Lucene search
K
RedhatcveMost viewed

206311 matches found

RedhatCVE
RedhatCVE
added 2020/10/08 8:22 p.m.85 views

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

5.3CVSS2.4AI score0.08665EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/05/03 9:27 p.m.84 views

CVE-2022-48670

A security vulnerability was identified in the Linux kernel's PECI Platform Environment Control Interface subsystem, specifically within the CPU driver. The issue arises from a use-after-free condition in the adevrelease function...

5.5CVSS7.4AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/04/09 8:21 a.m.84 views

CVE-2024-3508

A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...

4.3CVSS6.9AI score0.00491EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/03/22 2:13 p.m.84 views

CVE-2024-29944

The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process...

8.8CVSS7.1AI score0.047EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/01/30 6:52 p.m.84 views

CVE-2023-4128

This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128...

7.8CVSS7.2AI score0.00565EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2023/10/27 7:45 a.m.84 views

CVE-2023-45960

An issue was found in org.dom4j that may allow a remote attacker to obtain sensitive information via the setFeature function. This CVE is currently disputed by the maintainers...

6.4AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/10/10 9:13 p.m.84 views

CVE-2023-44487

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS8AI score0.99999EPSS
Exploits19References8
RedhatCVE
RedhatCVE
added 2023/08/30 6:45 a.m.84 views

CVE-2023-4512

A denial of service vulnerability was found in Wireshark due to insufficient validation of user-supplied input in the CBOR protocol dissector. This issue could allow a remote attacker to inject a malformed packet onto the wire or persuade someone to read a corrupted packet trace file. The issue...

6.5CVSS7.2AI score0.00486EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/04/20 9:1 p.m.84 views

CVE-2023-30456

A flaw was found in the KVM's Intel nested virtualization feature nVMX. The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances i.e., kvmintel module loaded with parameters nested=1 and ept=0 this could allow a malicious guest ...

6CVSS6.6AI score0.0047EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/03/21 1:14 p.m.84 views

CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

5.5CVSS7.6AI score0.01162EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/03/02 6:29 a.m.84 views

CVE-2023-1127

A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution...

7.3CVSS7.2AI score0.00455EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/11/02 9:55 a.m.84 views

CVE-2022-3821

An off-by-one error flaw was found in systemd in the formattimespan function of time-util.c. This flaw allows an attacker to supply specific values for time and accuracy, leading to a buffer overrun in formattimespan, leading to a denial of service...

5.5CVSS4.6AI score0.00412EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/06/08 8:1 p.m.84 views

CVE-2022-29404

A flaw was found in the modlua module of httpd. A malicious request to a Lua script that calls parsebody0 can lead to a denial of service due to no default limit on the possible input size. Mitigation Disabling modlua and restarting httpd will mitigate this flaw...

7.5CVSS1.8AI score0.05678EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/20 11:37 p.m.84 views

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...

8.8CVSS3.9AI score0.04269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/11/19 5:56 p.m.84 views

CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

3.3CVSS4.6AI score0.00311EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/31 6:51 p.m.84 views

CVE-2021-3749

A Regular Expression Denial of Service ReDoS vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this...

7.8CVSS2.7AI score0.08515EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2021/08/18 2:33 p.m.84 views

CVE-2021-3717

A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...

7.8CVSS3.1AI score0.00299EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/07/29 1:19 p.m.84 views

CVE-2021-22144

A flaw was found in Elasticsearch. An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. This flaw allows a user who can submit arbitrary queries to Elasticsearch to create a malicious Grok query that crashes the...

6.5CVSS2.9AI score0.0166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/09/16 2:17 p.m.84 views

CVE-2020-9802

A logic issue was found in webkitgtk that affected WebKitGTK versions before 2.28.3 and WPE WebKit versions before 2.28.3. This flaw allows an attacker to process maliciously crafted web content that may lead to arbitrary code execution. The highest threat from this vulnerability is to...

6.8CVSS6.5AI score0.08207EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2020/04/07 11:35 a.m.84 views

CVE-2018-8897

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the...

7.8CVSS3.4AI score0.18404EPSS
Exploits9References2
RedhatCVE
RedhatCVE
added 2020/01/07 10:38 a.m.84 views

CVE-2018-1311

A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition DTD may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially...

8.1CVSS2.9AI score0.09503EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/07/25 4:3 p.m.83 views

CVE-2024-41110

A vulnerability was found in Authorization plugins in Docker Engine AuthZ. Using a specially-crafted API request, an Engine API client could make the daemon forward a request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a...

9.9CVSS9.2AI score0.16496EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2024/05/07 8:27 p.m.83 views

CVE-2024-34397

A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the...

3.8CVSS5.9AI score0.00756EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2024/04/12 7:50 p.m.83 views

CVE-2024-3651

A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the...

6.5CVSS6.8AI score0.01386EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2024/03/21 12:16 p.m.83 views

CVE-2024-29131

A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator. This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that...

4.4CVSS7AI score0.02054EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/01/02 5:30 a.m.83 views

CVE-2022-45146

A flaw was found in the FIPS Java API of Bouncy Castle BC-FJA. Affected versions of this package are vulnerable to Improper Authentication. Changes to the JVM garbage collector in Java 13 and later can trigger an issue in the BC-FJA FIPS modules, where it is possible for temporary keys used by th...

