Lucene search
K
RedhatcveMost viewed

206362 matches found

RedhatCVE
RedhatCVE
•added 2022/02/17 3:47 p.m.•91 views

CVE-2022-25173

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

8.8CVSS3.8AI score0.01422EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/22 5:7 p.m.•91 views

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

7.8CVSS3.5AI score0.00396EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/06/08 3:49 a.m.•91 views

CVE-2021-30641

A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity. Mitigation This issue can be mitigated by setting the "MergeSlashes" directive to OFF...

5.9CVSS1.2AI score0.52331EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/06/03 6:12 a.m.•91 views

CVE-2021-3551

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...

7.8CVSS2.1AI score0.00183EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/09 4:45 p.m.•91 views

CVE-2020-25705

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...

7.4CVSS0.2AI score0.06692EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/03/16 6:46 p.m.•90 views

CVE-2024-22259

A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL...

8.1CVSS7.8AI score0.02573EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/01/17 7:30 p.m.•90 views

CVE-2023-6596

An incomplete fix was shipped for the Rapid Reset CVE-2023-44487/CVE-2023-39325 vulnerability for an OpenShift Containers...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References3
RedhatCVE
RedhatCVE
•added 2024/01/10 5:31 a.m.•90 views

CVE-2023-6129

A flaw was found in in the POLY1305 MAC message authentication code implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate t...

6.5CVSS6.9AI score0.02323EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/09/05 3:14 p.m.•90 views

CVE-2023-40188

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalLumaToYUV444 function. This Out-Of-Bounds Read occurs because processing is done on the in variable without checking if it...

7.5CVSS7AI score0.01247EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/06/14 11:29 a.m.•90 views

CVE-2022-1972

CVE-2022-1972 is duplicate of CVE-2022-2078, so please consider CVE-2022-2078 instead. https://access.redhat.com/security/cve/CVE-2022-2078...

5.5CVSS0.3AI score0.01013EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/10/19 9:3 p.m.•90 views

CVE-2021-35559

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS2.3AI score0.14839EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/04 7:22 a.m.•90 views

CVE-2021-3681

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the buildignore list in "galaxy.yml" include files in the .tar.gz file. This contains sensitive info, such as the user's Ansible Galaxy A...

5.5CVSS1.3AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/25 9:33 a.m.•90 views

CVE-2020-28362

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...

7.5CVSS6.2AI score0.03813EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/14 6:22 p.m.•90 views

CVE-2021-20303

There is a flaw in OpenEXR's dataWindowForTile function. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potenti...

6.1CVSS3.6AI score0.00809EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/06 6:26 p.m.•90 views

CVE-2021-26920

A flaw was found in druid. The HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the druid server process. The highest threat from this vulnerability is to data confidentiality...

6.5CVSS4AI score0.09877EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/27 7:15 a.m.•90 views

CVE-2021-25217

A flaw was found in the Dynamic Host Configuration Protocol DHCP. There is a discrepancy between the code that handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. This flaw...

8.8CVSS1.4AI score0.06118EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/02/16 6:20 p.m.•89 views

CVE-2024-23807

Apache issued this CVE to indicate the correct versions of xerces-c, which included the fix for CVE-2018-1311. See the older CVE page for fix status...

8.1CVSS6.7AI score0.09503EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2024/01/17 9:14 a.m.•89 views

CVE-2024-20952

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.2AI score0.00918EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/31 11:33 p.m.•89 views

CVE-2023-46604

A flaw was found in Apache ActiveMQ, specifically the OpenWire Module. This flaw may allow a remote malicious user to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker to instantiate any class on the classpath. This issue happens when...

9.8CVSS9.5AI score0.99654EPSS
Exploits31References6
RedhatCVE
RedhatCVE
•added 2023/07/03 3:48 a.m.•89 views

CVE-2023-36632

Disputed A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untruste...

7.6AI score0.01584EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/06/26 6:48 p.m.•89 views

CVE-2023-2585

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

3.5CVSS7.5AI score0.00694EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/01/18 8:35 a.m.•89 views

CVE-2023-21835

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

5.3CVSS4.7AI score0.01836EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/13 2:29 p.m.•89 views

CVE-2022-31629

A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser,...

6.5CVSS7.8AI score0.49336EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/08/19 8:38 a.m.•89 views

CVE-2022-2738

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code executio...

7.5CVSS4.1AI score0.05071EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/07/27 3:54 p.m.•89 views

CVE-2022-32744

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover...

