Search
Search Results (1729 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43800 | 2 Openjsf, Redhat | 11 Serve-static, Discovery, Network Observ Optr and 8 more | 2024-09-20 | 5 Medium |
| serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0. | ||||
| CVE-2024-45590 | 3 Expressjs, Openjsf, Redhat | 13 Body-parser, Body-parser, Advanced Cluster Security and 10 more | 2024-09-20 | 7.5 High |
| body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3. | ||||
| CVE-2024-43796 | 2 Openjsf, Redhat | 11 Express, Discovery, Network Observ Optr and 8 more | 2024-09-20 | 5 Medium |
| Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0. | ||||
| CVE-2024-8260 | 3 Microsoft, Openpolicyagent, Redhat | 3 Windows, Open Policy Agent, Openshift Distributed Tracing | 2024-09-19 | 6.1 Medium |
| A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions. | ||||
| CVE-2024-8391 | 3 Eclipse, Eclipse Foundation, Redhat | 6 Vert.x, Vert.x, Camel Quarkus and 3 more | 2024-09-12 | 7.5 High |
| In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) | ||||
| CVE-2024-39338 | 2 Axios, Redhat | 8 Axios, Discovery, Network Observ Optr and 5 more | 2024-08-23 | 4 Medium |
| axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. | ||||
| CVE-2024-42353 | 2 Pylonsproject, Redhat | 5 Webob, Ceph Storage, Openshift and 2 more | 2024-08-19 | 6.1 Medium |
| WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8. | ||||
| CVE-2016-1000023 | 1 Redhat | 2 Openshift, Rhel Software Collections | 2023-11-07 | N/A |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10540. Reason: This candidate is a reservation duplicate of CVE-2016-10540. Notes: All CVE users should reference CVE-2016-10540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
| CVE-2016-1000022 | 1 Redhat | 1 Openshift | 2023-11-07 | N/A |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||