5 matches found
CVE-2025-1302
A flaw was found in jsonpath-plus. This vulnerability allows remote code execution RCE via improper input sanitization, exploiting the unsafe default usage of eval='safe' mode. Mitigation Red Hat Product Security recommends updating the vulnerable software to the latest version...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2021-3156
A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...
CVE-2017-5342
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
Moderate: Red Hat Security Advisory: ypserv security update
Updated ypserv packages fixing a denial of service vulnerability are now available. The ypserv package contains the Network Information Service NIS server. A vulnerability has been discovered in the ypserv NIS server prior to version 2.7. If a malicious client queries ypserv via TCP and...