RedHatRHSA-2024:0789

HistoryFeb 12, 2024 - 4:00 p.m.

(RHSA-2024:0789) Important: Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 release (RHBQ 3.2.10.Final)

2024-02-1216:00:17

access.redhat.com

red hat build

apache camel

quarkus

security enhancements

denial of service

private key disclosure

prefix truncation attack

buffer overflow

cve-2023-4043

cve-2023-44483

cve-2023-48795

cve-2023-51074

7.7 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.10.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.

Security Fix(es):

parsson: Denial of Service due to large number parsing (CVE-2023-4043)
santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

redhat 11

ibm 31

cve 3

osv 15

debiancve 3

cvelist 3

cgr 3

nessus 42

github 3

nvd 4

prion 3

ubuntucve 2

veracode 3

redhatcve 3

wolfi 2

cbl_mariner 6

ubuntu 4

atlassian 1

openvas 36

fedora 3

oraclelinux 3

freebsd 2

cloudfoundry 1

debian 2

mageia 2

alpinelinux 1

redos 2

f5 1

freebsd_advisory 1

amazon 1

thn 1

hackerone 1

redhat

(RHSA-2024:0722) Important: Red Hat build of Quarkus 3.2.10 release and security update

2024-02-12 15:22:24

(RHSA-2024:0792) Moderate: Red Hat Integration Camel for Spring Boot 3.20.5 release and security update

2024-02-12 17:32:14

(RHSA-2024:1192) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.1 security update

2024-03-06 15:25:45

ibm

Security Bulletin: Json-path is vulnerable to CVE-2023-51074 used in IBM Maximo Application Suite - Monitor Component

2024-02-27 16:17:23

Security Bulletin: IBM Asset Data Dictionary Component uses json-path-2.6.0.jar which is vulnerable to CVE-2023-51074.

2024-02-06 13:00:15

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow Event Emitters - CVE-2023-51074

2024-03-01 16:31:18

cve

CVE-2023-51074

2023-12-27 21:15:08

CVE-2023-44483

2023-10-20 10:15:12

CVE-2023-4043

2023-11-03 09:15:13

osv

json-path Out-of-bounds Write vulnerability

2023-12-27 21:31:01

Apache Santuario - XML Security for Java are vulnerable to private key disclosure

2023-10-20 12:31:04

CVE-2023-51074

2023-12-27 21:15:08

debiancve

CVE-2023-51074

2023-12-27 21:15:08

CVE-2023-44483

2023-10-20 10:15:12

CVE-2023-48795

2023-12-18 16:15:10

cvelist

CVE-2023-51074

2023-12-27 00:00:00

CVE-2023-44483 Apache Santuario: Private Key disclosure in debug-log output

2023-10-20 09:23:53

CVE-2023-4043 Parsson DoS when parsing numbers from untrusted sources

2023-11-03 08:11:39

cgr

CVE-2023-51074 vulnerabilities

2024-05-19 03:07:16

CVE-2023-44483 vulnerabilities

2024-05-19 03:07:16

CVE-2023-48795 vulnerabilities

2024-05-19 03:07:16

nessus

RHEL 6 : json-path (Unpatched Vulnerability)

2024-06-03 00:00:00

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1193)

2024-03-06 00:00:00

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1192)

2024-03-06 00:00:00

github

Apache Santuario - XML Security for Java are vulnerable to private key disclosure

2023-10-20 12:31:04

json-path Out-of-bounds Write vulnerability

2023-12-27 21:31:01

Eclipse Parsson Denial of Service vulnerability

2023-11-03 09:32:49

nvd

CVE-2023-44483

2023-10-20 10:15:12

CVE-2023-51074

2023-12-27 21:15:08

CVE-2023-4043

2023-11-03 09:15:13

prion

Stack overflow

2023-12-27 21:15:00

Code injection

2023-10-20 10:15:00

Input validation

2023-11-03 09:15:00

ubuntucve

CVE-2023-51074

2023-12-27 00:00:00

CVE-2023-44483

2023-10-20 00:00:00

veracode

Denial Of Service (DoS)

2023-12-29 11:32:43

Information Disclosure

2023-10-25 08:59:16

Denial Of Service (DoS)

2023-11-07 05:32:30

redhatcve

CVE-2023-51074

2023-12-28 06:30:40

CVE-2023-44483

2023-10-27 12:29:31

CVE-2023-4043

2023-12-14 18:33:38

wolfi

CVE-2023-51074 vulnerabilities

2024-06-11 03:08:01

CVE-2023-44483 vulnerabilities

2024-06-11 03:08:01

cbl_mariner

CVE-2023-48795 affecting package kubevirt for versions less than null

2024-01-10 08:19:37

CVE-2023-48795 affecting package moby-cli for versions less than 20.10.27-2

2024-01-19 03:54:24

CVE-2023-48795 affecting package libssh for versions less than 0.10.6-1

2024-01-14 22:46:30

ubuntu

FileZilla vulnerability

2024-01-18 00:00:00

libssh2 vulnerability

2024-01-15 00:00:00

LXD vulnerability

2024-04-22 00:00:00

atlassian

CVE-2023-48795 vulnerability on SSH

2024-01-04 17:19:13

openvas

Fedora: Security Advisory for golang-x-crypto (FEDORA-2024-7b08207cdb)

2024-01-18 00:00:00

Fedora: Security Advisory for proftpd (FEDORA-2023-b87ec6cf47)

2023-12-30 00:00:00

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1217)

2024-03-12 00:00:00

fedora

[SECURITY] Fedora 39 Update: putty-0.80-1.fc39

2024-01-11 01:17:14

[SECURITY] Fedora 38 Update: podman-tui-0.15.0-1.fc38

2023-12-29 01:05:34

[SECURITY] Fedora 39 Update: podman-4.8.3-1.fc39

2024-01-09 01:46:45

oraclelinux

buildah security update

2024-03-07 00:00:00

openssh security update

2024-03-18 00:00:00

libssh security update

2024-02-01 00:00:00

freebsd

jenkins -- Terrapin SSH vulnerability in Jenkins CLI client

2024-04-17 00:00:00

FreeBSD -- Prefix Truncation Attack in the SSH protocol

2023-12-19 00:00:00

cloudfoundry

USN-6561-1: libssh vulnerability | Cloud Foundry

2024-04-04 00:00:00

debian

[SECURITY] [DSA 5600-1] php-phpseclib security update

2024-01-12 07:13:37

[SECURITY] [DLA 3730-1] python-asyncssh security update

2024-02-01 00:22:40

mageia

Updated erlang packages fix a security vulnerability (Terrapin Attack)

2024-01-20 01:43:32

Updated proftpd packages fix a security vulnerability

2023-12-29 20:16:34

alpinelinux

CVE-2023-48795

2023-12-18 16:15:10

redos

ROS-20240408-15

2024-04-08 00:00:00

ROS-20240409-04

2024-04-09 00:00:00

K000138264 : SSH vulnerability CVE-2023-48795

2024-01-17 00:00:00

freebsd_advisory

FreeBSD-SA-23:19.openssh

2023-12-19 00:00:00

amazon

Medium: openssh

2023-12-18 09:20:00

thn

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

2024-01-01 09:37:00

hackerone

Nextcloud: Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com

2024-04-04 01:18:35

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.7 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

Related for RHSA-2024:0789