Lucene search
K
RedhatcveMost viewed

206279 matches found

RedhatCVE
RedhatCVE
•added 2022/03/28 9:7 p.m.•261 views

CVE-2022-22950

A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...

7.5CVSS3.8AI score0.35834EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/07/02 5:32 p.m.•260 views

CVE-2024-38476

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not be...

9.1CVSS8.8AI score0.41611EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/28 8:58 p.m.•259 views

CVE-2021-22600

A double-free flaw was found in the Linux kernel’s packet protocol subsystem in the way a user call triggers the packetsetring function of the net/packet/afpacket.c. This flaw allows a local user to crash or escalate their privileges on the system. Mitigation Only users with access to the AFPACKE...

7.8CVSS7.6AI score0.17827EPSS
Exploits19References5
RedhatCVE
RedhatCVE
•added 2024/01/17 3:18 p.m.•258 views

CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To...

7CVSS7.1AI score0.00308EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/26 2:23 p.m.•255 views

CVE-2022-32221

A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT request which us...

4.8CVSS8.6AI score0.04325EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2018/08/28 4:49 p.m.•251 views

CVE-2018-15919

OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system. Mitigation If GSSAPI Authentication...

5.3CVSS3.2AI score0.03557EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2021/06/03 7:20 a.m.•249 views

CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

7.8CVSS2.6AI score0.22193EPSS
Exploits37References5
RedhatCVE
RedhatCVE
•added 2022/04/05 12:46 p.m.•243 views

CVE-2022-24785

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

7.5CVSS3.1AI score0.05664EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/06/11 2:26 p.m.•242 views

CVE-2024-4577

A flaw was found in PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. When using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use the "Best-Fit" behavior to replace characters in the command line given to Win32 API functions...

9.8CVSS9.7AI score0.99987EPSS
Exploits64References11
RedhatCVE
RedhatCVE
•added 2023/06/13 6:5 a.m.•242 views

CVE-2023-32731

A flaw was found in gRPC. This flaw allows a remote attacker to obtain sensitive information, caused by a flaw when the gRPC HTTP2 stack raised a header size exceeded error. By sending a specially crafted request, an attacker can obtain sensitive information, and use this information to launch...

7.4CVSS6AI score0.00502EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/19 10:54 p.m.•240 views

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS7AI score0.17673EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2021/09/27 8:4 p.m.•240 views

CVE-2021-41617

A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherite...

7CVSS1.6AI score0.02367EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/04/20 8:23 a.m.•238 views

CVE-2022-21449

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...

7.5CVSS2.2AI score0.46677EPSS
Exploits6References4
RedhatCVE
RedhatCVE
•added 2021/06/07 6:12 a.m.•235 views

CVE-2021-26690

A NULL pointer dereference was found in Apache httpd modsession. The highest threat from this vulnerability is to system availability. Mitigation Only configurations which use the "SessionEnv" directive which is not widely used are vulnerable to this flaw. SessionEnv is not enabled in default...

7.5CVSS0.3AI score0.65067EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/08 5:21 p.m.•234 views

CVE-2023-32233

A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...

7.8CVSS7.9AI score0.12966EPSS
Exploits7References5
RedhatCVE
RedhatCVE
•added 2023/02/07 5:30 p.m.•232 views

CVE-2023-0286

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

7.4CVSS7.7AI score0.59501EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/05 5:11 p.m.•231 views

CVE-2023-5685

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service DoS. Mitigation There is currently no mitigation available for...

7.5CVSS6.9AI score0.03479EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/27 2:47 p.m.•229 views

CVE-2022-4361

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

8.1CVSS5.9AI score0.00626EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/09/16 9:11 p.m.•228 views

CVE-2024-45801

A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks. Mitigation Mitigation for this issue is either not available or the...

7CVSS5.5AI score0.00844EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2022/09/14 12:44 p.m.•227 views

CVE-2022-25857

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS3.6AI score0.02191EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/02/10 7:47 p.m.•227 views

CVE-2022-22753

The Mozilla Foundation Security Advisory describes this flaw as: A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access. This bug only affects...

7.5CVSS7.9AI score0.00632EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/06/09 3:44 p.m.•225 views

CVE-2020-13938

A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability...

6.2CVSS2.6AI score0.11773EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2025/05/17 5:59 p.m.•221 views

CVE-2025-43853

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

7CVSS6.9AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/06/14 4:29 p.m.•220 views

CVE-2020-7746

A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution...

9.8CVSS3.7AI score0.04678EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/05/30 3:11 p.m.•219 views

CVE-2023-2650

A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when...

6.5CVSS6.6AI score0.73461EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/04 11:38 a.m.•219 views

CVE-2022-21515

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS2AI score0.01418EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/19 9:35 p.m.•217 views

CVE-2023-51384

A flaw was found in OpenSSH. When specifying destination constraints while adding PKCS11-hosted private keys, the constraints only apply to the first key even in cases where the token returns multiple keys. Mitigation Mitigation for this issue is either not available or the currently available...

5.5CVSS6.7AI score0.00426EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/07 2:27 p.m.•216 views

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS4.9AI score0.99999EPSS
Exploits350References7
RedhatCVE
RedhatCVE
•added 2021/05/19 12:25 a.m.•217 views

CVE-2021-22902

A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible Denial of Service vulnerability was found in the Mime type parser of Action Dispatch...