5.5CVSS5.3AI score0.00434EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/08/30 12:45 p.m.83 views

CVE-2021-32292

A flaw was found in the parseit function in jsonparse.c., a test app in the json-c library. The code error does not affect the library itself...

8.9AI score0.01071EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/07/25 3:47 p.m.83 views

CVE-2023-3776

A use-after-free vulnerability was found in fwsetparms in net/sched/clsfw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain loc...

7CVSS7.4AI score0.00517EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/07/17 5:8 p.m.83 views

CVE-2021-31294

A flaw was found in the Redis package. If a replica sends a SET command to its master during a failover, the master crashes on assertion...

5.9CVSS7.2AI score0.01309EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/04/11 7:29 p.m.83 views

CVE-2023-28484

A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing invalid XML schemas...

5.9CVSS6.6AI score0.01086EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/04/06 8:57 a.m.83 views

CVE-2021-3688

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...

4.8CVSS0.5AI score0.00472EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/01/26 8:35 a.m.83 views

CVE-2022-3488

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...

7.5CVSS2.7AI score0.19045EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/01/18 7:5 p.m.83 views

CVE-2006-20001

A flaw was found in the moddav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. Mitigation Disabling moddav and restarting httpd will mitigate this flaw...

7.5CVSS8AI score0.03546EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/12/27 7:4 p.m.83 views

CVE-2022-4379

A use-after-free vulnerability was found in nfs42sscopen in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...

7.5CVSS7.2AI score0.06346EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/11/04 10:26 a.m.83 views

CVE-2021-46848

An out-of-bounds read flaw was found in Libtasn1 due to an ETYPEOK off-by-one error in the asn1encodesimpleder function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly...

5.9CVSS4.2AI score0.02062EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/05/18 10:29 p.m.83 views

CVE-2022-29165

A flaw was found in the ArgoCD component of Red Hat GitOps, where an unauthenticated attacker can craft a malicious JWT token while ArgoCD's anonymous access is enabled and gains full access to the ArgoCD instance. This flaw allows the attacker to impersonate any ArgoCD user or role, fully...

10CVSS4.2AI score0.01857EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/03/17 5:51 p.m.83 views

CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Mitigation Mitigation for this issue is either not available or th...

7.8CVSS0.8AI score0.01169EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/23 2:35 a.m.83 views

CVE-2021-43826

A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service...

7.5CVSS0.6AI score0.01046EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/14 10:0 p.m.83 views

CVE-2021-46355

OCS Inventory 2.9.1 is affected by Cross Site Scripting XSS. To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting XSS...

6.1CVSS2.9AI score0.01066EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/07/18 1:55 a.m.83 views

CVE-2020-10673

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS3.5AI score0.07963EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/06/25 2:26 p.m.83 views

CVE-2020-28097

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles. When a local attacker attempts to scroll the console, calling an ioctl TIOCLSCROLLCONSOLE, an out-of-bounds memory access issue occurs. This flaw allows a local user with access to the VGA console to...

5.9CVSS1.3AI score0.00519EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2021/05/20 11:21 a.m.83 views

CVE-2021-31808

An integer overflow flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently available...

6.5CVSS1.9AI score0.05492EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/04/16 7:11 p.m.83 views

CVE-2021-3493

A flaw was found in the Linux kernel. The overlayfs stacking file system does not properly validate the application of file capabilities against user namespaces. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS2.5AI score0.43988EPSS
Exploits27References4
RedhatCVE
RedhatCVE
added 2021/03/13 10:6 p.m.83 views

CVE-2017-7494

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. Mitigation Any of the following: 1. SELinux is enabled by default and our default policy prevents loading of...

10CVSS2.6AI score0.99448EPSS
Exploits24References2
RedhatCVE
RedhatCVE
added 2017/08/30 6:18 a.m.83 views

CVE-2017-12149

It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization. This allows an attacker to execute arbitrary code via crafted serialized data. Mitigation Secure the access to the entire http-invoker contexts by...

9.8CVSS6.4AI score0.90713EPSS
Exploits14References1
RedhatCVE
RedhatCVE
added 2024/05/01 5:22 p.m.82 views

CVE-2024-26946

An unsafe read function was found in arch/x86/kernel/kprobes/core.c in the Linux kernel...

5.5CVSS6.5AI score0.00241EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/03/27 9:27 a.m.82 views

CVE-2024-2398

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

7.5CVSS7.1AI score0.36081EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/02/16 7:52 p.m.82 views

CVE-2023-52160

A flaw was found in wpasupplicant's implementation of PEAP. This issue may allow an attacker to skip the second phase of authentication when the target device has not been properly configured to verify the authentication server. By skipping the second phase of authentication, it’s easier for an...

6.5CVSS6.5AI score0.01177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/02/09 10:30 p.m.82 views

CVE-2023-50386

A flaw was found in Apache Solr. In the affected versions, ConfigSets accept uploading Java jar and class files through the ConfigSets API. When backing up Solr Collections, these ConfigSet files are saved to the disk when using the LocalFileSystemRepository the default for backups. If the backup...

7.5CVSS7.3AI score0.8384EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2024/02/05 4:43 a.m.82 views

CVE-2024-25062

A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. Mitigation Mitigation for this issue is either not available or the currently...

7.5CVSS7.3AI score0.01364EPSS
Exploits3References5
Total number of security vulnerabilities5000