Red Hat Linux OS and other open source products
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Red Hat product.
Products by Red Hat Sorted by Most Security Vulnerabilities since 2018
Red Hat Enterprise Linux Server1531 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
Red Hat Enterprise Linux Workstation1503 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.
Red Hat Enterprise Linux Desktop1493 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Recent Red Hat Security Advisories
Advisory | Title | Published |
---|---|---|
RHSA-2025:1487 | (RHSA-2025:1487) Important: updated discovery container images | February 13, 2025 |
RHSA-2025:1468 | (RHSA-2025:1468) Important: ACS 4.4 enhancement and security update | February 13, 2025 |
RHSA-2025:1454 | (RHSA-2025:1454) Moderate: Update Red Hat Developer Hub 1.3 to mitigate relevant CVEs | February 13, 2025 |
RHSA-2025:1446 | (RHSA-2025:1446) Moderate: nodejs:18 security update | February 13, 2025 |
RHSA-2025:1443 | (RHSA-2025:1443) Important: nodejs:20 security update | February 13, 2025 |
RHSA-2025:1437 | (RHSA-2025:1437) Important: kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 security update | February 13, 2025 |
RHSA-2025:1434 | (RHSA-2025:1434) Important: kpatch-patch-5_14_0-427_13_1, kpatch-patch-5_14_0-427_31_1, and kpatch-patch-5_14_0-427_44_1 security update | February 13, 2025 |
RHSA-2025:1433 | (RHSA-2025:1433) Important: kpatch-patch-5_14_0-503_15_1 security update | February 13, 2025 |
RHSA-2025:1413 | (RHSA-2025:1413) Important: Updated service-interconnect rhel9 container images for 1.8 | February 13, 2025 |
RHSA-2025:1118 | (RHSA-2025:1118) Important: OpenShift Container Platform 4.13.55 packages and security update | February 13, 2025 |
By the Year
In 2025 there have been 47 vulnerabilities in Red Hat with an average score of 7.5 out of ten. Last year, in 2024 Red Hat had 1564 security vulnerabilities published. Right now, Red Hat is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.91.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 47 | 7.53 |
2024 | 1564 | 6.62 |
2023 | 1182 | 6.80 |
2022 | 1344 | 6.98 |
2021 | 1091 | 6.67 |
2020 | 634 | 6.58 |
2019 | 756 | 6.93 |
2018 | 738 | 7.32 |
It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Security Vulnerabilities
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.
CVE-2022-31631
- February 12, 2025
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.
CVE-2022-31631
- February 12, 2025
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
server may fail to notice
CVE-2024-12797
- February 11, 2025
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that do, and take appropriate action, are not affected. This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
A flaw was found in npm-serialize-javascript
CVE-2024-11831
5.4 - Medium
- February 10, 2025
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
XSS
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification
CVE-2025-23085
- February 07, 2025
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
The Thunderbird Address Book URI fields contained unsanitized links
CVE-2025-1015
5.4 - Medium
- February 04, 2025
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the Other field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7.
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax
CVE-2025-0510
6.5 - Medium
- February 04, 2025
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6
CVE-2025-1017
9.8 - Critical
- February 04, 2025
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Memory Corruption
Memory safety bugs present in Firefox 134
CVE-2025-1016
9.8 - Critical
- February 04, 2025
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Memory Corruption
Certificate length was not properly checked when added to a certificate store
CVE-2025-1014
8.8 - High
- February 04, 2025
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Improper Certificate Validation
A race condition could have led to private browsing tabs being opened in normal browsing windows
CVE-2025-1013
- February 04, 2025
A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
A race during concurrent delazification could have led to a use-after-free
CVE-2025-1012
7.5 - High
- February 04, 2025
A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Dangling pointer
A bug in WebAssembly code generation could have lead to a crash
CVE-2025-1011
8.8 - High
- February 04, 2025
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash
CVE-2025-1010
8.8 - High
- February 04, 2025
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Dangling pointer
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash
CVE-2025-1009
9.8 - Critical
- February 04, 2025
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Dangling pointer
A vulnerability was found in CRI-O
CVE-2025-0750
6.6 - Medium
- January 28, 2025
A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.
Directory traversal
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
CVE-2022-49043
- January 26, 2025
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
A flaw was found in the Open Virtual Network (OVN)
CVE-2025-0650
- January 23, 2025
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
A vulnerability was found in `podman build` and `buildah
CVE-2024-11218
8.6 - High
- January 22, 2025
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Improper Privilege Management
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created
CVE-2025-23083
- January 22, 2025
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
Vulnerability in the Oracle Java SE
CVE-2025-21502
4.8 - Medium
- January 21, 2025
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Undici is an HTTP/1.1 client
CVE-2025-22150
- January 21, 2025
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
Use of Insufficiently Random Values
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl
CVE-2024-11029
- January 15, 2025
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.
Git LFS is a Git extension for versioning large files
CVE-2024-53263
- January 14, 2025
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time.
