Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2023/07/04 6:17 p.m.•80 views

CVE-2023-3090

A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb-cb initialization in ipoptionsecho and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege...

7.8CVSS7.4AI score0.00491EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/06/06 2:55 p.m.•80 views

CVE-2023-34414

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

7.5CVSS6AI score0.00897EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/01/27 12:5 p.m.•80 views

CVE-2022-25927

A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service ReDoS via the trim function...

7.5CVSS3.8AI score0.01725EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2022/05/17 1:0 p.m.•80 views

CVE-2022-1734

A flaw was found in the Linux kernel’s nfcmrvlnciunregisterdev function. A race condition leads to a use-after-free issue when simulating the NFC device from the user space...

7CVSS3.1AI score0.0052EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/07 2:23 p.m.•80 views

CVE-2021-33197

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

5.3CVSS4.9AI score0.02279EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/03 8:58 p.m.•80 views

CVE-2022-0866

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have. Mitigation In order to avoid the possibility of...

5.3CVSS7.3AI score0.00842EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/14 11:52 a.m.•80 views

CVE-2022-1353

A vulnerability was found in the pfkeyregister function in net/key/afkey.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Mitigation Mitigation for this issue is either not...

7.1CVSS1.2AI score0.00388EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/07 3:55 p.m.•80 views

CVE-2022-28389

mcbausbstartxmit in drivers/net/can/usb/mcbausb.c in the Linux kernel through 5.17.1 has a double free...

5.5CVSS6.3AI score0.00395EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/07 3:33 p.m.•80 views

CVE-2022-28390

A double-free flaw was found in the Linux kernel in the emsusbstartxmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once...

7.8CVSS3.6AI score0.0035EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/31 8:47 p.m.•80 views

CVE-2022-1198

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space...

5.5CVSS3.7AI score0.00413EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/10 3:51 p.m.•80 views

CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...

7.5CVSS1AI score0.00791EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/24 7:58 p.m.•80 views

CVE-2022-23303

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. The highest threat from this vulnerability is to availability, confidentiality and integrity...

9.8CVSS3.9AI score0.02944EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/19 9:3 p.m.•80 views

CVE-2021-35586

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS2.3AI score0.06322EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/19 7:33 a.m.•80 views

CVE-2021-3724

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

7.5CVSS7.5AI score0.02543EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/12 2:22 p.m.•80 views

CVE-2021-38166

A flaw was found in the Linux kernel. An integer overflow can allow an out-of-bounds write when many elements are placed in a hash's bucket. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The default Red Hat Enterpris...

7.8CVSS2.8AI score0.0032EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/09 7:53 p.m.•80 views

CVE-2021-38160

This CVE is being DISPUTED by Red Hat with a note that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior. https://vulners.com/cve/CVE-2021-38160...

7.8CVSS0.00395EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/15 12:57 p.m.•80 views

CVE-2021-20299

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability...

7.5CVSS1.3AI score0.01831EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/08 3:32 p.m.•80 views

CVE-2021-3638

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati2dblt routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QE...

6.5CVSS3.5AI score0.00429EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/06/22 6:16 p.m.•80 views

CVE-2021-34428

A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...

3.6CVSS1.1AI score0.00963EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/06/22 4:29 p.m.•80 views

CVE-2021-29059

A flaw was found in IS-SVG where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string. The highest threat from this vulnerability is to system availability...

7.5CVSS3.7AI score0.02813EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/06/17 6:50 p.m.•80 views

CVE-2021-3607

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMAREGDSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory,...

6CVSS5.5AI score0.00299EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/09 10:14 a.m.•80 views

CVE-2021-3590

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS1.7AI score0.00556EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/08 6:52 a.m.•80 views

CVE-2021-3583

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...

7.1CVSS3.5AI score0.00854EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/20 11:21 a.m.•80 views

CVE-2021-31807

An incorrect memory management flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently...

6.5CVSS1.8AI score0.15972EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/03/02 12:32 p.m.•80 views

CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

7.5CVSS7.4AI score0.56636EPSS
Exploits15References8
RedhatCVE
RedhatCVE
•added 2021/01/19 12:18 p.m.•80 views

CVE-2020-25682

A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a...

