Filtered by vendor Redhat
Subscriptions
Total
23068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2156 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. | ||||
| CVE-2023-2124 | 4 Debian, Linux, Netapp and 1 more | 18 Debian Linux, Linux Kernel, H300s and 15 more | 2024-11-21 | 7.8 High |
| An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||||
| CVE-2023-2002 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more | 2024-11-21 | 6.8 Medium |
| A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. | ||||
| CVE-2023-29824 | 2 Redhat, Scipy | 2 Openshift, Scipy | 2024-11-21 | 9.8 Critical |
| A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue. | ||||
| CVE-2023-28487 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-11-21 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in sudoreplay output. | ||||
| CVE-2023-28486 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-11-21 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in log messages. | ||||
| CVE-2023-28464 | 3 Linux, Netapp, Redhat | 7 Linux Kernel, H300s Firmware, H410c Firmware and 4 more | 2024-11-21 | 7.8 High |
| hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | ||||
| CVE-2023-28322 | 5 Apple, Fedoraproject, Haxx and 2 more | 17 Macos, Fedora, Curl and 14 more | 2024-11-21 | 3.7 Low |
| An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | ||||
| CVE-2023-27540 | 2 Ibm, Redhat | 3 Cloud Pak For Data, Watson Cp4d Data Stores, Openshift | 2024-11-21 | 5.9 Medium |
| IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924. | ||||
| CVE-2023-27533 | 5 Fedoraproject, Haxx, Netapp and 2 more | 15 Fedora, Curl, Active Iq Unified Manager and 12 more | 2024-11-21 | 8.8 High |
| A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. | ||||
| CVE-2023-26364 | 2 Adobe, Redhat | 4 Css-tools, Migration Toolkit Applications, Migration Toolkit Runtimes and 1 more | 2024-11-21 | 5.3 Medium |
| @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges. | ||||
| CVE-2023-26144 | 2 Graphql, Redhat | 3 Graphql, Advanced Cluster Security, Migration Toolkit Virtualization | 2024-11-21 | 5.3 Medium |
| Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process. | ||||
| CVE-2023-26141 | 2 Contribsys, Redhat | 2 Sidekiq, Satellite | 2024-11-21 | 7.5 High |
| Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. | ||||
| CVE-2023-25136 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 10 Fedora, 500f, 500f Firmware and 7 more | 2024-11-21 | 6.5 Medium |
| OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | ||||
| CVE-2023-24532 | 2 Golang, Redhat | 10 Go, Enterprise Linux, Migration Toolkit Applications and 7 more | 2024-11-21 | 5.3 Medium |
| The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. | ||||
| CVE-2023-24023 | 3 Bluetooth, Microsoft, Redhat | 11 Bluetooth Core Specification, Windows 10 1809, Windows 10 21h2 and 8 more | 2024-11-21 | 6.4 Medium |
| Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. | ||||
| CVE-2023-23915 | 4 Haxx, Netapp, Redhat and 1 more | 13 Curl, Active Iq Unified Manager, Clustered Data Ontap and 10 more | 2024-11-21 | 6.5 Medium |
| A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. | ||||
| CVE-2023-23468 | 2 Ibm, Redhat | 2 Robotic Process Automation, Openshift | 2024-11-21 | 5.1 Medium |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500. | ||||
| CVE-2023-22799 | 2 Redhat, Rubyonrails | 2 Satellite, Globalid | 2024-11-21 | 7.5 High |
| A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||
| CVE-2023-22795 | 4 Debian, Redhat, Ruby-lang and 1 more | 4 Debian Linux, Satellite, Ruby and 1 more | 2024-11-21 | 7.5 High |
| A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||