Injection
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18
CVE-2024-56374
- January 14, 2025
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
A flaw was found in rsync which could be triggered when rsync compares file checksums
CVE-2024-12085
7.5 - High
- January 14, 2025
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Buffer Overflow
.NET Remote Code Execution Vulnerability
CVE-2025-21171
7.5 - High
- January 14, 2025
.NET Remote Code Execution Vulnerability
Heap-based Buffer Overflow
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21172
7.5 - High
- January 14, 2025
.NET and Visual Studio Remote Code Execution Vulnerability
Integer Overflow or Wraparound
.NET Elevation of Privilege Vulnerability
CVE-2025-21173
7.3 - High
- January 14, 2025
.NET Elevation of Privilege Vulnerability
Creation of Temporary File in Directory with Insecure Permissions
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176
8.8 - High
- January 14, 2025
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Buffer Over-read
A vulnerability was found in Keycloak
CVE-2024-11736
4.9 - Medium
- January 14, 2025
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.
Exposure of Sensitive Information Through Environmental Variables
A denial of service vulnerability was found in Keycloak
CVE-2024-11734
6.5 - Medium
- January 14, 2025
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.
Protection Mechanism Failure
In Raptor RDF Syntax Library through 2.0.16
CVE-2024-57823
- January 10, 2025
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
ActiveSupport::EncryptedFile writes contents that will be encrypted to a
temporary file
CVE-2023-38037
- January 09, 2025
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately.
ActiveSupport::EncryptedFile writes contents that will be encrypted to a
temporary file
CVE-2023-38037
- January 09, 2025
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately.
There is a denial of service vulnerability in the header parsing component of Rack.
CVE-2023-27539
- January 09, 2025
There is a denial of service vulnerability in the header parsing component of Rack.
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
CVE-2023-28120
- January 09, 2025
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
There is a denial of service vulnerability in the header parsing component of Rack.
CVE-2023-27539
- January 09, 2025
There is a denial of service vulnerability in the header parsing component of Rack.
There is a denial of service vulnerability in the header parsing component of Rack.
CVE-2023-27539
- January 09, 2025
There is a denial of service vulnerability in the header parsing component of Rack.
There is a denial of service vulnerability in the header parsing component of Rack.
CVE-2023-27539
- January 09, 2025
There is a denial of service vulnerability in the header parsing component of Rack.
ActiveSupport::EncryptedFile writes contents that will be encrypted to a
temporary file
CVE-2023-38037
- January 09, 2025
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately.
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value
CVE-2023-28362
- January 09, 2025
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.
There is a denial of service vulnerability in the header parsing component of Rack.
CVE-2023-27539
- January 09, 2025
There is a denial of service vulnerability in the header parsing component of Rack.
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
CVE-2023-28120
- January 09, 2025
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
There is a denial of service vulnerability in the header parsing component of Rack.
CVE-2023-27539
- January 09, 2025
There is a denial of service vulnerability in the header parsing component of Rack.
There is a denial of service vulnerability in the header parsing component of Rack.
CVE-2023-27539
- January 09, 2025
There is a denial of service vulnerability in the header parsing component of Rack.
There is a denial of service vulnerability in the header parsing component of Rack.
CVE-2023-27539
- January 09, 2025
There is a denial of service vulnerability in the header parsing component of Rack.
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5
CVE-2025-0243
- January 07, 2025
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
Memory safety bugs present in Firefox 133
CVE-2025-0242
- January 07, 2025
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash
CVE-2025-0241
- January 07, 2025
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free
CVE-2025-0240
- January 07, 2025
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site
CVE-2025-0239
- January 07, 2025
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash
CVE-2025-0238
- January 07, 2025
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.
The WebChannel API
CVE-2025-0237
- January 07, 2025
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
Redis is an open source, in-memory database that persists on disk
CVE-2024-46981
- January 06, 2025
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Dangling pointer
Redis is an open source, in-memory database that persists on disk
CVE-2024-51741
- January 06, 2025
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
Improper Input Validation
go-git is a highly extensible git implementation library written in pure Go
CVE-2025-21613
- January 06, 2025
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.
Argument Injection
go-git is a highly extensible git implementation library written in pure Go
CVE-2025-21614
- January 06, 2025
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
Resource Exhaustion
OpenShift Build Process HostPath Volume Mount Vulnerability
CVE-2024-45497
7.6 - High
- December 31, 2024
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.
