ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Logging
Subscriptions
Total
141 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1086 | 5 Debian, Fedoraproject, Linux and 2 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2025-10-27 | 7.8 High |
| A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | ||||
| CVE-2022-30631 | 2 Golang, Redhat | 21 Go, Acm, Advanced Cluster Security and 18 more | 2025-10-20 | 7.5 High |
| Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | ||||
| CVE-2023-27539 | 3 Debian, Rack, Redhat | 7 Debian Linux, Rack, Enterprise Linux and 4 more | 2025-10-10 | 5.3 Medium |
| There is a denial of service vulnerability in the header parsing component of Rack. | ||||
| CVE-2022-25883 | 2 Npmjs, Redhat | 10 Semver, Acm, Enterprise Linux and 7 more | 2025-09-23 | 5.3 Medium |
| Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. | ||||
| CVE-2024-45801 | 2 Cure53, Redhat | 8 Dompurify, Acm, Ansible Automation Platform and 5 more | 2025-09-22 | 7.3 High |
| DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2021-20190 | 6 Apache, Debian, Fasterxml and 3 more | 10 Nifi, Debian Linux, Jackson-databind and 7 more | 2025-08-28 | 8.1 High |
| A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-36518 | 5 Debian, Fasterxml, Netapp and 2 more | 49 Debian Linux, Jackson-databind, Active Iq Unified Manager and 46 more | 2025-08-28 | 7.5 High |
| jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | ||||
| CVE-2020-35728 | 5 Debian, Fasterxml, Netapp and 2 more | 42 Debian Linux, Jackson-databind, Service Level Manager and 39 more | 2025-08-28 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). | ||||
| CVE-2023-26136 | 2 Redhat, Salesforce | 8 Acm, Jboss Enterprise Application Platform, Logging and 5 more | 2025-08-27 | 6.5 Medium |
| Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. | ||||
| CVE-2022-32149 | 2 Golang, Redhat | 10 Text, Acm, Container Native Virtualization and 7 more | 2025-05-16 | 7.5 High |
| An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. | ||||
| CVE-2022-37603 | 2 Redhat, Webpack.js | 8 Jboss Data Grid, Logging, Migration Toolkit Applications and 5 more | 2025-05-15 | 7.5 High |
| A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. | ||||
| CVE-2022-41723 | 2 Golang, Redhat | 22 Go, Hpack, Http2 and 19 more | 2025-05-05 | 7.5 High |
| A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | ||||
| CVE-2022-24999 | 4 Debian, Openjsf, Qs Project and 1 more | 12 Debian Linux, Express, Qs and 9 more | 2025-04-29 | 7.5 High |
| qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: [email protected]" in its release description, is not vulnerable). | ||||
| CVE-2022-21698 | 4 Fedoraproject, Prometheus, Rdo Project and 1 more | 17 Extra Packages For Enterprise Linux, Fedora, Client Golang and 14 more | 2025-04-23 | 7.5 High |
| client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. | ||||
| CVE-2021-35065 | 2 Gulpjs, Redhat | 8 Glob-parent, Enterprise Linux, Logging and 5 more | 2025-04-14 | 7.5 High |
| The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression. | ||||
| CVE-2021-38561 | 2 Golang, Redhat | 6 Text, Acm, Container Native Virtualization and 3 more | 2025-04-14 | 7.5 High |
| golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack. | ||||
| CVE-2021-33631 | 2 Openatom, Redhat | 5 Openeuler, Enterprise Linux, Logging and 2 more | 2025-04-02 | 5.5 Medium |
| Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. | ||||
| CVE-2022-48624 | 2 Greenwoodsoftware, Redhat | 4 Less, Enterprise Linux, Logging and 1 more | 2025-03-27 | 7.8 High |
| close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. | ||||
| CVE-2024-24790 | 2 Golang, Redhat | 20 Go, Advanced Cluster Security, Ansible Automation Platform and 17 more | 2025-02-13 | 9.8 Critical |
| The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | ||||
| CVE-2023-4244 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-02-13 | 7.8 High |
| A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8. | ||||