Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Subscriptions
Total 14173 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8385 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Enterprise Linux and 5 more 2024-09-06 9.8 Critical
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
CVE-2024-8384 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Enterprise Linux and 5 more 2024-09-06 9.8 Critical
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
CVE-2024-8381 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Enterprise Linux and 5 more 2024-09-06 9.8 Critical
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
CVE-2024-41946 2 Redhat, Ruby-lang 5 Enterprise Linux, Rhel E4s, Rhel Eus and 2 more 2024-09-05 5.3 Medium
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
CVE-2022-48936 1 Redhat 1 Enterprise Linux 2024-08-31 0.0 Low
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-44070 2 Frrouting, Redhat 2 Frrouting, Enterprise Linux 2024-08-30 9.8 Critical
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVE-2024-7524 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Enterprise Linux and 5 more 2024-08-29 6.1 Medium
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
CVE-2024-43398 1 Redhat 4 Enterprise Linux, Rhel E4s, Rhel Eus and 1 more 2024-08-23 5.9 Medium
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
CVE-2024-37353 1 Redhat 1 Enterprise Linux 2024-08-22 4.4 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-7520 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-20 8.8 High
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
CVE-2024-7527 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-20 8.8 High
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7528 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.8 Critical
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
CVE-2024-7529 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 8.1 High
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7525 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.1 Critical
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7522 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.1 Critical
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7521 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.8 Critical
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7519 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 8.8 High
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-42226 1 Redhat 1 Enterprise Linux 2024-08-12 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-6472 2 Redhat, The Document Foundation 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2024-08-06 7.8 High
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.
CVE-2024-35918 1 Redhat 1 Enterprise Linux 2024-07-30 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.