6100 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

28 Mar 2025 — A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API. • https://access.redhat.com/security/cve/CVE-2024-6875 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

28 Mar 2025 — A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities. • https://access.redhat.com/security/cve/CVE-2025-2901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

28 Mar 2025 — A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams. • https://access.redhat.com/security/cve/CVE-2025-2877 • CWE-1295: Debug Messages Revealing Unnecessary Information •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

27 Mar 2025 — A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31181 • CWE-476: NULL Pointer Dereference •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

27 Mar 2025 — A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31180 • CWE-476: NULL Pointer Dereference •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

27 Mar 2025 — A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. • https://access.redhat.com/security/cve/CVE-2025-31179 • CWE-476: NULL Pointer Dereference •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

27 Mar 2025 — A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31178 • CWE-476: NULL Pointer Dereference •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

27 Mar 2025 — A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31176 • CWE-476: NULL Pointer Dereference •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

25 Mar 2025 — A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system. • https://access.redhat.com/security/cve/CVE-2025-2559 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

19 Mar 2025 — A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths. • https://access.redhat.com/security/cve/CVE-2024-7631 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •