ReportizFlow
Filtered by vendor Redhat
Subscriptions
Total
23048 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27304 | 4 Jackc, Pgproto3 Project, Pgx Project and 1 more | 4 Pgx, Pgproto3, Pgx and 1 more | 2025-12-04 | 9.8 Critical |
| pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size. | ||||
| CVE-2025-62231 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2025-12-04 | 7.3 High |
| A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash. | ||||
| CVE-2025-62230 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2025-12-04 | 7.3 High |
| A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect. | ||||
| CVE-2025-62229 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2025-12-04 | 7.3 High |
| A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service. | ||||
| CVE-2016-9842 | 8 Apple, Canonical, Debian and 5 more | 22 Iphone Os, Mac Os X, Tvos and 19 more | 2025-12-04 | 8.8 High |
| The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | ||||
| CVE-2016-9318 | 4 Canonical, Redhat, Xmlsec Project and 1 more | 4 Ubuntu Linux, Jboss Core Services, Xmlsec and 1 more | 2025-12-04 | 5.5 Medium |
| libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. | ||||
| CVE-2016-5131 | 8 Apple, Canonical, Debian and 5 more | 18 Iphone Os, Mac Os X, Tvos and 15 more | 2025-12-04 | 8.8 High |
| Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | ||||
| CVE-2016-3627 | 7 Canonical, Debian, Hp and 4 more | 15 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 12 more | 2025-12-04 | 7.5 High |
| The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | ||||
| CVE-2025-57850 | 1 Redhat | 1 Openshift Devspaces | 2025-12-04 | 5.2 Medium |
| A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2025-12744 | 1 Redhat | 1 Enterprise Linux | 2025-12-04 | 8.8 High |
| A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges. | ||||
| CVE-2017-13035 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). | ||||
| CVE-2017-13034 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | ||||
| CVE-2017-13031 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). | ||||
| CVE-2017-13028 | 3 Debian, Redhat, Tcpdump | 3 Debian Linux, Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). | ||||
| CVE-2017-13025 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | ||||
| CVE-2017-13024 | 3 Debian, Redhat, Tcpdump | 3 Debian Linux, Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | ||||
| CVE-2017-13022 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). | ||||
| CVE-2017-13021 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). | ||||
| CVE-2017-13020 | 3 Debian, Redhat, Tcpdump | 3 Debian Linux, Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | ||||
| CVE-2017-13019 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | ||||