Filtered by vendor Redhat
Subscriptions
Total
22025 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21319 | 2 Microsoft, Redhat | 5 .net, Identity Model, Visual Studio 2022 and 2 more | 2025-05-03 | 6.8 Medium |
| Microsoft Identity Denial of service vulnerability | ||||
| CVE-2024-0057 | 2 Microsoft, Redhat | 19 .net, .net Framework, Powershell and 16 more | 2025-05-03 | 9.1 Critical |
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | ||||
| CVE-2024-0056 | 2 Microsoft, Redhat | 21 .net, .net Framework, Microsoft.data.sqlclient and 18 more | 2025-05-03 | 8.7 High |
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | ||||
| CVE-2024-21404 | 2 Microsoft, Redhat | 5 Asp.net Core, Visual Studio 2022, Enterprise Linux and 2 more | 2025-05-03 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||
| CVE-2024-21386 | 2 Microsoft, Redhat | 4 Asp.net Core, Visual Studio 2022, Enterprise Linux and 1 more | 2025-05-03 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||
| CVE-2024-21392 | 2 Microsoft, Redhat | 4 .net, Powershell, Visual Studio 2022 and 1 more | 2025-05-03 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-30046 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2022, Enterprise Linux | 2025-05-03 | 5.9 Medium |
| Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-30045 | 2 Microsoft, Redhat | 4 .net, Powershell, Visual Studio 2022 and 1 more | 2025-05-03 | 6.3 Medium |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-38095 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2022, Enterprise Linux | 2025-05-02 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-30105 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2022, Enterprise Linux | 2025-05-02 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-35264 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2022, Enterprise Linux | 2025-05-02 | 8.1 High |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-38167 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2022, Enterprise Linux | 2025-05-02 | 6.5 Medium |
| .NET and Visual Studio Information Disclosure Vulnerability | ||||
| CVE-2024-7409 | 1 Redhat | 4 Advanced Virtualization, Enterprise Linux, Openshift and 1 more | 2025-05-02 | N/A |
| A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. | ||||
| CVE-2024-3446 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2025-05-02 | 8.2 High |
| A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. | ||||
| CVE-2024-27280 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2025-05-02 | 9.8 Critical |
| A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. | ||||
| CVE-2023-28362 | 1 Redhat | 1 Satellite | 2025-05-02 | 4 Medium |
| The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. | ||||
| CVE-2024-8176 | 1 Redhat | 4 Devworkspace, Enterprise Linux, Jboss Core Services and 1 more | 2025-05-02 | 7.5 High |
| A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. | ||||
| CVE-2025-32910 | 1 Redhat | 1 Enterprise Linux | 2025-05-02 | 6.5 Medium |
| A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash. | ||||
| CVE-2024-7318 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2025-05-02 | 4.8 Medium |
| A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid. | ||||
| CVE-2025-32912 | 1 Redhat | 1 Enterprise Linux | 2025-05-02 | 6.5 Medium |
| A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. | ||||