Lucene search
K
RedhatcveMost viewed

206341 matches found

RedhatCVE
RedhatCVE
•added 2022/01/18 9:49 p.m.•77 views

CVE-2022-21277

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS4.5AI score0.03091EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•77 views

CVE-2021-45486

An information leak flaw was found in the Linux kernel’s IPv4 implementation in the iprtinit in net/ipv4/route.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information. Mitigation Mitigation for this issue is either not available or th...

3.5CVSS0.7AI score0.00368EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/09/16 9:58 p.m.•77 views

CVE-2021-36160

An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently available...

7.5CVSS1.5AI score0.62887EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/13 11:23 p.m.•77 views

CVE-2021-3703

CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed for Serverless 1.16.0 and Serverless client kn 1.16.0...

7.5CVSS2.1AI score0.03692EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/13 5:52 p.m.•77 views

CVE-2021-35517

A flaw was found in apache-commons-compress. When reading a specially crafted TAR archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' TAR...

7.5CVSS3.1AI score0.10901EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2021/07/12 6:31 p.m.•77 views

CVE-2021-30129

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0...

6.5CVSS5.1AI score0.03394EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/02 6:41 p.m.•77 views

CVE-2021-21704

Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before...

5.9CVSS3.1AI score0.01724EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/01 5:22 p.m.•77 views

CVE-2021-3632

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

7.5CVSS3.6AI score0.0091EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/24 7:57 a.m.•77 views

CVE-2021-23210

A floating point exception divide-by-zero issue was discovered in SoX in functon readsamples of voc.c file. An attacker with a crafted file, could cause an application to crash...

5.5CVSS1.9AI score0.0043EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/06/18 7:50 p.m.•77 views

CVE-2020-18442

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzipfileread" in the function "unzzipcatfile"...

3.3CVSS5.4AI score0.00745EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/10/14 9:1 p.m.•77 views

CVE-2020-12351

A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP Logical Link Control and Adaptation Protocol packets with A2MP Alternate MAC-PHY Manager Protocol CID Channel Identifier. This flaw allows a remote attacker in an adjacent range to crash the system, causing a...

8.8CVSS1.4AI score0.07693EPSS
Exploits5References9
RedhatCVE
RedhatCVE
•added 2020/06/09 5:15 p.m.•77 views

CVE-2020-0543

A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this fl...

2.1CVSS3.6AI score0.0054EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2020/01/03 9:24 p.m.•77 views

CVE-2018-2562

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

7.5CVSS3.3AI score0.03389EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2024/04/22 8:34 p.m.•76 views

CVE-2023-6597

A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link. Mitigation Mitigatio...

7.8CVSS7.7AI score0.00313EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/23 4:50 a.m.•76 views

CVE-2023-4822

A flaw was found in the Grafana enterprise package. Grafana is incorrectly assessing permissions to update global roles and role assignments, therefore, users with administrator permissions in one organization can change global role permissions and global role assignments. After successful...

6.7CVSS6.8AI score0.01074EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/30 11:27 a.m.•76 views

CVE-2023-5717

A flaw was found in the Linux kernel's Performance Events system component. A condition can be triggered that allows data to be written past the end or before the beginning of the intended memory buffer. This issue may lead to a system crash, code execution, or local privilege escalation...

7.8CVSS8.2AI score0.00856EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/30 5:57 a.m.•76 views

CVE-2023-31422

A flaw was found by Elastic, where sensitive information is recorded in Kibana logs. This issue occurs in the event of an error when logging in to the JSON layout or when the pattern layout is configured to log the %meta pattern...

7.5CVSS7.3AI score0.00656EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/30 10:15 a.m.•76 views

CVE-2023-4580

The Mozilla Foundation Security Advisory describes this flaw as: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information...

6.1CVSS6.7AI score0.00361EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/25 6:21 a.m.•76 views

CVE-2023-2269

A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Mitigation Mitigation for this issue i...

4.4CVSS6AI score0.00223EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/24 1:7 p.m.•76 views

CVE-2023-28772

A buffer overflow write flaw was identified in seqbufputmemhex in lib/seqbuf.c in seqbuf in the Linux Kernel. This issue may allow a user with special debug privileges such as ftrace or root to cause an overflow in the destination buffer due to a missing sanity check. Mitigation Mitigation for th...

6.7CVSS6.9AI score0.00726EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/09 7:35 a.m.•76 views

CVE-2023-0049

A flaw was found in vim, which is vulnerable to an out-of-bounds read in the buildstlstrhl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software. Mitigation Do not run vim with -s scriptin on untrusted scripts...

7.3CVSS7.2AI score0.00471EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/11/07 4:26 a.m.•76 views

CVE-2022-42823

A vulnerability was found in webkitgtk, where a logic issue was addressed with improved state management. Processing maliciously crafted web content may disclose sensitive user information...

