ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Cryostat
Subscriptions
Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34158 | 2 Go Build Constraint, Redhat | 11 Go Standard Library, Cryostat, Enterprise Linux and 8 more | 2024-11-21 | 7.5 High |
| Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | ||||
| CVE-2024-34156 | 2 Go Standard Library, Redhat | 19 Encoding\/gob, Advanced Cluster Security, Ceph Storage and 16 more | 2024-11-21 | 7.5 High |
| Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. | ||||
| CVE-2024-34155 | 1 Redhat | 15 Ceph Storage, Cost Management, Cryostat and 12 more | 2024-11-21 | 4.3 Medium |
| Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. | ||||
| CVE-2024-30171 | 1 Redhat | 6 Amq Broker, Apache Camel Spring Boot, Camel Quarkus and 3 more | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing. | ||||
| CVE-2024-24791 | 2 Go Standard Library, Redhat | 20 Net\/http, Amq Streams, Ceph Storage and 17 more | 2024-11-21 | 7.5 High |
| The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. | ||||
| CVE-2023-4043 | 2 Eclipse, Redhat | 6 Parsson, Camel Quarkus, Camel Spring Boot and 3 more | 2024-11-21 | 5.9 Medium |
| In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. | ||||
| CVE-2023-3978 | 2 Golang, Redhat | 8 Networking, Cryostat, Enterprise Linux and 5 more | 2024-11-21 | 6.1 Medium |
| Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. | ||||
| CVE-2022-28948 | 3 Netapp, Redhat, Yaml Project | 4 Astra Trident, Cryostat, Openshift Devspaces and 1 more | 2024-11-21 | 7.5 High |
| An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. | ||||
| CVE-2022-25647 | 5 Debian, Google, Netapp and 2 more | 14 Debian Linux, Gson, Active Iq Unified Manager and 11 more | 2024-11-21 | 7.7 High |
| The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | ||||
| CVE-2022-1996 | 3 Fedoraproject, Go-restful Project, Redhat | 6 Fedora, Go-restful, Container Native Virtualization and 3 more | 2024-11-21 | 9.1 Critical |
| Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. | ||||
| CVE-2021-44716 | 4 Debian, Golang, Netapp and 1 more | 16 Debian Linux, Go, Cloud Insights Telegraf and 13 more | 2024-11-21 | 7.5 High |
| net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | ||||
| CVE-2021-3121 | 3 Golang, Hashicorp, Redhat | 9 Protobuf, Consul, Acm and 6 more | 2024-11-21 | 8.6 High |
| An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. | ||||
| CVE-2020-26160 | 2 Jwt-go Project, Redhat | 6 Jwt-go, Container Native Virtualization, Cryostat and 3 more | 2024-11-21 | 7.5 High |
| jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. | ||||