Filtered by vendor Redhat Subscriptions
Filtered by product Logging Subscriptions
Total 126 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45296 2 Pillarjs, Redhat 15 Path-to-regexp, Acm, Ansible Automation Platform and 12 more 2025-01-24 7.5 High
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
CVE-2024-0874 1 Redhat 3 Acm, Logging, Openshift 2025-01-20 5.3 Medium
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
CVE-2023-38037 1 Redhat 3 Logging, Satellite, Satellite Capsule 2025-01-09 3.3 Low
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately.
CVE-2023-28120 1 Redhat 1 Logging 2025-01-09 5.3 Medium
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
CVE-2023-27539 1 Redhat 5 Enterprise Linux, Logging, Rhel Eus and 2 more 2025-01-09 5.3 Medium
There is a denial of service vulnerability in the header parsing component of Rack.
CVE-2024-5037 1 Redhat 4 Logging, Openshift, Openshift Container Platform and 1 more 2025-01-06 7.5 High
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
CVE-2023-44487 32 Akka, Amazon, Apache and 29 more 364 Http Server, Opensearch Data Prepper, Apisix and 361 more 2024-12-20 7.5 High
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2022-25883 2 Npmjs, Redhat 10 Semver, Acm, Enterprise Linux and 7 more 2024-12-06 5.3 Medium
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
CVE-2023-26136 2 Redhat, Salesforce 8 Acm, Jboss Enterprise Application Platform, Logging and 5 more 2024-12-03 6.5 Medium
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
CVE-2023-22796 2 Activesupport Project, Redhat 3 Activesupport, Logging, Satellite 2024-11-27 7.5 High
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
CVE-2024-0646 2 Linux, Redhat 8 Linux Kernel, Enterprise Linux, Logging and 5 more 2024-11-25 7 High
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2024-0193 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux, Logging and 2 more 2024-11-24 7.8 High
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.
CVE-2023-4456 1 Redhat 2 Logging, Openshift Logging 2024-11-23 5.7 Medium
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
CVE-2024-0567 5 Debian, Fedoraproject, Gnu and 2 more 9 Debian Linux, Fedora, Gnutls and 6 more 2024-11-23 7.5 High
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
CVE-2024-0553 3 Fedoraproject, Gnu, Redhat 6 Fedora, Gnutls, Enterprise Linux and 3 more 2024-11-23 7.5 High
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
CVE-2023-5981 3 Fedoraproject, Gnu, Redhat 7 Fedora, Gnutls, Enterprise Linux and 4 more 2024-11-23 5.9 Medium
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVE-2024-6104 2 Hashicorp, Redhat 11 Retryablehttp, Advanced Cluster Security, Cluster Observability Operator and 8 more 2024-11-21 6 Medium
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
CVE-2024-34158 2 Go Build Constraint, Redhat 11 Go Standard Library, Cryostat, Enterprise Linux and 8 more 2024-11-21 7.5 High
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34156 2 Go Standard Library, Redhat 16 Encoding\/gob, Advanced Cluster Security, Cryostat and 13 more 2024-11-21 7.5 High
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
CVE-2024-34155 1 Redhat 13 Cost Management, Cryostat, Enterprise Linux and 10 more 2024-11-21 4.3 Medium
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.