Lucene search
K
RedhatcveMost viewed

206341 matches found

RedhatCVE
RedhatCVE
added 2021/10/19 9:3 p.m.80 views

CVE-2021-35586

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS2.3AI score0.06322EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/07/20 8:55 p.m.80 views

CVE-2021-2369

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

4.3CVSS2.2AI score0.03444EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/06/22 4:29 p.m.80 views

CVE-2021-29059

A flaw was found in IS-SVG where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string. The highest threat from this vulnerability is to system availability...

7.5CVSS3.7AI score0.02813EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/06/15 9:44 a.m.80 views

CVE-2021-0129

A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation Mitigation for this issue is...

5.7CVSS1.1AI score0.00827EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/05/28 12:47 a.m.80 views

CVE-2021-22141

An open redirect flaw was found in Kibana. An attacker is able to redirect a logged Kibana user to an arbitrary website by specially crafted URL...

6.1CVSS3.6AI score0.00537EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/05/19 12:26 a.m.80 views

CVE-2020-26141

A vulnerability was found in Linux kernel's WiFi implementation. An attacker within wireless range can inject a control packet fragment where the kernel does not verify the Message Integrity Check authenticity of fragmented TKIP frames. Mitigation Mitigation for this issue is either not available...

6.5CVSS1.5AI score0.03072EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/03/02 12:32 p.m.80 views

CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

7.5CVSS7.4AI score0.56636EPSS
Exploits15References8
RedhatCVE
RedhatCVE
added 2021/01/19 12:18 p.m.80 views

CVE-2020-25682

A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a...

8.3CVSS2.3AI score0.70754EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/04/06 5:4 p.m.80 views

CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS0.8AI score0.21979EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/05/01 5:22 p.m.79 views

CVE-2024-26949

A NULL pointer dereference flaw was found in the Linux kernel when getting a power limit. This may cause a crash...

5.5CVSS6.4AI score0.00243EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/12/18 4:11 p.m.79 views

CVE-2023-6927

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. Mitigation Mitigation for this issue ...

4.6CVSS4.8AI score0.01109EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/11/06 8:27 p.m.79 views

CVE-2023-47235

An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

7.5CVSS7.4AI score0.00685EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/07/04 6:17 p.m.79 views

CVE-2023-3090

A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb-cb initialization in ipoptionsecho and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege...

7.8CVSS7.4AI score0.00491EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/03/13 8:43 a.m.79 views

CVE-2023-27904

A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...

5.3CVSS6.1AI score0.00724EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/01/27 12:5 p.m.79 views

CVE-2022-25927

A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service ReDoS via the trim function...

7.5CVSS3.8AI score0.01725EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2022/11/10 4:56 a.m.79 views

CVE-2022-41742

A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...

7.1CVSS6.7AI score0.01069EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2022/05/20 11:40 p.m.79 views

CVE-2022-23036

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

7CVSS0.7AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/05/17 1:0 p.m.79 views

CVE-2022-1734

A flaw was found in the Linux kernel’s nfcmrvlnciunregisterdev function. A race condition leads to a use-after-free issue when simulating the NFC device from the user space...

7CVSS3.1AI score0.0052EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/05/03 8:58 p.m.79 views

CVE-2022-0866

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have. Mitigation In order to avoid the possibility of...

5.3CVSS7.3AI score0.00842EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/14 11:52 a.m.79 views

CVE-2022-1353

A vulnerability was found in the pfkeyregister function in net/key/afkey.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Mitigation Mitigation for this issue is either not...

7.1CVSS1.2AI score0.00388EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/03/18 1:43 p.m.79 views

CVE-2021-44907

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

9.4AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/03/09 10:23 a.m.79 views

CVE-2021-26401

A flaw was found in hw. The speculative execution window of AMD LFENCE/JMP mitigation MITIGATION V2-2 may be large enough to be exploited on AMD CPUs. Mitigation AMD recommends mitigation that uses generic retpoline...

5.6CVSS1.2AI score0.74041EPSS
Exploits9References4
RedhatCVE
RedhatCVE
added 2022/01/31 4:59 a.m.79 views

CVE-2022-23990

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

7.5CVSS4.7AI score0.03992EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/01/24 7:58 p.m.79 views

CVE-2022-23303

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. The highest threat from this vulnerability is to availability, confidentiality and integrity...

