ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15659 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5176 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-05-01 | 9.8 Critical |
| Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | ||||
| CVE-2020-11993 | 8 Apache, Canonical, Debian and 5 more | 16 Http Server, Ubuntu Linux, Debian Linux and 13 more | 2025-05-01 | 7.5 High |
| Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. | ||||
| CVE-2021-33193 | 6 Apache, Debian, Fedoraproject and 3 more | 9 Http Server, Debian Linux, Fedora and 6 more | 2025-05-01 | 7.5 High |
| A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | ||||
| CVE-2021-36160 | 7 Apache, Broadcom, Debian and 4 more | 16 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 13 more | 2025-05-01 | 7.5 High |
| A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | ||||
| CVE-2021-39275 | 7 Apache, Debian, Fedoraproject and 4 more | 14 Http Server, Debian Linux, Fedora and 11 more | 2025-05-01 | 9.8 Critical |
| ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. | ||||
| CVE-2021-44790 | 8 Apache, Apple, Debian and 5 more | 20 Http Server, Mac Os X, Macos and 17 more | 2025-05-01 | 9.8 Critical |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | ||||
| CVE-2022-23943 | 5 Apache, Debian, Fedoraproject and 2 more | 8 Http Server, Debian Linux, Fedora and 5 more | 2025-05-01 | 9.8 Critical |
| Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. | ||||
| CVE-2022-26377 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Clustered Data Ontap and 3 more | 2025-05-01 | 7.5 High |
| Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. | ||||
| CVE-2022-30556 | 4 Apache, Fedoraproject, Netapp and 1 more | 5 Http Server, Fedora, Clustered Data Ontap and 2 more | 2025-05-01 | 7.5 High |
| Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | ||||
| CVE-2022-31813 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Clustered Data Ontap and 3 more | 2025-05-01 | 9.8 Critical |
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. | ||||
| CVE-2023-27522 | 4 Apache, Debian, Redhat and 1 more | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2025-05-01 | 7.5 High |
| HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. | ||||
| CVE-2022-45060 | 5 Debian, Fedoraproject, Redhat and 2 more | 11 Debian Linux, Fedora, Enterprise Linux and 8 more | 2025-05-01 | 7.5 High |
| An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | ||||
| CVE-2024-30203 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Org Mode and 1 more | 2025-05-01 | 5.5 Medium |
| In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | ||||
| CVE-2024-30204 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Org Mode and 1 more | 2025-05-01 | 2.8 Low |
| In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | ||||
| CVE-2024-30205 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Org Mode and 1 more | 2025-05-01 | 7.1 High |
| In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | ||||
| CVE-2024-21896 | 2 Nodejs, Redhat | 3 Node.js, Nodejs, Enterprise Linux | 2025-05-01 | 9.8 Critical |
| The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
| CVE-2024-21892 | 3 Linux, Nodejs, Redhat | 4 Linux Kernel, Node.js, Enterprise Linux and 1 more | 2025-05-01 | 7.8 High |
| On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. | ||||
| CVE-2024-21890 | 2 Nodejs, Redhat | 2 Node.js, Enterprise Linux | 2025-05-01 | 6.5 Medium |
| The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give access to everything after `.ssh/`. This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
| CVE-2024-21891 | 2 Nodejs, Redhat | 3 Node.js, Nodejs, Enterprise Linux | 2025-05-01 | 8.8 High |
| Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
| CVE-2022-35256 | 5 Debian, Llhttp, Nodejs and 2 more | 7 Debian Linux, Llhttp, Node.js and 4 more | 2025-05-01 | 6.5 Medium |
| The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | ||||