Search Results (786 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-24783 1 Redhat 23 Advanced Cluster Security, Ansible Automation Platform, Ceph Storage and 20 more 2026-04-15 5.9 Medium
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
CVE-2024-24784 2 Go Standard Library, Redhat 14 Net\/mail, Advanced Cluster Security, Ceph Storage and 11 more 2026-04-15 7.5 High
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
CVE-2021-4472 1 Redhat 1 Openstack 2026-04-15 6.5 Medium
The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.
CVE-2024-24788 1 Redhat 15 Ansible Automation Platform, Ceph Storage, Cost Management and 12 more 2026-04-15 5.9 Medium
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
CVE-2024-34155 1 Redhat 15 Ceph Storage, Cost Management, Cryostat and 12 more 2026-04-15 4.3 Medium
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CVE-2024-24785 1 Redhat 18 Ceph Storage, Enterprise Linux, Kube Descheduler Operator and 15 more 2026-04-15 5.4 Medium
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
CVE-2025-43859 1 Redhat 2 Ansible Automation Platform, Openstack 2026-04-15 9.1 Critical
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
CVE-2023-45288 3 Go Standard Library, Golang, Redhat 33 Net\/http, Http2, Acm and 30 more 2026-04-15 7.5 High
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CVE-2024-43167 1 Redhat 3 Enterprise Linux, Openshift, Openstack 2026-04-15 2.8 Low
DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.
CVE-2013-0270 2 Openstack, Redhat 2 Keystone, Openstack 2026-04-07 6.5 Medium
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
CVE-2012-5571 2 Openstack, Redhat 3 Essex, Folsom, Openstack 2026-04-07 5.4 Medium
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
CVE-2022-32148 2 Golang, Redhat 19 Go, Acm, Application Interconnect and 16 more 2026-03-06 6.5 Medium
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
CVE-2022-30629 2 Golang, Redhat 15 Go, Acm, Ceph Storage and 12 more 2026-03-06 3.1 Low
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
CVE-2022-30635 2 Golang, Redhat 15 Go, Acm, Ceph Storage and 12 more 2026-03-06 7.5 High
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
CVE-2022-30630 2 Golang, Redhat 17 Go, Acm, Application Interconnect and 14 more 2026-03-06 7.5 High
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
CVE-2022-1705 2 Golang, Redhat 22 Go, Acm, Application Interconnect and 19 more 2026-03-06 6.5 Medium
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
CVE-2025-27516 3 Debian, Palletsprojects, Redhat 11 Debian Linux, Jinja, Ansible Automation Platform and 8 more 2026-02-26 8.8 High
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.
CVE-2024-8007 1 Redhat 2 Openstack, Openstack Platform 2026-02-25 8.1 High
A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
CVE-2023-6725 1 Redhat 2 Openstack, Openstack Platform 2026-02-25 5.5 Medium
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.
CVE-2019-11253 2 Kubernetes, Redhat 5 Kubernetes, Openshift, Openshift Container Platform and 2 more 2026-02-24 7.5 High
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.