8.3CVSS2.3AI score0.70754EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/06 5:4 p.m.•80 views

CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS0.8AI score0.21979EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2025/09/11 12:16 a.m.•79 views

CVE-2025-57665

Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

6.4CVSS6AI score0.00215EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2024/05/01 5:22 p.m.•79 views

CVE-2024-26949

A NULL pointer dereference flaw was found in the Linux kernel when getting a power limit. This may cause a crash...

5.5CVSS6.4AI score0.00243EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/30 5:52 p.m.•79 views

CVE-2021-33631

A flaw was found in the openEuler kernel in Linux filesystem modules that allows an integer overflow via mounting a corrupted filesystem. This issue affects the openEuler kernel in versions from 4.19.90 through 4.19.90-2401.3 and 5.10.0-60.18.0 through 5.10.0-183.0.0. Mitigation Mitigation for th...

6.7CVSS7.6AI score0.00371EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/10 4:0 a.m.•79 views

CVE-2024-0058

A flaw was found in .NET where a malicious user could cause Denial of Service DoS due to internal processing of certificates memory leak. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat Product Security criteria comprising ease...

6.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
•added 2023/12/18 4:11 p.m.•79 views

CVE-2023-6927

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. Mitigation Mitigation for this issue ...

4.6CVSS4.8AI score0.01109EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/11/06 8:27 p.m.•79 views

CVE-2023-47235

An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

7.5CVSS7.4AI score0.00685EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/13 6:35 a.m.•79 views

CVE-2023-32732

A flaw was found in gRPC, which is vulnerable to a denial of service, caused by a base64 encoding error for "-bin" suffixed headers. By sending a specially crafted request, a remote attacker can cause a termination of the connection between an HTTP2 proxy and a gRPC server, resulting in a denial ...

5.3CVSS6.4AI score0.00531EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/23 6:10 a.m.•79 views

CVE-2023-32409

A flaw was found in the WebGPU, part of the Webkit project. This flaw allows a remote attacker to break out of the Web Content sandbox...

8.8CVSS6.8AI score0.1653EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/05/08 5:21 a.m.•79 views

CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

4.8CVSS7AI score0.01061EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2023/04/12 6:30 a.m.•79 views

CVE-2023-29531

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This bug only affects Firefox for macOS. Other operating systems are unaffected...

7.5CVSS6.1AI score0.00974EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/13 8:43 a.m.•79 views

CVE-2023-27904

A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...

5.3CVSS6.1AI score0.00724EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/27 6:30 p.m.•79 views

CVE-2023-1076

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and get unauthorized access to some resources. Mitigation To mitigate this issue, prevent modules tap and tun from being loaded. Please see...

5.5CVSS6.2AI score0.00257EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/11/10 4:56 a.m.•79 views

CVE-2022-41742

A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...

7.1CVSS6.7AI score0.01069EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/11/09 2:56 p.m.•79 views

CVE-2022-31684

A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled...

4.3CVSS2.5AI score0.00604EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/21 7:45 a.m.•79 views

CVE-2021-33656

An out-of-bounds write flaw was found in the Linux kernel’s console driver functionality in the way a user triggers the ioctl PIOFONT with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation Mitigation for this issue is either...

6.8CVSS1.5AI score0.00537EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/20 11:40 p.m.•79 views

CVE-2022-23036

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

7CVSS0.7AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/20 11:23 p.m.•79 views

CVE-2021-30563

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS3.1AI score0.08928EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/14 11:33 a.m.•79 views

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

7.5CVSS1.7AI score0.07269EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/18 1:43 p.m.•79 views

CVE-2021-44907

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

9.4AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/09 10:13 a.m.•79 views

CVE-2022-0001

A flaw was found in hw. The Branch History Injection BHI describes a specific form of intra-mode BTI. This flaw allows an unprivileged attacker to manipulate the branch history before transitioning to supervisor or VMX root mode. This issue is an effort to cause an indirect branch predictor to...

6.5CVSS1.1AI score0.00508EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2022/02/08 5:25 a.m.•79 views

CVE-2021-23820

This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays...

9.8CVSS4.4AI score0.01813EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/01/31 4:59 a.m.•79 views

CVE-2022-23990

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

7.5CVSS4.7AI score0.03992EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/25 8:22 p.m.•79 views

CVE-2022-0330

A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Mitigation Mitigation for this issue is either not...

7.8CVSS0.9AI score0.00379EPSS
Exploits0References4
Total number of security vulnerabilities5000