Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2022/03/16 8:52 p.m.•85 views

CVE-2021-25220

A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a remote high...

6.8CVSS6.7AI score0.0325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/11 2:16 p.m.•85 views

CVE-2022-26353

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage, use-after-free or other unexpected results. A malicious privileged guest could exploit...

7.5CVSS1.8AI score0.02701EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/19 5:56 p.m.•85 views

CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

3.3CVSS4.6AI score0.00319EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/01 12:36 a.m.•85 views

CVE-2021-42574

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.5CVSS2.3AI score0.12205EPSS
Exploits4References7
RedhatCVE
RedhatCVE
•added 2021/10/19 9:25 p.m.•85 views

CVE-2021-35567

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attack...

6.8CVSS1.8AI score0.027EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/31 6:51 p.m.•85 views

CVE-2021-3749

A Regular Expression Denial of Service ReDoS vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this...

7.8CVSS2.7AI score0.08515EPSS
Exploits2References5
RedhatCVE
RedhatCVE
•added 2021/08/31 3:31 p.m.•85 views

CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

6.5CVSS1.8AI score0.04675EPSS
Exploits1References7
RedhatCVE
RedhatCVE
•added 2021/08/03 6:22 a.m.•85 views

CVE-2021-36217

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3502. Reason: This candidate is a duplicate of CVE-2021-3502. Notes: All CVE users should reference CVE-2021-3502 instead of this candidate. A...

6.2CVSS5.7AI score0.00374EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/14 1:25 a.m.•85 views

CVE-2021-30547

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...

8.8CVSS3.3AI score0.03582EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/08 8:52 a.m.•85 views

CVE-2020-36400

A flaw has been identified in zeromq. A heap-based buffer overflow is possible in zmq::tcpread by resizing a fixed static allocator. The highest threat from this vulnerability is to system availability...

9.8CVSS8.5AI score0.01842EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/20 5:45 p.m.•85 views

CVE-2020-15522

A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...

5.9CVSS1.9AI score0.01522EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/11/18 10:26 a.m.•85 views

CVE-2020-26217

A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application...

9.3CVSS2.2AI score0.85001EPSS
Exploits8References3
RedhatCVE
RedhatCVE
•added 2020/10/08 8:22 p.m.•85 views

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

5.3CVSS2.4AI score0.08665EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/01/07 10:38 a.m.•85 views

CVE-2018-1311

A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition DTD may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially...

8.1CVSS2.9AI score0.09503EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/12 7:50 p.m.•84 views

CVE-2024-3651

A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the...

6.5CVSS6.8AI score0.01386EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/04/09 8:21 a.m.•84 views

CVE-2024-3508

A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...

4.3CVSS6.9AI score0.00491EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/03/22 2:13 p.m.•84 views

CVE-2024-29944

The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process...

8.8CVSS7.1AI score0.047EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/16 7:52 p.m.•84 views

CVE-2023-52160

A flaw was found in wpasupplicant's implementation of PEAP. This issue may allow an attacker to skip the second phase of authentication when the target device has not been properly configured to verify the authentication server. By skipping the second phase of authentication, it’s easier for an...

6.5CVSS6.5AI score0.01177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/30 6:52 p.m.•84 views

CVE-2023-4128

This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128...

7.8CVSS7.2AI score0.00565EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/10/10 9:13 p.m.•84 views

CVE-2023-44487

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS8AI score0.99999EPSS
Exploits19References8
RedhatCVE
RedhatCVE
•added 2023/08/30 6:45 a.m.•84 views

CVE-2023-4512

A denial of service vulnerability was found in Wireshark due to insufficient validation of user-supplied input in the CBOR protocol dissector. This issue could allow a remote attacker to inject a malformed packet onto the wire or persuade someone to read a corrupted packet trace file. The issue...

6.5CVSS7.2AI score0.00486EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/07/25 3:47 p.m.•84 views

CVE-2023-3776

A use-after-free vulnerability was found in fwsetparms in net/sched/clsfw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain loc...

7CVSS7.4AI score0.00517EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/17 5:8 p.m.•84 views

CVE-2021-31294

A flaw was found in the Redis package. If a replica sends a SET command to its master during a failover, the master crashes on assertion...

5.9CVSS7.2AI score0.01309EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/04/06 8:57 a.m.•84 views

CVE-2021-3688

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...

4.8CVSS0.5AI score0.00472EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/21 1:14 p.m.•84 views

CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

5.5CVSS7.6AI score0.01162EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/02 6:29 a.m.•84 views

CVE-2023-1127

A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution...

7.3CVSS7.2AI score0.00455EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/11/04 10:26 a.m.•84 views

CVE-2021-46848

An out-of-bounds read flaw was found in Libtasn1 due to an ETYPEOK off-by-one error in the asn1encodesimpleder function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly...

