Filtered by vendor Redhat
Subscriptions
Total
22796 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0406 | 2 Mholt, Redhat | 4 Archiver, Advanced Cluster Security, Openshift and 1 more | 2025-04-26 | 6.1 Medium |
| A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library. | ||||
| CVE-2025-22228 | 1 Redhat | 1 Apache Camel Spring Boot | 2025-04-25 | 7.4 High |
| BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. | ||||
| CVE-2024-9287 | 2 Python, Redhat | 4 Cpython, Python, Enterprise Linux and 1 more | 2025-04-25 | 7.8 High |
| A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | ||||
| CVE-2024-3447 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2025-04-25 | 6 Medium |
| A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | ||||
| CVE-2018-5733 | 4 Canonical, Debian, Isc and 1 more | 9 Ubuntu Linux, Debian Linux, Dhcp and 6 more | 2025-04-25 | 7.5 High |
| A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. | ||||
| CVE-2022-45887 | 3 Linux, Netapp, Redhat | 14 Linux Kernel, H300s, H300s Firmware and 11 more | 2025-04-25 | 4.7 Medium |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | ||||
| CVE-2022-38900 | 2 Decode-uri-component Project, Redhat | 7 Decode-uri-component, Enterprise Linux, Jboss Enterprise Bpms Platform and 4 more | 2025-04-25 | 7.5 High |
| decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. | ||||
| CVE-2024-21501 | 3 Apostrophecms, Fedoraproject, Redhat | 5 Sanitize-html, Fedora, Acm and 2 more | 2025-04-25 | 5.3 Medium |
| Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server. | ||||
| CVE-2022-45873 | 3 Fedoraproject, Redhat, Systemd Project | 3 Fedora, Enterprise Linux, Systemd | 2025-04-25 | 5.5 Medium |
| systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. | ||||
| CVE-2024-22371 | 2 Apache, Redhat | 2 Camel, Openshift Serverless | 2025-04-25 | 2.9 Low |
| Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. | ||||
| CVE-2025-0938 | 1 Redhat | 2 Discovery, Enterprise Linux | 2025-04-25 | 6.8 Medium |
| The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers. | ||||
| CVE-2024-4367 | 4 Debian, Mozilla, Open-xchange and 1 more | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2025-04-24 | 5.6 Medium |
| A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | ||||
| CVE-2022-45869 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-04-24 | 5.5 Medium |
| A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. | ||||
| CVE-2023-2603 | 4 Debian, Fedoraproject, Libcap Project and 1 more | 5 Debian Linux, Fedora, Libcap and 2 more | 2025-04-24 | 7.8 High |
| A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. | ||||
| CVE-2022-32224 | 2 Activerecord Project, Redhat | 2 Activerecord, Satellite | 2025-04-24 | 9.8 Critical |
| A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. | ||||
| CVE-2021-37533 | 3 Apache, Debian, Redhat | 4 Commons Net, Debian Linux, Camel Quarkus and 1 more | 2025-04-24 | 6.5 Medium |
| Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. | ||||
| CVE-2023-6535 | 2 Linux, Redhat | 19 Linux Kernel, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 16 more | 2025-04-24 | 6.5 Medium |
| A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | ||||
| CVE-2024-49995 | 1 Redhat | 1 Enterprise Linux | 2025-04-24 | 7.1 High |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2020-35498 | 4 Debian, Fedoraproject, Openvswitch and 1 more | 5 Debian Linux, Fedora, Openvswitch and 2 more | 2025-04-23 | 7.5 High |
| A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-25638 | 5 Debian, Hibernate, Oracle and 2 more | 15 Debian Linux, Hibernate Orm, Communications Cloud Native Core Console and 12 more | 2025-04-23 | 7.4 High |
| A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||