Export limit exceeded: 23276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2232 | 1 Redhat | 1 Red Hat Single Sign On | 2026-04-15 | 7.5 High |
| A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. | ||||
| CVE-2022-28693 | 1 Redhat | 4 Enterprise Linux, Rhel Eus, Rhel Extras Rt and 1 more | 2026-04-15 | 4.7 Medium |
| Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2024-2905 | 1 Redhat | 3 Enterprise Linux, Openshift, Rhel Eus | 2026-04-15 | 6.2 Medium |
| A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access. | ||||
| CVE-2024-9620 | 1 Redhat | 1 Ansible Automation Platform | 2026-04-15 | 5.3 Medium |
| A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases. | ||||
| CVE-2019-15690 | 1 Redhat | 2 Enterprise Linux, Rhel E4s | 2026-04-15 | 8.8 High |
| LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution. | ||||
| CVE-2024-21885 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-04-15 | 7.8 High |
| A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments. | ||||
| CVE-2024-21886 | 2 Redhat, Xorg | 8 Enterprise Linux, Rhel Aus, Rhel E4s and 5 more | 2026-04-15 | 7.8 High |
| A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. | ||||
| CVE-2024-12905 | 1 Redhat | 2 Openshift Devspaces, Rhdh | 2026-04-15 | 7.5 High |
| An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8. | ||||
| CVE-2023-43490 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.3 Medium |
| Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-43758 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-04-15 | 8.2 High |
| Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-45289 | 1 Redhat | 12 Advanced Cluster Security, Enterprise Linux, Logging and 9 more | 2026-04-15 | 4.3 Medium |
| When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. | ||||
| CVE-2023-45733 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 2.8 Low |
| Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. | ||||
| CVE-2023-46103 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 4.7 Medium |
| Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-4639 | 1 Redhat | 14 Camel Quarkus, Camel Spring Boot, Integration and 11 more | 2026-04-15 | 7.4 High |
| A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity. | ||||
| CVE-2023-46809 | 2 Nodejs, Redhat | 3 Nodejs, Enterprise Linux, Rhel Eus | 2026-04-15 | 7.4 High |
| Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key. | ||||
| CVE-2023-4727 | 1 Redhat | 6 Certificate System Eus, Enterprise Linux, Rhel Aus and 3 more | 2026-04-15 | 7.5 High |
| A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege. | ||||
| CVE-2024-6409 | 1 Redhat | 4 Enterprise Linux, Openshift, Rhel E4s and 1 more | 2026-04-15 | 7 High |
| A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. | ||||
| CVE-2024-12125 | 1 Redhat | 1 Red Hat 3scale Amp | 2026-04-15 | 7.5 High |
| A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information. | ||||
| CVE-2024-1233 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus, Jbosseapxp | 2026-04-15 | 7.3 High |
| A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability. | ||||
| CVE-2023-39333 | 2 Nodejs, Redhat | 2 Nodejs, Enterprise Linux | 2026-04-15 | 5.3 Medium |
| Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. | ||||