9.8CVSS3.9AI score0.02944EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/08/19 7:33 a.m.79 views

CVE-2021-3724

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

7.5CVSS7.5AI score0.02543EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/13 6:19 p.m.79 views

CVE-2021-38512

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling aka HRS can occur, potentially leading to credential disclosure...

7.5CVSS2.4AI score0.0181EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/08/12 2:22 p.m.79 views

CVE-2021-38166

A flaw was found in the Linux kernel. An integer overflow can allow an out-of-bounds write when many elements are placed in a hash's bucket. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The default Red Hat Enterpris...

7.8CVSS2.8AI score0.0032EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/09 7:53 p.m.79 views

CVE-2021-38160

This CVE is being DISPUTED by Red Hat with a note that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior. https://vulners.com/cve/CVE-2021-38160...

7.8CVSS0.00395EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/07/15 12:57 p.m.79 views

CVE-2021-20299

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability...

7.5CVSS1.3AI score0.01831EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/07/08 3:32 p.m.79 views

CVE-2021-3638

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati2dblt routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QE...

6.5CVSS3.5AI score0.00429EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/06/22 6:16 p.m.79 views

CVE-2021-34428

A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...

3.6CVSS1.1AI score0.00963EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/06/17 6:50 p.m.79 views

CVE-2021-3607

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMAREGDSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory,...

6CVSS5.5AI score0.00299EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/06/17 10:50 a.m.79 views

CVE-2021-3582

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMACMDCREATEMR" command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this...

6.5CVSS3.1AI score0.00386EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/06/09 10:14 a.m.79 views

CVE-2021-3590

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS1.7AI score0.00556EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/06/08 6:52 a.m.79 views

CVE-2021-3583

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...

7.1CVSS3.5AI score0.00854EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/05/20 2:13 p.m.79 views

CVE-2021-32028

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

6.5CVSS2.6AI score0.01449EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/05/20 11:21 a.m.79 views

CVE-2021-31807

An incorrect memory management flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently...

6.5CVSS1.8AI score0.15972EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2021/02/15 6:34 p.m.79 views

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

5.6CVSS0.2AI score0.00735EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/11 12:16 a.m.78 views

CVE-2025-57665

Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

6.4CVSS6AI score0.00215EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/02 7:16 p.m.79 views

CVE-2025-32777

Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the scheduler. This is a privilege...

8.2CVSS6.8AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/08/07 1:16 a.m.78 views

CVE-2024-7264

A flaw was found in libcurl, where libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the time fraction, leading to a strlen performed on a pointer to a heap...

5.3CVSS7AI score0.16212EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/01/30 5:52 p.m.78 views

CVE-2021-33631

A flaw was found in the openEuler kernel in Linux filesystem modules that allows an integer overflow via mounting a corrupted filesystem. This issue affects the openEuler kernel in versions from 4.19.90 through 4.19.90-2401.3 and 5.10.0-60.18.0 through 5.10.0-183.0.0. Mitigation Mitigation for th...

6.7CVSS7.6AI score0.00371EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/01/24 1:48 p.m.79 views

CVE-2023-40547

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

8.3CVSS9.6AI score0.04852EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/01/10 4:0 a.m.78 views

CVE-2024-0058

A flaw was found in .NET where a malicious user could cause Denial of Service DoS due to internal processing of certificates memory leak. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat Product Security criteria comprising ease...

6.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/06/13 6:35 a.m.78 views

CVE-2023-32732

A flaw was found in gRPC, which is vulnerable to a denial of service, caused by a base64 encoding error for "-bin" suffixed headers. By sending a specially crafted request, a remote attacker can cause a termination of the connection between an HTTP2 proxy and a gRPC server, resulting in a denial ...

5.3CVSS6.4AI score0.00531EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/05/23 6:10 a.m.78 views

CVE-2023-32409

A flaw was found in the WebGPU, part of the Webkit project. This flaw allows a remote attacker to break out of the Web Content sandbox...

8.8CVSS6.8AI score0.1653EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/05/08 5:21 a.m.78 views

CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

4.8CVSS7AI score0.01061EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2023/04/12 6:30 a.m.78 views

CVE-2023-29531

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This bug only affects Firefox for macOS. Other operating systems are unaffected...

7.5CVSS6.1AI score0.00974EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/02/21 9:59 p.m.78 views

CVE-2023-24998

A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not...

6.5CVSS7.5AI score0.46836EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/11/09 2:56 p.m.78 views

CVE-2022-31684

A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled...

4.3CVSS2.5AI score0.00604EPSS
Exploits0References3
Total number of security vulnerabilities5000