Filtered by vendor Redhat Subscriptions
Filtered by product Discovery Subscriptions
Total 32 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-44270 2 Postcss, Redhat 7 Postcss, Discovery, Openshift and 4 more 2024-11-21 5.3 Medium
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.
CVE-2020-1712 3 Debian, Redhat, Systemd Project 8 Debian Linux, Ceph Storage, Discovery and 5 more 2024-11-21 7.8 High
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
CVE-2024-31449 2 Redhat, Redis 3 Discovery, Enterprise Linux, Redis 2024-11-19 7 High
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-21536 2 Chimurai, Redhat 7 Http-proxy-middleware, Advanced Cluster Security, Discovery and 4 more 2024-11-01 7.5 High
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
CVE-2024-42005 2 Djangoproject, Redhat 6 Django, Ansible Automation Platform, Discovery and 3 more 2024-10-23 9.8 Critical
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
CVE-2024-31228 1 Redhat 2 Discovery, Enterprise Linux 2024-10-10 5.5 Medium
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-43800 2 Openjsf, Redhat 11 Serve-static, Discovery, Network Observ Optr and 8 more 2024-09-20 5 Medium
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
CVE-2024-43799 2 Redhat, Send Project 11 Discovery, Network Observ Optr, Openshift and 8 more 2024-09-20 5 Medium
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
CVE-2024-45590 3 Expressjs, Openjsf, Redhat 13 Body-parser, Body-parser, Advanced Cluster Security and 10 more 2024-09-20 7.5 High
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
CVE-2024-43796 2 Openjsf, Redhat 11 Express, Discovery, Network Observ Optr and 8 more 2024-09-20 5 Medium
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
CVE-2024-39338 2 Axios, Redhat 8 Axios, Discovery, Network Observ Optr and 5 more 2024-08-23 4 Medium
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVE-2024-41991 2 Djangoproject, Redhat 6 Django, Ansible Automation Platform, Discovery and 3 more 2024-08-12 7.5 High
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.