7.5CVSS3.3AI score0.02791EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/11/08 3:55 a.m.•212 views

CVE-2022-3621

A flaw was found in the NILFS2 file system implementation in the Linux kernel. If the imode field in inode of the metadata files is corrupted on the disk, it can cause the initialization of the bmap structure not being called, resulting in a NULL pointer dereference at nilfsbmaplookupatlevel. A...

6.5CVSS2.5AI score0.01208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/23 3:9 p.m.•212 views

CVE-2022-34301

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader...

7.2CVSS7.4AI score0.00944EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2020/04/05 11:6 p.m.•212 views

CVE-2019-17571

A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget. Mitigation Please note that the Log4j upstream strongly recommends...

9.8CVSS4.3AI score0.8904EPSS
Exploits5References3
RedhatCVE
RedhatCVE
•added 2024/04/12 7:23 a.m.•211 views

CVE-2023-29483

The dnspython stub resolver is vulnerable to a denial of service DoS risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another...

5.9CVSS5.9AI score0.01857EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/06/14 8:30 a.m.•211 views

CVE-2022-2078

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code. Mitigation Mitigation for this issue is either not available or the currently...

5.5CVSS6.3AI score0.01013EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/07 2:19 p.m.•210 views

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint. Mitigation For Log4j versions =2.10 set the system property...

10CVSS9.1AI score0.99999EPSS
Exploits349References7
RedhatCVE
RedhatCVE
•added 2021/10/07 5:33 p.m.•210 views

CVE-2021-42013

A path traversal and remote code execution flaw was found in Apache HTTP Server 2.4.49 and 2.4.50. A remote attacker could use this flaw to map URLs to files outside the expected document root. Additionally, this flaw could leak the source of interpreted files like CGI scripts. If files outside o...

9.8CVSS0.7AI score0.99992EPSS
Exploits173References5
RedhatCVE
RedhatCVE
•added 2023/10/30 1:43 p.m.•209 views

CVE-2023-34058

A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...

7.5CVSS7AI score0.00667EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/23 10:17 a.m.•209 views

CVE-2023-34981

A flaw was found in Tomcat. If a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent, resulting in at least one AJP based proxy modproxyajp using the response headers from the previous request for the current request, leading to an information leak. The informatio...

7.5CVSS7.2AI score0.01116EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/01/18 7:18 p.m.•209 views

CVE-2022-0185

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

8.4CVSS1.1AI score0.25151EPSS
Exploits11References7
RedhatCVE
RedhatCVE
•added 2024/01/22 9:1 a.m.•207 views

CVE-2024-21484

A flaw was found in jsrsasign, which is vulnerable to an observable discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. This flaw allows an attacker to decrypt ciphertexts. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted wit...

7.5CVSS6.7AI score0.0096EPSS
Exploits1References9
RedhatCVE
RedhatCVE
•added 2021/11/01 5:41 p.m.•206 views

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

6.5CVSS4.6AI score0.42847EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2021/05/13 5:56 a.m.•206 views

CVE-2020-24588

A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. This can cause the frame to pass checks and be considered a valid frame of a different type. Mitigation...

4.3CVSS1.1AI score0.03537EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2023/09/14 2:24 p.m.•205 views

CVE-2023-4863

A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...

9.6CVSS8.7AI score0.99739EPSS
Exploits9References7
RedhatCVE
RedhatCVE
•added 2024/03/14 9:39 p.m.•204 views

CVE-2024-23672

A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...

6.3CVSS7.2AI score0.02313EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/06 8:54 p.m.•204 views

CVE-2022-41903

A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...

9.8CVSS4.3AI score0.44268EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/10/24 3:27 a.m.•203 views

CVE-2023-45648

A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...

5.3CVSS5.8AI score0.05848EPSS
Exploits2References5
RedhatCVE
RedhatCVE
•added 2022/04/26 7:23 a.m.•203 views

CVE-2022-29078

A Command injection attack was found in ejs Embedded JavaScript templates for Node.js, which allows an attacker to execute server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary ...

9.8CVSS4.7AI score0.32386EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2024/04/10 4:50 a.m.•202 views

CVE-2024-2201

A flaw was found in some Intel CPUs where mitigations for the Spectre V2/BHI vulnerability were incomplete. This issue may allow an attacker to read arbitrary memory, compromising system integrity and exposing sensitive information. Mitigation Mitigation for this issue is either not available or...

4.7CVSS6.7AI score0.08555EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2020/01/02 9:25 p.m.•201 views

CVE-2017-16995

An arbitrary memory r/w access issue was found in the Linux kernel compiled with the eBPF bpf2 system call CONFIGBPFSYSCALL support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this...

7.8CVSS2.4AI score0.30052EPSS
Exploits16References1
RedhatCVE
RedhatCVE
•added 2022/05/02 6:30 p.m.•200 views

CVE-2022-29970

A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served. Mitigation Disable the static option which will disable the publicdir option. With th...

7.5CVSS2.1AI score0.02059EPSS
Exploits0References3
Total number of security vulnerabilities5000