Lucene search
K
RedhatcveMost viewed

206362 matches found

RedhatCVE
RedhatCVE
added 2019/10/29 4:14 a.m.42 views

CVE-2018-2618

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

5.9CVSS2.5AI score0.04721EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/10/28 10:20 p.m.42 views

CVE-2017-10078

It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions...

8.1CVSS2.5AI score0.02402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/10/14 12:21 p.m.42 views

CVE-2019-15921

A flaw was found in the genlregisterfamily function in the Linux kernel. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or t...

4.7CVSS1.5AI score0.00497EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2019/10/11 4:59 p.m.42 views

CVE-2017-7773

A heap-based buffer overflow flaw related to "lz4::decompress" src/Decompressor has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code...

7.5CVSS4.7AI score0.05216EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2019/10/11 3:33 p.m.42 views

CVE-2016-2126

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

6.5CVSS3AI score0.06585EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2019/10/10 5:40 p.m.42 views

CVE-2018-10899

A flaw was found in Jolokia, versions 1.2 through 1.6.0, where Jolokia did not correctly handle checking for origin and referrer headers when strict checking was enabled. An attacker could use this vulnerability to conduct cross-site request forgery or further attacks...

8.8CVSS3AI score0.02665EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/10/10 4:5 p.m.42 views

CVE-2017-10345

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS2AI score0.02442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/10/08 6:3 p.m.42 views

CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Mitigation Please refer to the "Mitigation" section of CVE-2018-16509 :...

9.3CVSS3.8AI score0.92499EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2019/10/08 3:56 a.m.42 views

CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

7.5CVSS2.6AI score0.02831EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2019/10/07 5:22 p.m.42 views

CVE-2018-21008

A use-after-free flaw was found in the Linux kernel's Redpine Signals driver implementation. A local attacker who is able force a module load rsisdio or usb plug/unplug could cause a system crash or memory corruption leading to privilege escalation. The highest threat from this vulnerability is t...

5.5CVSS1.7AI score0.00566EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/10/04 9:32 p.m.42 views

CVE-2009-1358

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...

10CVSS7.1AI score0.04396EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/08/30 1:29 a.m.42 views

CVE-2019-7614

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user...

5.9CVSS6.2AI score0.01008EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/08/30 12:28 a.m.42 views

CVE-2019-15807

A memory leak flaw was found in the Linux kernel. An error in the resource cleanup of the sasexdiscoverexpander function can allow an attacker to induce error conditions that could crash the system. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for th...

4.7CVSS0.7AI score0.00405EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/07/12 3:21 a.m.42 views

CVE-2019-10198

An authentication bypass vulnerability was discovered in Foreman. Previously, commit tasks were searched through findresource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover ...

6.5CVSS2.3AI score0.01599EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/04/09 1:50 p.m.42 views

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

10CVSS6.5AI score0.04923EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2019/04/04 3:20 a.m.42 views

CVE-2019-0222

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive...

7.5CVSS4.3AI score0.12357EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/01/03 6:49 a.m.42 views

CVE-2018-20346

Multiple flaws were found in sqlite. An attacker having the ability to run arbitrary SQL commands could use this flaw to execute arbitrary code with the permission of the user running the sqlite application...

8.1CVSS3.1AI score0.09683EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2018/12/18 10:22 a.m.42 views

CVE-2018-20097

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimageint.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...

6.5CVSS3.4AI score0.02287EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2018/12/03 3:20 p.m.42 views

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document...

9.3CVSS3.7AI score0.92499EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2018/09/06 4:49 a.m.42 views

CVE-2018-16542

It was discovered that ghostscript did not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...

9.3CVSS1.9AI score0.92499EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2018/07/03 3:18 p.m.42 views

CVE-2018-13093

An issue was discovered in the XFS filesystem in fs/xfs/xfsicache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that...

5.5CVSS3AI score0.01725EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/06/29 6:19 p.m.42 views

CVE-2018-10879

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image...

7.8CVSS3.5AI score0.00861EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2018/06/07 6:49 p.m.42 views

CVE-2016-1000342

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

7.5CVSS4.6AI score0.01782EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/06/06 2:51 p.m.42 views

CVE-2018-1000183

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

6.5CVSS4.1AI score0.01013EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/05/14 10:19 a.m.42 views

CVE-2017-15406

A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

8.8CVSS3.8AI score0.02203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/03/29 9:19 a.m.42 views

CVE-2017-17742

It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client. Mitigation The server can manually sanitize possibly...

