Filtered by vendor Redhat Subscriptions
Filtered by product Rhel Eus Long Life Subscriptions

Search

Switch to Advanced Search (Beta)
Total 23 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-4138 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-07-07 7.5 High
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVE-2025-48060 2 Jqlang, Redhat 7 Jq, Enterprise Linux, Rhel Aus and 4 more 2025-06-24 7.5 High
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
CVE-2024-23337 2 Jqlang, Redhat 7 Jq, Enterprise Linux, Rhel Aus and 4 more 2025-06-24 4.3 Medium
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.