8.8CVSS3.3AI score0.00956EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/07 2:29 a.m.•89 views

CVE-2022-29885

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

7.5CVSS2.3AI score0.73139EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2022/03/23 9:3 p.m.•90 views

CVE-2022-24773

A flaw was found in the node-forge library when verifying the signature on the ASN.1 structure in RSA PKCS1 v1.5. This flaw allows an attacker to obtain successful verification for invalid DigestInfo structure, affecting the integrity of the attacked resource...

5.3CVSS5.4AI score0.00875EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/15 10:45 a.m.•89 views

CVE-2021-4219

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system...

7.5CVSS4.5AI score0.00961EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/13 7:17 p.m.•89 views

CVE-2021-3753

A race problem was seen in the vtkioctl in drivers/tty/vt/vtioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vcmode is not protected by lock-in vtioctl KDSETMDE. The highest threat from this vulnerability is to data confidentiality. Mitigation...

4.7CVSS1.7AI score0.00364EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2021/09/12 12:17 p.m.•89 views

CVE-2021-3744

A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issu...

5.5CVSS1.8AI score0.00533EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/19 7:35 a.m.•89 views

CVE-2021-23156

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

7.5CVSS7.7AI score0.03464EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/15 1:51 a.m.•89 views

CVE-2021-3644

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly...

3.3CVSS4.4AI score0.00761EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/07 11:33 a.m.•89 views

CVE-2018-8034

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS3.2AI score0.213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2023/11/10 10:44 a.m.•88 views

CVE-2023-5869

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

8.8CVSS8.8AI score0.04322EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/02 3:57 a.m.•88 views

CVE-2023-46724

A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using --with-openssl is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by...

7.5CVSS7.2AI score0.04012EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/09/28 6:54 a.m.•88 views

CVE-2023-43115

A vulnerability was found in Artifex Ghostscript in gdevijs.c, allows a malicious remote attacker to perform remote code execution via crafted PostScript documents...

8.8CVSS7.8AI score0.0468EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/12 12:24 p.m.•88 views

CVE-2023-4874

A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. Mitigation Mitigation for this issue is either not availab...

5.7CVSS6.6AI score0.00719EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/12/14 2:32 p.m.•88 views

CVE-2022-45046

This flaw targets the camel-ldap package. According to the maintainers this CVE should be retracted soon. Mitigation Maintainers have added a documentation detail regarding LDAP Injection in Camel LDAP component. Please check the link for more information...

1.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/15 6:40 p.m.•88 views

CVE-2022-2601

A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention...

8.2CVSS2.3AI score0.00514EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/31 7:25 p.m.•88 views

CVE-2022-3704

A self cross-site scripting vulnerability was found in Ruby on Rails. This issue occurs when requesting a page that does not have a matching routing, allowing a user to create a script injection within the routing error page...

5.4CVSS2.8AI score0.0068EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/10/19 9:47 a.m.•88 views

CVE-2022-21619

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

3.7CVSS2.3AI score0.02376EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/26 4:48 a.m.•88 views

CVE-2022-26929

A remote code execution vulnerability was found in dotnet. This flaw allows an attacker to perform arbitrary code execution, leading to a local attack on a user’s system...

7.8CVSS4.9AI score0.01319EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/11 3:47 p.m.•88 views

CVE-2022-32084

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component subselect...

7.5CVSS3.3AI score0.01985EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/07/08 6:43 p.m.•88 views

CVE-2022-32212

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

7.5CVSS3.9AI score0.32362EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/23 11:19 a.m.•88 views

CVE-2022-1729

A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERFTYPETRACEPOINT and sub PERFEVENTHARDWARE plus the PERFEVENTSOFTWARE using the perfeventopen function with these thr...

7.4CVSS6.4AI score0.0031EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/26 2:37 p.m.•88 views

CVE-2022-1466

A flaw was found in Keycloak. The Red Hat Single Sign-On allowed authed users to perform actions outside their permissions. This flaw makes adding users to the master realm possible even though no respective permission was granted...

6.5CVSS2.7AI score0.01035EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/19 4:4 p.m.•88 views

CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS4.1AI score0.01018EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/18 9:49 p.m.•88 views

CVE-2022-21360

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5.3CVSS4.7AI score0.03486EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/21 5:4 p.m.•88 views

CVE-2021-44224

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

8.2CVSS0.7AI score0.82295EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/07 8:38 a.m.•88 views

CVE-2021-3715

A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...

7.8CVSS1.4AI score0.00353EPSS
Exploits2References4
Total number of security vulnerabilities5000