Filtered by vendor Subscriptions
Total 274592 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-28362 1 Redhat 1 Satellite 2023-06-27 4.7 Medium
A Cross-site Scripting (XSS) vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned location header.
CVE-2023-33426 2023-05-24 9.8 Critical
A vulnerability was found in Apache RocketMQ where, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification. This flaw allows an attacker to use the update configuration function to execute commands as the system users that RocketMQ is running as.
CVE-2023-23913 2023-03-20 7.5 High
A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting (XSS), which could lead to stolen information, phishing attacks, and other types of attacks.
CVE-2023-27539 1 Redhat 5 Enterprise Linux, Logging, Rhel Eus and 2 more 2023-03-15 5.3 Medium
A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service.
CVE-2023-28120 1 Redhat 1 Logging 2023-03-15 6.1 Medium
A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed.
CVE-2022-31631 1 Redhat 1 Enterprise Linux 2023-01-05 5.9 Medium
A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place.
CVE-2022-21505 1 Redhat 1 Enterprise Linux 2022-07-19 6.7 Medium
An authentication bypass flaw was found in the Linux kernel’s IMA policy when a user performs lockdown. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-28693 1 Redhat 4 Enterprise Linux, Rhel Eus, Rhel Extras Rt and 1 more 2022-07-13 4.7 Medium
A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access.
CVE-2022-1736 2022-05-19 4.3 Medium
A vulnerability was found in Gnome Control Center. When turning off RDP Remote Desktop Sharing with gnome-control-center, it would only turn off RDP sharing for the current session. RDP Sharing was enabled again without any additional user interaction or notification upon logging back in.
CVE-2021-25635 1 Redhat 1 Enterprise Linux 2021-10-11 6.3 Medium
A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2021-27017 2021-02-10 6.6 Medium
A flaw was found in puppet-agent. Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2019-15690 1 Redhat 2 Enterprise Linux, Rhel E4s 2019-12-20 9.8 Critical
A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.