Export limit exceeded: 16457 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (16457 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36039 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 6.3 Medium |
| PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. | ||||
| CVE-2024-10306 | 1 Redhat | 3 Enterprise Linux, Jboss Core Services, Rhel Eus | 2026-04-15 | 5.4 Medium |
| A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic. | ||||
| CVE-2024-24582 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-04-15 | 7.5 High |
| Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-2756 | 2 Php, Redhat | 2 Archive Tar, Enterprise Linux | 2026-04-15 | 6.5 Medium |
| Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. | ||||
| CVE-2024-24783 | 1 Redhat | 23 Advanced Cluster Security, Ansible Automation Platform, Ceph Storage and 20 more | 2026-04-15 | 5.9 Medium |
| Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. | ||||
| CVE-2024-24784 | 2 Go Standard Library, Redhat | 14 Net\/mail, Advanced Cluster Security, Ceph Storage and 11 more | 2026-04-15 | 7.5 High |
| The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. | ||||
| CVE-2024-24785 | 1 Redhat | 18 Ceph Storage, Enterprise Linux, Kube Descheduler Operator and 15 more | 2026-04-15 | 5.4 Medium |
| If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. | ||||
| CVE-2024-24786 | 2 Golang, Redhat | 24 Go, Acm, Ceph Storage and 21 more | 2026-04-15 | 7.5 High |
| The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | ||||
| CVE-2024-24788 | 1 Redhat | 15 Ansible Automation Platform, Ceph Storage, Cost Management and 12 more | 2026-04-15 | 5.9 Medium |
| A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | ||||
| CVE-2024-21823 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2026-04-15 | 7.5 High |
| Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access | ||||
| CVE-2024-24791 | 2 Go Standard Library, Redhat | 20 Net\/http, Amq Streams, Ceph Storage and 17 more | 2026-04-15 | 7.5 High |
| The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. | ||||
| CVE-2023-5342 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 4.1 Medium |
| The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded. | ||||
| CVE-2024-10963 | 1 Redhat | 4 Enterprise Linux, Openshift, Openshift Ai and 1 more | 2026-04-15 | 7.4 High |
| A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. | ||||
| CVE-2023-32253 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.9 Medium |
| A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service. | ||||
| CVE-2024-2199 | 1 Redhat | 4 Directory Server, Directory Server E4s, Enterprise Linux and 1 more | 2026-04-15 | 5.7 Medium |
| A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. | ||||
| CVE-2024-4076 | 2 Isc, Redhat | 7 Bind, Enterprise Linux, Openshift and 4 more | 2026-04-15 | 7.5 High |
| Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. | ||||
| CVE-2024-22018 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | N/A |
| A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
| CVE-2024-22020 | 2 Nodejs, Redhat | 2 Nodejs, Enterprise Linux | 2026-04-15 | 6.5 Medium |
| A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers. | ||||
| CVE-2024-27281 | 2 Redhat, Ruby | 2 Enterprise Linux, Rdoc | 2026-04-15 | 4.5 Medium |
| An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1. | ||||
| CVE-2024-27280 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2026-04-15 | 9.8 Critical |
| A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. | ||||