8.8CVSS7.8AI score0.0141EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/09 3:36 p.m.•76 views

CVE-2022-2048

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

7.5CVSS3.6AI score0.0227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/10 5:27 p.m.•76 views

CVE-2022-29117

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that man...

7.5CVSS1.3AI score0.04913EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/15 2:52 p.m.•76 views

CVE-2021-44733

A use-after-free flaw in the Linux kernel TEE Trusted Execution Environment subsystem was found in the way user calls ioctl TEEIOCOPENSESSION or TEEIOCINVOKE. A local user could use this flaw to crash the system or escalate their privileges on the system. If the Linux system non configured with t...

7.4CVSS7.5AI score0.00694EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/10/19 9:3 p.m.•76 views

CVE-2021-35550

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

7.1CVSS2.4AI score0.06868EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/14 3:9 p.m.•76 views

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS3.7AI score0.05651EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/11 4:38 a.m.•76 views

CVE-2021-29985

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

8.8CVSS2.6AI score0.01451EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/14 1:28 a.m.•76 views

CVE-2021-29976

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbi...

8.8CVSS2.9AI score0.01223EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/06 6:9 p.m.•76 views

CVE-2021-36085

The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...

3.3CVSS5.2AI score0.00453EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/06/28 7:16 p.m.•76 views

CVE-2021-34427

A flaw was found in eclipse-birt. An attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

9.8CVSS4.2AI score0.5771EPSS
Exploits4References1
RedhatCVE
RedhatCVE
•added 2021/06/02 5:52 p.m.•76 views

CVE-2021-33203

A flaw was found in django. Staff members could use the :mod:django.contrib.admindocs TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been customized by the developers to also expose the file contents, then not...

4.9CVSS2.3AI score0.02737EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/26 10:12 a.m.•76 views

CVE-2021-22897

A flaw was found in curl where libcurl lets applications specify which specific TLS ciphers to use in transfers, using the option called CURLOPTSSLCIPHERLIST. The cipher selection is used for the TLS negotiation when a transfer is done involving any of the TLS based transfer protocols libcurl...

5.3CVSS1.3AI score0.02979EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/05/19 12:28 a.m.•76 views

CVE-2021-33034

A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...

7.8CVSS1.3AI score0.00819EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2021/05/19 12:26 a.m.•76 views

CVE-2020-26145

A flaw was found in ath10khttrxprocrxfragindhl in drivers/net/wireless/ath/ath10k/httrx.c in the Linux kernel WiFi implementations, where it accepts a second or subsequent broadcast fragments even when sent in plaintext and then process them as full unfragmented frames. The highest threat from th...

6.5CVSS0.9AI score0.03515EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/01 1:38 a.m.•76 views

CVE-2020-28469

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

7.5CVSS2.9AI score0.04456EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/03/17 10:35 a.m.•76 views

CVE-2021-27568

A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform...

5.9CVSS0.02886EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/05/04 5:40 p.m.•76 views

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 Mitigation Previous...

4.3CVSS3.3AI score0.08096EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/04/02 10:19 a.m.•76 views

CVE-2019-0217

A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. Mitigation This flaw only affects a threaded server...

7.5CVSS0.9AI score0.17666EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/07/02 5:32 p.m.•75 views

CVE-2024-32498

An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...

8.8CVSS7.8AI score0.00835EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/04/15 2:55 p.m.•75 views

CVE-2024-27980

A command injection flaw was found in Node.js exclusive to Windows environments. This flaw allows an attacker to perform command injection via the args parameter of childprocess.spawn without the shell option enabled on Windows. This behavior is caused by cmd.exe when executing batch files, which...

9.7AI score0.01387EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/06 3:33 a.m.•75 views

CVE-2024-24784

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

5.4CVSS7.2AI score0.01042EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/25 7:3 p.m.•75 views

CVE-2024-23851

A vulnerability was found in copyparams in drivers/md/dm-ioctl.c in the Linux kernel, where it can attempt to allocate more than INTMAX bytes and crash due to a missing paramkernel-datasize check. This issue is related to ctlioctl...

5.5CVSS6.8AI score0.00296EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/26 3:59 p.m.•75 views

CVE-2023-46233

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

9.1CVSS8.8AI score0.00635EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/11 1:11 p.m.•75 views

CVE-2023-38546

A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met...

3.7CVSS6.7AI score0.06208EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/11 11:12 a.m.•75 views

CVE-2023-3961

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...

9.1CVSS9.1AI score0.02409EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/07/19 1:43 p.m.•75 views

CVE-2023-22045

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS3.6AI score0.01164EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/26 6:17 p.m.•75 views

CVE-2023-29405

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...

7.5CVSS9.3AI score0.01728EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/05/17 9:28 a.m.•75 views

CVE-2023-28322

A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application...

3.7CVSS8.4AI score0.02211EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/30 5:43 p.m.•75 views

CVE-2023-28427

The Mozilla Foundation Security Advisory describes this flaw as: Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack...

7.5CVSS7.9AI score0.01185EPSS
Exploits0References6
Total number of security vulnerabilities5000