Lucene search
K
RedhatcveMost viewed

206354 matches found

RedhatCVE
RedhatCVE
•added 2023/03/01 1:59 p.m.•97 views

CVE-2022-4137

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...

8.1CVSS2.1AI score0.01149EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/18 6:10 a.m.•97 views

CVE-2022-3515

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

8.6CVSS6.4AI score0.01635EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/06/14 7:29 p.m.•97 views

CVE-2022-21127

A flaw was found in hw. Incomplete cleanup in specific special register read operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available options don...

5.6CVSS5.9AI score0.05465EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/20 8:28 a.m.•97 views

CVE-2022-21426

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS2.3AI score0.03028EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/19 9:3 p.m.•97 views

CVE-2021-35564

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS2.1AI score0.05241EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/16 3:7 p.m.•97 views

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security...

9.8CVSS1.8AI score0.05279EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/23 1:50 p.m.•97 views

CVE-2021-37159

A flaw use-after-free in the Linux kernel USB High Speed Mobile Devices functionality was found in the way user detaches USB device. A local user could use this flaw to crash the system or escalate their privileges on the system. Mitigation To mitigate this issue, prevent the module hso from bein...

6.4CVSS0.7AI score0.00391EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/07/18 10:7 p.m.•96 views

CVE-2024-38472

A flaw was found in httpd on Windows systems. This issue potentially allows NTLM hashes to be leaked to a malicious server via Server-side request forgery SSRF and malicious requests or content...

7.5CVSS8.2AI score0.6795EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/05/29 8:50 a.m.•96 views

CVE-2024-36472

A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...

7.5CVSS6.3AI score0.00299EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/04 7:32 p.m.•96 views

CVE-2024-24795

A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Mitigation Mitigation for this issue is either not available or the currently...

4CVSS7.2AI score0.02874EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/02 3:10 p.m.•96 views

CVE-2023-22102

A vulnerability was found in the MySQL Connectors product of Oracle MySQL component: Connector/J. This issue may allow unauthenticated attackers with network access via multiple protocols to compromise MySQL Connectors. Successful attacks can result in a takeover of MySQL Connectors...

8.3CVSS8.3AI score0.00872EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/18 7:33 a.m.•96 views

CVE-2023-30547

A flaw was found in the vm2 sandbox. When exception handling is triggered, an unsanitized host is not managed properly. This issue may allow an attacker to bypass the sandbox protections, which can lead to remote code execution on the hypervisor host or the host that is running the sandbox...

9.8CVSS9.4AI score0.72087EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2023/03/30 9:13 a.m.•96 views

CVE-2023-0465

A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that a...

5.3CVSS5.6AI score0.01583EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/02 4:38 p.m.•96 views

CVE-2022-3266

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...

5.3CVSS2.4AI score0.00293EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/12/23 8:34 a.m.•96 views

CVE-2022-23539

A flaw was found in the jsonwebtoken package. The affected versions of the jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm...

8.1CVSS3.9AI score0.00479EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/13 9:35 a.m.•96 views

CVE-2022-46908

A flaw was found in the SQLite package. SQLite could allow a local attacker to bypass security restrictions caused by an issue when relying on --safe for the execution of an untrusted CLI script, potentially leading to arbitrary file read/write...

7.3CVSS7.1AI score0.00425EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/11/07 9:56 p.m.•96 views

CVE-2022-3787

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

8.4CVSS7.6AI score0.00658EPSS
Exploits5References3
RedhatCVE
RedhatCVE
•added 2022/10/25 3:57 p.m.•96 views

CVE-2022-3650

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. This issue can lead to loss of confidentiality, integrity, and availability...

8.8CVSS7.4AI score0.00327EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/08/23 1:10 p.m.•96 views

CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rosebind function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7CVSS4.3AI score0.00299EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/17 11:12 a.m.•96 views

CVE-2022-2816

An out-of-bounds read vulnerability was found in Vim in the checkvim9unlet function in the vim9cmds.c file. This issue occurs because of invalid memory access when compiling the unlet command when a specially crafted input is processed. This flaw allows an attacker who can trick a user into openi...

7.8CVSS7.5AI score0.00513EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/08/04 1:36 p.m.•96 views

CVE-2022-36123

A memory access flaw was found in the Linux kernel’s XEN hypervisor for the virtual machine. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...

7.8CVSS4AI score0.00863EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/06/30 8:38 p.m.•96 views

CVE-2022-31045

A flaw was found in Istio. Memory access violation of ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access, resulting in undefined behavior or crashing...

9.8CVSS2.8AI score0.01014EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/03/29 3:37 a.m.•96 views

CVE-2022-1015

A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. Mitigation In order to trigger the issue, it requires the ability to create user/net namespaces. On non-containerized...

6.6CVSS6.4AI score0.01467EPSS
Exploits10References5
RedhatCVE
RedhatCVE
•added 2022/01/26 7:43 p.m.•96 views

CVE-2022-0359

A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large 'tabstop' in Ex mode, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s...

