Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Eus
Subscriptions
Total
3013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47607 | 2 Gstreamer Project, Redhat | 7 Gstreamer, Enterprise Linux, Rhel Aus and 4 more | 2024-12-18 | 9.8 Critical |
| GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10. | ||||
| CVE-2024-54502 | 2 Apple, Redhat | 13 Ipados, Iphone Os, Macos and 10 more | 2024-12-18 | 6.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2024-8508 | 3 Debian, Nlnetlabs, Redhat | 5 Debian Linux, Unbound, Enterprise Linux and 2 more | 2024-12-17 | 5.3 Medium |
| NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. | ||||
| CVE-2023-44429 | 2 Gstreamer Project, Redhat | 3 Gstreamer, Enterprise Linux, Rhel Eus | 2024-12-16 | 8.8 High |
| GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226. | ||||
| CVE-2023-44446 | 2 Gstreamer Project, Redhat | 6 Gstreamer, Enterprise Linux, Rhel Aus and 3 more | 2024-12-16 | 8.8 High |
| GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299. | ||||
| CVE-2024-54508 | 2 Apple, Redhat | 13 Ipados, Iphone Os, Macos and 10 more | 2024-12-16 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2023-20584 | 2 Amd, Redhat | 135 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 132 more | 2024-12-12 | 5.3 Medium |
| IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. | ||||
| CVE-2024-20919 | 2 Oracle, Redhat | 10 Graalvm, Graalvm For Jdk, Jdk and 7 more | 2024-12-09 | 5.9 Medium |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). | ||||
| CVE-2024-11159 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2024-12-06 | 5.3 Medium |
| Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1. | ||||
| CVE-2024-44244 | 2 Apple, Redhat | 13 Ipados, Iphone Os, Macos and 10 more | 2024-12-06 | 4.3 Medium |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2024-38796 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2024-12-06 | 5.9 Medium |
| EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | ||||
| CVE-2023-36664 | 4 Artifex, Debian, Fedoraproject and 1 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2024-12-05 | 7.8 High |
| Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||||
| CVE-2022-2795 | 4 Debian, Fedoraproject, Isc and 1 more | 5 Debian Linux, Fedora, Bind and 2 more | 2024-11-29 | 5.3 Medium |
| By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | ||||
| CVE-2023-29491 | 2 Gnu, Redhat | 3 Ncurses, Enterprise Linux, Rhel Eus | 2024-11-27 | 7.8 High |
| ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | ||||
| CVE-2023-38403 | 7 Apple, Debian, Es and 4 more | 12 Macos, Debian Linux, Iperf3 and 9 more | 2024-11-27 | 7.5 High |
| iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | ||||
| CVE-2023-38710 | 2 Libreswan, Redhat | 5 Libreswan, Enterprise Linux, Openshift and 2 more | 2024-11-26 | 6.5 Medium |
| An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. | ||||
| CVE-2024-30156 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-11-21 | 7.5 High |
| Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. | ||||
| CVE-2024-8386 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2024-11-21 | 6.1 Medium |
| If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | ||||
| CVE-2024-7348 | 2 Postgresql, Redhat | 7 Postgresql, Enterprise Linux, Rhel Aus and 4 more | 2024-11-21 | 8.8 High |
| Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. | ||||
| CVE-2024-6345 | 1 Redhat | 9 Enterprise Linux, Openshift, Openshift Devspaces and 6 more | 2024-11-21 | 8.8 High |
| A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. | ||||