5.9CVSS4.2AI score0.02062EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/05/20 11:37 p.m.•84 views

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...

8.8CVSS3.9AI score0.04269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/03/17 5:51 p.m.•84 views

CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Mitigation Mitigation for this issue is either not available or th...

7.8CVSS0.8AI score0.01169EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/23 2:35 a.m.•84 views

CVE-2021-43826

A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service...

7.5CVSS0.6AI score0.01046EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/18 2:33 p.m.•84 views

CVE-2021-3717

A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...

7.8CVSS3.1AI score0.00299EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/18 1:55 a.m.•84 views

CVE-2020-10673

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS3.5AI score0.07963EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/20 11:21 a.m.•84 views

CVE-2021-31808

An integer overflow flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently available...

6.5CVSS1.9AI score0.05492EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/03/13 10:6 p.m.•84 views

CVE-2017-7494

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. Mitigation Any of the following: 1. SELinux is enabled by default and our default policy prevents loading of...

10CVSS2.6AI score0.99448EPSS
Exploits24References2
RedhatCVE
RedhatCVE
•added 2020/09/16 2:17 p.m.•84 views

CVE-2020-9802

A logic issue was found in webkitgtk that affected WebKitGTK versions before 2.28.3 and WPE WebKit versions before 2.28.3. This flaw allows an attacker to process maliciously crafted web content that may lead to arbitrary code execution. The highest threat from this vulnerability is to...

6.8CVSS6.5AI score0.08207EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2020/04/07 11:35 a.m.•84 views

CVE-2018-8897

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the...

7.8CVSS3.4AI score0.18404EPSS
Exploits9References2
RedhatCVE
RedhatCVE
•added 2017/08/30 6:18 a.m.•84 views

CVE-2017-12149

It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization. This allows an attacker to execute arbitrary code via crafted serialized data. Mitigation Secure the access to the entire http-invoker contexts by...

9.8CVSS6.4AI score0.90713EPSS
Exploits14References1
RedhatCVE
RedhatCVE
•added 2024/07/25 4:3 p.m.•83 views

CVE-2024-41110

A vulnerability was found in Authorization plugins in Docker Engine AuthZ. Using a specially-crafted API request, an Engine API client could make the daemon forward a request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a...

9.9CVSS9.2AI score0.16496EPSS
Exploits0References15
RedhatCVE
RedhatCVE
•added 2024/05/07 8:27 p.m.•83 views

CVE-2024-34397

A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the...

3.8CVSS5.9AI score0.00756EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2024/03/27 9:27 a.m.•83 views

CVE-2024-2398

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

7.5CVSS7.1AI score0.36081EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/03/21 12:16 p.m.•83 views

CVE-2024-29131

A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator. This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that...

4.4CVSS7AI score0.02054EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/02/09 10:30 p.m.•83 views

CVE-2023-50386

A flaw was found in Apache Solr. In the affected versions, ConfigSets accept uploading Java jar and class files through the ConfigSets API. When backing up Solr Collections, these ConfigSet files are saved to the disk when using the LocalFileSystemRepository the default for backups. If the backup...

7.5CVSS7.3AI score0.8384EPSS
Exploits4References3
RedhatCVE
RedhatCVE
•added 2024/02/05 4:43 a.m.•83 views

CVE-2024-25062

A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. Mitigation Mitigation for this issue is either not available or the currently...

7.5CVSS7.3AI score0.01364EPSS
Exploits3References5
RedhatCVE
RedhatCVE
•added 2023/11/28 1:28 p.m.•83 views

CVE-2023-34055

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

6.5CVSS6.5AI score0.01219EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/08/30 12:45 p.m.•83 views

CVE-2021-32292

A flaw was found in the parseit function in jsonparse.c., a test app in the json-c library. The code error does not affect the library itself...

8.9AI score0.01071EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/04/11 7:29 p.m.•83 views

CVE-2023-28484

A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing invalid XML schemas...

5.9CVSS6.6AI score0.01086EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/02/28 9:29 p.m.•83 views

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server...

9.8CVSS9AI score0.00789EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/01/26 8:35 a.m.•83 views

CVE-2022-3488

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...

7.5CVSS2.7AI score0.19045EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/18 7:5 p.m.•83 views

CVE-2006-20001

A flaw was found in the moddav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. Mitigation Disabling moddav and restarting httpd will mitigate this flaw...

7.5CVSS8AI score0.03546EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/18 10:29 p.m.•83 views

CVE-2022-29165

A flaw was found in the ArgoCD component of Red Hat GitOps, where an unauthenticated attacker can craft a malicious JWT token while ArgoCD's anonymous access is enabled and gains full access to the ArgoCD instance. This flaw allows the attacker to impersonate any ArgoCD user or role, fully...

10CVSS4.2AI score0.01857EPSS
Exploits0References4
Total number of security vulnerabilities5000