Filtered by vendor Redhat Subscriptions
Filtered by product Cryostat Subscriptions
Total 53 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-34158 2 Go Build Constraint, Redhat 11 Go Standard Library, Cryostat, Enterprise Linux and 8 more 2024-11-21 7.5 High
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34156 2 Go Standard Library, Redhat 19 Encoding\/gob, Advanced Cluster Security, Ceph Storage and 16 more 2024-11-21 7.5 High
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
CVE-2024-34155 1 Redhat 15 Ceph Storage, Cost Management, Cryostat and 12 more 2024-11-21 4.3 Medium
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CVE-2024-30171 1 Redhat 6 Amq Broker, Apache Camel Spring Boot, Camel Quarkus and 3 more 2024-11-21 5.9 Medium
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
CVE-2024-24791 2 Go Standard Library, Redhat 20 Net\/http, Amq Streams, Ceph Storage and 17 more 2024-11-21 7.5 High
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
CVE-2023-4043 2 Eclipse, Redhat 6 Parsson, Camel Quarkus, Camel Spring Boot and 3 more 2024-11-21 5.9 Medium
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.
CVE-2023-3978 2 Golang, Redhat 8 Networking, Cryostat, Enterprise Linux and 5 more 2024-11-21 6.1 Medium
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
CVE-2022-28948 3 Netapp, Redhat, Yaml Project 4 Astra Trident, Cryostat, Openshift Devspaces and 1 more 2024-11-21 7.5 High
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
CVE-2022-25647 5 Debian, Google, Netapp and 2 more 14 Debian Linux, Gson, Active Iq Unified Manager and 11 more 2024-11-21 7.7 High
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
CVE-2022-1996 3 Fedoraproject, Go-restful Project, Redhat 6 Fedora, Go-restful, Container Native Virtualization and 3 more 2024-11-21 9.1 Critical
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
CVE-2021-44716 4 Debian, Golang, Netapp and 1 more 16 Debian Linux, Go, Cloud Insights Telegraf and 13 more 2024-11-21 7.5 High
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
CVE-2021-3121 3 Golang, Hashicorp, Redhat 9 Protobuf, Consul, Acm and 6 more 2024-11-21 8.6 High
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
CVE-2020-26160 2 Jwt-go Project, Redhat 6 Jwt-go, Container Native Virtualization, Cryostat and 3 more 2024-11-21 7.5 High
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.