5.3CVSS2.1AI score0.0576EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/02/28 7:48 p.m.42 views

CVE-2018-7182

The ctlgetitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10...

7.5CVSS5.5AI score0.2985EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2018/02/06 8:19 p.m.42 views

CVE-2018-4877

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution...

10CVSS5.3AI score0.89618EPSS
Exploits19References2
RedhatCVE
RedhatCVE
added 2018/01/17 2:21 p.m.42 views

CVE-2018-2645

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Performance Schema. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS4.8AI score0.02416EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/09/14 4:50 a.m.42 views

CVE-2017-13028

The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootpprint...

9.8CVSS3.3AI score0.03587EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/09/12 12:49 p.m.42 views

CVE-2017-14316

A parameter verification issue was discovered in Xen through 4.9.x. The function allocheappages allows callers to specify the first NUMA node that should be used for allocations through the memflags parameter; the node is extracted using the MEMFgetnode macro. While the function checks to see if...

8.8CVSS4.7AI score0.0041EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/07/26 8:18 p.m.42 views

CVE-2017-11626

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite...

5.5CVSS5AI score0.01214EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2017/07/24 1:18 p.m.42 views

CVE-2017-11335

A heap-based buffer overflow flaw was found within libtiff's tiff2pdf tool. A remote attacker could potentially exploit this flaw to execute arbitrary code by tricking a user into converting a specially crafted file using the tiff2pdf tool...

8.8CVSS5.5AI score0.0363EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2017/07/19 7:50 a.m.42 views

CVE-2017-10086

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JavaFX. Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

9.6CVSS2.6AI score0.02132EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/07/14 10:59 a.m.42 views

CVE-2017-1000095

The jenkins-plugin-script-security improperly whitelisted "DefaultGroovyMethods.putAtObject, String, Object" and "DefaultGroovyMethods.getAtObject, String" which allows attackers to bypass many restrictions and potentially trigger builds or access data they should not have access to. Exploitation...

8.8CVSS6AI score0.00818EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/07/07 2:52 p.m.42 views

CVE-2017-10922

The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service loss of grant trackability, aka XSA-224 bug 3. Mitigation Running only HVM guests will avoid this vulnerability...

10CVSS5.3AI score0.02549EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/07/07 9:19 a.m.42 views

CVE-2017-10806

Stack-based buffer overflow in hw/usb/redirect.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service QEMU process crash via vectors related to logging debug messages...

5.5CVSS4.1AI score0.00442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/03/22 2:17 a.m.42 views

CVE-2016-9042

A vulnerability was found in NTP, affecting the origin timestamp check function. An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service. Mitigation Implement...

5.9CVSS6.8AI score0.0396EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2017/03/15 11:48 a.m.42 views

CVE-2017-6874

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service use-after-free and system crash or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction betwee...

7CVSS6.9AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/02/09 9:48 a.m.42 views

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

7.8CVSS7.6AI score0.00425EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2017/01/24 4:47 p.m.42 views

CVE-2017-5551

A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAPFSETID, the setgid bit is cleared in inodechangeok. Setting a POSIX ACL via 'setxattr' sets the file permissions as well as...

4.4CVSS3AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/11/04 9:32 p.m.42 views

CVE-2016-7976

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams...

8.8CVSS7.3AI score0.23453EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/10/03 3:17 p.m.43 views

CVE-2016-1246

Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service crash via vectors related to an error message...

7.5CVSS5.1AI score0.0406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/09/19 1:48 p.m.42 views

CVE-2016-7417

ext/spl/splarray.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data...

9.8CVSS6.7AI score0.06842EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2016/09/19 12:48 p.m.42 views

CVE-2016-7412

ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted field metadata...

8.1CVSS5.9AI score0.0885EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.41 views

CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS7.5AI score0.02342EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.41 views

CVE-2020-36876

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running...

8.7CVSS6.8AI score0.00327EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/06 12:10 a.m.41 views

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

5.3CVSS6.3AI score0.08489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/12 5:3 a.m.41 views

CVE-2025-4496

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buff...

9.8CVSS7.1AI score0.00944EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/02 10:19 p.m.41 views

CVE-2024-30145

Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications...

6.5CVSS7.5AI score0.0021EPSS
Exploits0References3
Total number of security vulnerabilities5000