Search Results (23506 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-22863 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2025-04-03 5.9 Medium
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.
CVE-2023-22594 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2025-04-03 4.6 Medium
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.
CVE-2022-47024 2 Redhat, Vim 2 Enterprise Linux, Vim 2025-04-03 7.8 High
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
CVE-2022-47015 2 Mariadb, Redhat 3 Mariadb, Enterprise Linux, Rhel Software Collections 2025-04-03 6.5 Medium
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
CVE-2022-48281 3 Debian, Libtiff, Redhat 3 Debian Linux, Libtiff, Enterprise Linux 2025-04-03 5.5 Medium
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
CVE-2023-22592 2 Ibm, Redhat 2 Robotic Process Automation For Cloud Pak, Openshift 2025-04-03 4 Medium
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.
CVE-2025-27553 2 Apache, Redhat 2 Commons Vfs, Rhel Els 2025-04-02 7.5 High
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.
CVE-2024-23114 2 Apache, Redhat 2 Camel, Camel K 2025-04-02 9.8 Critical
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
CVE-2024-1551 3 Debian, Mozilla, Redhat 8 Debian Linux, Firefox, Thunderbird and 5 more 2025-04-02 6.1 Medium
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CVE-2024-22234 2 Redhat, Vmware 4 Apache Camel Spring Boot, Openshift Devspaces, Rhboac Hawtio and 1 more 2025-04-02 7.4 High
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html  or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
CVE-2021-33631 2 Openatom, Redhat 5 Openeuler, Enterprise Linux, Logging and 2 more 2025-04-02 5.5 Medium
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.
CVE-2021-33656 4 Debian, Linux, Openatom and 1 more 6 Debian Linux, Linux Kernel, Openeuler and 3 more 2025-04-02 6.8 Medium
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
CVE-2023-24021 3 Debian, Redhat, Trustwave 3 Debian Linux, Jboss Core Services, Modsecurity 2025-04-02 7.5 High
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVE-2024-54680 1 Redhat 1 Enterprise Linux 2025-04-02 4.4 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-24422 2 Jenkins, Redhat 3 Script Security, Ocp Tools, Openshift 2025-04-02 8.8 High
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CVE-2019-11287 5 Broadcom, Debian, Fedoraproject and 2 more 5 Rabbitmq Server, Debian Linux, Fedora and 2 more 2025-04-02 7.5 High
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
CVE-2019-11291 3 Broadcom, Redhat, Vmware 3 Rabbitmq Server, Openstack, Rabbitmq 2025-04-02 4.8 Medium
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
CVE-2022-25927 2 Redhat, Ua-parser-js Project 2 Rhmt, Ua-parser-js 2025-04-01 5.3 Medium
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
CVE-2024-4768 3 Debian, Mozilla, Redhat 8 Debian Linux, Firefox, Thunderbird and 5 more 2025-04-01 6.1 Medium
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-4767 3 Debian, Mozilla, Redhat 8 Debian Linux, Firefox, Thunderbird and 5 more 2025-04-01 4.3 Medium
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.