Incorrect Permission Assignment for Critical Resource
Apache MINA ObjectSerializationDecoder Remote Code Execution Vulnerability
CVE-2024-52046
9.8 - Critical
- December 25, 2024
The ObjectSerializationDecoder in Apache MINA uses Javas native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4. It's also important to note that an application using MINA core library will only be affected if the IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the ObjectSerializationCodecFactory class in the filter chain. If your application is specifically using those classes, you have to upgrade to the latest version of MINA core library. Upgrading will not be enough: you also need to explicitly allow the classes the decoder will accept in the ObjectSerializationDecoder instance, using one of the three new methods: /** * Accept class names where the supplied ClassNameMatcher matches for * deserialization, unless they are otherwise rejected. * * @param classNameMatcher the matcher to use */ public void accept(ClassNameMatcher classNameMatcher) /** * Accept class names that match the supplied pattern for * deserialization, unless they are otherwise rejected. * * @param pattern standard Java regexp */ public void accept(Pattern pattern) /** * Accept the wildcard specified classes for deserialization, * unless they are otherwise rejected. * * @param patterns Wildcard file name patterns as defined by * {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String) FilenameUtils.wildcardMatch} */ public void accept(String... patterns) By default, the decoder will reject *all* classes that will be present in the incoming data. Note: The FtpServer, SSHd and Vysper sub-project are not affected by this issue.
Marshaling, Unmarshaling
Linux Kernel Lockdown Bypass Vulnerability via Kexec with IMA Appraisal
CVE-2022-21505
6.7 - Medium
- December 24, 2024
In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Skupper Console Authentication Bypass and Resource Exhaustion Vulnerability
CVE-2024-12582
7.1 - High
- December 24, 2024
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.
Authentication Bypass by Primary Weakness
Jinja Template Engine Sandbox Escape Vulnerability in str.format Method
CVE-2024-56326
- December 23, 2024
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.
Protection Mechanism Failure
Jinja Template Engine Arbitrary Code Execution Vulnerability
CVE-2024-56201
- December 23, 2024
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
Improper Neutralization of Escape, Meta, or Control Sequences
Server-Side Request Forgery in Red Hat Satellite HTTP Proxy Connection Testing
CVE-2024-12840
5 - Medium
- December 20, 2024
A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.
SSRF
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
CVE-2024-2201
- December 19, 2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Spring Framework Path Traversal Vulnerability in WebMvc.fn and WebFlux.fn
CVE-2024-38819
- December 19, 2024
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
logback-core JaninoEventEvaluator Arbitrary Code Execution Vulnerability
CVE-2024-12798
- December 19, 2024
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege.
iperf v3.17.1 Segmentation Fault Vulnerability in iperf_exchange_parameters()
CVE-2024-53580
- December 18, 2024
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
An attacker can craft an input to the Parse functions
CVE-2024-45338
- December 18, 2024
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Envoy Proxy Null Pointer Dereference Vulnerability in HTTP/1 Server Abort Dispatch
CVE-2024-53270
- December 18, 2024
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold.
Always-Incorrect Control Flow Implementation
DPDK Vhost Library Out-of-Bounds Read Vulnerability in Checksum Offload Feature
CVE-2024-11614
- December 18, 2024
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
Out-of-bounds Read
OpenShift Container Platform: Incomplete Fix for Rapid Reset Vulnerability in OLM Catalogd Container
CVE-2024-12698
6.5 - Medium
- December 18, 2024
An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources.
Resource Exhaustion
Keycloak: Sensitive Information Disclosure in JGroups Replication Configuration
CVE-2024-10973
5.7 - Medium
- December 17, 2024
A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.
Cleartext Transmission of Sensitive Information
Apache Tomcat JSP Compilation TOCTOU Race Condition Vulnerability
CVE-2024-50379
- December 17, 2024
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
TOCTTOU
Quarkus-HTTP Cookie Parsing Vulnerability
CVE-2024-12397
7.4 - High
- December 12, 2024
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
HTTP Request Smuggling
The issue was addressed with improved checks
CVE-2024-54479
7.5 - High
- December 12, 2024
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved checks
CVE-2024-54502
6.5 - Medium
- December 12, 2024
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling
CVE-2024-54508
7.5 - High
- December 12, 2024
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
A type confusion issue was addressed with improved memory handling
CVE-2024-54505
8.8 - High
- December 12, 2024
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
Object Type Confusion
GStreamer is a library for constructing graphs of media-handling components
CVE-2024-47538
9.8 - Critical
- December 12, 2024
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
Memory Corruption
GStreamer is a library for constructing graphs of media-handling components
CVE-2024-47607
9.8 - Critical
- December 12, 2024
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
Memory Corruption
GStreamer is a library for constructing graphs of media-handling components
CVE-2024-47615
9.8 - Critical
- December 12, 2024
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
Memory Corruption
GStreamer is a library for constructing graphs of media-handling components
CVE-2024-47537
9.8 - Critical
- December 12, 2024
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
Memory Corruption
GStreamer is a library for constructing graphs of media-handling components
CVE-2024-47539
9.8 - Critical
- December 12, 2024
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
Memory Corruption
GStreamer is a library for constructing graphs of media-handling components
CVE-2024-47540
9.8 - Critical
- December 12, 2024
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.
Use of Uninitialized Resource
GStreamer is a library for constructing graphs of media-handling components
CVE-2024-47606
9.8 - Critical
- December 12, 2024
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.
Integer underflow