication data could be exposed to an attacker. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. Because the client sends authentication data before performing hostname verification, an attacker could gain access to the client’s authentication data. The client eventually closes the connection when it verifies the hostname and identifies the targeted hostname does not match a hostname on the certificate. Because the client eventually closes the connection, the value of the intercepted authentication data depends on the authentication method used by the client. Token based authentication and username/password authentication methods are vulnerable because the authentication data can be used to impersonate the client in a separate session. This issue affects Apache Pulsar Java Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier. | ||||
| CVE-2022-33196 | 2 Intel, Redhat | 273 Xeon D-1513n, Xeon D-1513n Firmware, Xeon D-1518 and 270 more | 2024-08-03 | 7.2 High |
| Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-33099 | 3 Fedoraproject, Lua, Redhat | 3 Fedora, Lua, Enterprise Linux | 2024-08-03 | 7.5 High |
| An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. | ||||
| CVE-2022-33068 | 3 Fedoraproject, Harfbuzz Project, Redhat | 3 Fedora, Harfbuzz, Enterprise Linux | 2024-08-03 | 5.5 Medium |
| An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2022-32990 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2024-08-03 | 5.5 Medium |
| An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). | ||||
| CVE-2022-32933 | 2 Apple, Redhat | 2 Macos, Enterprise Linux | 2024-08-03 | 5.3 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. | ||||
| CVE-2022-32923 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-08-03 | 6.5 Medium |
| A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. | ||||
| CVE-2022-32893 | 6 Apple, Debian, Fedoraproject and 3 more | 9 Ipados, Iphone Os, Macos and 6 more | 2024-08-03 | 8.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2022-32888 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2024-08-03 | 8.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-32886 | 4 Apple, Debian, Fedoraproject and 1 more | 6 Ipados, Iphone Os, Safari and 3 more | 2024-08-03 | 8.8 High |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-32891 | 2 Apple, Redhat | 5 Iphone Os, Safari, Tvos and 2 more | 2024-08-03 | 6.1 Medium |
| The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | ||||
| CVE-2022-32885 | 2 Apple, Redhat | 9 Ipados, Iphone Os, Macos and 6 more | 2024-08-03 | 8.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution | ||||
| CVE-2022-32816 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2024-08-03 | 6.5 Medium |
| The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. | ||||
| CVE-2022-32792 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2024-08-03 | 8.8 High |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-32746 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2024-08-03 | 5.4 Medium |
| A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. | ||||
| CVE-2022-32742 | 2 Redhat, Samba | 4 Enterprise Linux, Rhev Hypervisor, Storage and 1 more | 2024-08-03 | 4.3 Medium |
| A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). | ||||
| CVE-2022-32546 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-08-03 | 7.8 High |
| A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | ||||
| CVE-2022-32545 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-08-03 | 7.8 High |
| A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | ||||
| CVE-2022-32547 | 3 Fedoraproject, Imagemagick, Redhat | 3 Fedora, Imagemagick, Enterprise Linux | 2024-08-03 | 7.8 High |
| In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. | ||||