Export limit exceeded: 23296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38037 | 1 Redhat | 3 Logging, Satellite, Satellite Capsule | 2026-04-15 | 3.3 Low |
| ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||
| CVE-2023-38575 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.5 Medium |
| Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2023-39333 | 2 Nodejs, Redhat | 2 Nodejs, Enterprise Linux | 2026-04-15 | 5.3 Medium |
| Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. | ||||
| CVE-2023-39368 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 6.5 Medium |
| Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2023-43490 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.3 Medium |
| Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-43758 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-04-15 | 8.2 High |
| Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-45288 | 3 Go Standard Library, Golang, Redhat | 33 Net\/http, Http2, Acm and 30 more | 2026-04-15 | 7.5 High |
| An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. | ||||
| CVE-2023-45289 | 1 Redhat | 12 Advanced Cluster Security, Enterprise Linux, Logging and 9 more | 2026-04-15 | 4.3 Medium |
| When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. | ||||
| CVE-2023-45290 | 1 Redhat | 20 Advanced Cluster Security, Ansible Automation Platform, Ceph Storage and 17 more | 2026-04-15 | 6.5 Medium |
| When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. | ||||
| CVE-2023-0657 | 1 Redhat | 2 Build Keycloak, Red Hat Single Sign On | 2026-04-15 | 3.4 Low |
| A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions. | ||||
| CVE-2023-1419 | 1 Redhat | 2 Debezium, Integration | 2026-04-15 | 5.9 Medium |
| A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data. | ||||
| CVE-2023-1973 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus | 2026-04-15 | 7.5 High |
| A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory. | ||||
| CVE-2023-22655 | 2 Intel, Redhat | 12 3rd Gen Intel Xeon Scalable Processor Family, 4th Gen Intel Xeon Bronze Processors, 4th Gen Intel Xeon Gold Processors and 9 more | 2026-04-15 | 6.1 Medium |
| Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-2593 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.9 Medium |
| A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system. | ||||
| CVE-2023-28120 | 1 Redhat | 1 Logging | 2026-04-15 | 5.3 Medium |
| There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. | ||||
| CVE-2023-28362 | 1 Redhat | 1 Satellite | 2026-04-15 | 4 Medium |
| The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. | ||||
| CVE-2022-4975 | 1 Redhat | 1 Advanced Cluster Security | 2026-04-15 | 8.9 High |
| A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2021-4472 | 1 Redhat | 1 Openstack | 2026-04-15 | 6.5 Medium |
| The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content. | ||||
| CVE-2022-2232 | 1 Redhat | 1 Red Hat Single Sign On | 2026-04-15 | 7.5 High |
| A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. | ||||
| CVE-2022-28693 | 1 Redhat | 4 Enterprise Linux, Rhel Eus, Rhel Extras Rt and 1 more | 2026-04-15 | 4.7 Medium |
| Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||||