Filtered by vendor Redhat
Subscriptions
Total
21939 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45685 | 3 Debian, Jettison Project, Redhat | 3 Debian Linux, Jettison, Apache Camel Spring Boot | 2025-04-22 | 7.5 High |
| A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. | ||||
| CVE-2022-46364 | 2 Apache, Redhat | 10 Cxf, Camel Spring Boot, Jboss Enterprise Application Platform and 7 more | 2025-04-22 | 9.8 Critical |
| A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | ||||
| CVE-2022-46363 | 2 Apache, Redhat | 9 Cxf, Camel K, Camel Spring Boot and 6 more | 2025-04-22 | 7.5 High |
| A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. | ||||
| CVE-2022-3106 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). | ||||
| CVE-2022-42863 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-04-21 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-42824 | 4 Apple, Debian, Fedoraproject and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2025-04-21 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. | ||||
| CVE-2022-42823 | 4 Apple, Debian, Fedoraproject and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2025-04-21 | 8.8 High |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-46692 | 2 Apple, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2025-04-21 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy. | ||||
| CVE-2022-46691 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-04-21 | 8.8 High |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-42867 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-04-21 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-42852 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-04-21 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. | ||||
| CVE-2015-5119 | 7 Adobe, Apple, Linux and 4 more | 15 Flash Player, Mac Os X, Linux Kernel and 12 more | 2025-04-21 | 9.8 Critical |
| Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | ||||
| CVE-2022-23514 | 2 Loofah Project, Redhat | 2 Loofah, Satellite | 2025-04-21 | 7.5 High |
| Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. | ||||
| CVE-2022-46700 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-04-21 | 8.8 High |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-46699 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-04-21 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-46698 | 2 Apple, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2025-04-21 | 6.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. | ||||
| CVE-2021-22569 | 3 Google, Oracle, Redhat | 14 Google-protobuf, Protobuf-java, Protobuf-kotlin and 11 more | 2025-04-21 | 7.5 High |
| An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. | ||||
| CVE-2021-22570 | 6 Debian, Fedoraproject, Google and 3 more | 11 Debian Linux, Fedora, Protobuf and 8 more | 2025-04-21 | 6.5 Medium |
| Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. | ||||
| CVE-2021-22573 | 2 Google, Redhat | 3 Oauth Client Library For Java, Camel Spring Boot, Jboss Fuse | 2025-04-21 | 8.7 High |
| The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above | ||||
| CVE-2022-29581 | 5 Canonical, Debian, Linux and 2 more | 22 Ubuntu Linux, Debian Linux, Linux Kernel and 19 more | 2025-04-21 | 7.8 High |
| Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | ||||