7.8CVSS5.5AI score0.01339EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/12 2:3 a.m.•96 views

CVE-2021-33193

A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity. Mitigation This flaw can be mitigated by disabling HTTP/2. More information available at:...

7.5CVSS0.4AI score0.46179EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/06/28 10:49 a.m.•96 views

CVE-2021-3623

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to...

6.1CVSS0.9AI score0.00316EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/21 11:26 a.m.•96 views

CVE-2020-36385

An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges. Mitigation Mitigation for this issue is either not available or the currently available options does not meet th...

7.8CVSS2.1AI score0.01476EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/10 6:13 p.m.•96 views

CVE-2021-3596

A NULL pointer dereference flaw was found in ImageMagick in ReadSVGImage in coders/svg.c . This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt and uses the value directly, which leads to a crash and segmentation fault...

6.5CVSS2.7AI score0.01894EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/21 6:14 p.m.•96 views

CVE-2021-33194

A flaw was found in golang. An attacker can craft an input to ParseFragment within parse.go that would cause it to enter an infinite loop and never return. The greatest threat to the system is of availability...

7.5CVSS3.2AI score0.07293EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2016/05/03 2:48 p.m.•96 views

CVE-2016-2108

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

10CVSS4AI score0.77906EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2024/02/19 5:50 p.m.•95 views

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

7.5CVSS7.5AI score0.04572EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/25 8:22 p.m.•95 views

CVE-2024-23898

A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint...

8.8CVSS6.7AI score0.66921EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2024/01/17 3:9 a.m.•95 views

CVE-2023-45230

A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. This particular weakness enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted DHCPv6 message...

8.8CVSS8.6AI score0.01213EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/11/23 1:57 a.m.•95 views

CVE-2023-46673

A flaw was found in Elasticsearch. A malicious script used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. Mitigation No mitigation is yet available for this flaw...

7.5CVSS6.8AI score0.00844EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/11/15 12:28 a.m.•95 views

CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...

4.6CVSS6.2AI score0.00931EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/10/26 6:27 p.m.•95 views

CVE-2023-31582

A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure. Mitigation No mitigation is currently available for this flaw...

6.8CVSS6.6AI score0.00644EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/08/29 2:16 p.m.•95 views

CVE-2022-48554

A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash. Mitigation Do not process untrusted...

5.5CVSS5.5AI score0.00656EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/05/31 8:42 a.m.•95 views

CVE-2023-3006

A known cache speculation vulnerability, the Branch History Injection BHI or Spectre-BHB, was found in new hw that are cores Cortex: A57, A72, A76, A77, A78, A78AE, A78C, A710, X1, X2; Neoverse: N1, N2, V1; Ampere1. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared...

5.5CVSS5.7AI score0.00264EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/30 9:13 a.m.•95 views

CVE-2023-0466

A flaw was found in OpenSSL. The X509VERIFYPARAMadd0policy function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass t...

5.3CVSS6AI score0.01625EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/24 1:7 p.m.•95 views

CVE-2023-0464

A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

5.9CVSS7.1AI score0.03658EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/09 6:56 a.m.•95 views

CVE-2022-39377

An arithmetic overflow issue was discovered in Sysstat on 32-bit systems. The allocatestructures function in sacommon.c insufficiently checks bounds before arithmetic multiplication, allowing an overflow in the size allocated for the buffer representing system activities. The vulnerability can be...

7.8CVSS8.7AI score0.01096EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/11/07 4:25 a.m.•95 views

CVE-2022-32888

A vulnerability was found in webkitgtk, where an out-of-bounds read was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS8.4AI score0.01144EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/19 1:18 p.m.•95 views

CVE-2022-42928

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...

8.8CVSS2.6AI score0.0083EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/10/18 10:40 a.m.•95 views

CVE-2022-42968

A flaw was found in Gitea. The self-hosted Git service does not sanitize and escape refs in the git backend. This issue could allow an attacker to craft arguments for the git commands, which will be mishandled...

9.8CVSS3.1AI score0.01051EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/07 6:1 p.m.•95 views

CVE-2022-34903

A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control...

5.9CVSS3.4AI score0.02551EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/06/08 4:7 p.m.•95 views

CVE-2022-23712

A flaw was found in Elasticsearch. This flaw allows an unauthenticated attacker to forcibly shut down an Elasticsearch node with a specifically formatted network request, affecting system availability...

7.5CVSS3.9AI score0.074EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/13 10:26 a.m.•95 views

CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS1.8AI score0.12403EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/05/07 2:0 p.m.•95 views

CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Mitigation Setting "gensec:requirepac=true" in the smb.conf makes, due to a cache prime in winbind, the DOMAIN\user lookup succeed, provided...

8.5CVSS7.9AI score0.01612EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/15 4:29 a.m.•95 views

CVE-2022-0582

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

9.8CVSS4.4AI score0.02047EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/07 11:59 a.m.•95 views

CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly. Mitigation...

7.8CVSS1.2AI score0.05528EPSS
Exploits12References4
Total number of security vulnerabilities5000