Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2023/10/21 1:51 a.m.•77 views

CVE-2023-31122

A flaw was found in the modmacro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash. Mitigation Disabling modmacro and restarting httpd or making sure the macros used are smaller than the required...

7.5CVSS7.4AI score0.02978EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/25 5:24 a.m.•77 views

CVE-2023-41993

A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution...

9.8CVSS8.9AI score0.29179EPSS
Exploits4References4
RedhatCVE
RedhatCVE
•added 2023/05/11 6:21 a.m.•77 views

CVE-2023-1387

A flaw was found in Grafana. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue when enabling the "urllogin" configuration option. By sending a specially crafted request, an attacker can obtain JWT information and use this to launch further attack...

7.5CVSS6.7AI score0.01504EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/03/30 1:0 p.m.•77 views

CVE-2023-0614

A vulnerability was found in Samba. Confidential attribute disclosure via LDAP filters is insufficient, which may allow an attacker to obtain confidential BitLocker recovery keys from a Samba AD DC...

5.9CVSS6.3AI score0.00567EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/24 1:7 p.m.•77 views

CVE-2023-28772

A buffer overflow write flaw was identified in seqbufputmemhex in lib/seqbuf.c in seqbuf in the Linux Kernel. This issue may allow a user with special debug privileges such as ftrace or root to cause an overflow in the destination buffer due to a missing sanity check. Mitigation Mitigation for th...

6.7CVSS6.9AI score0.00726EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/31 9:6 a.m.•77 views

CVE-2022-25881

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

7.5CVSS7.8AI score0.01613EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/11/22 8:26 p.m.•77 views

CVE-2022-4087

A vulnerability was found in ipxe. This issue affects the tlsnewciphertext function in the src/net/tls.c file of the TLS component. The manipulation of the padlen argument leads to information exposure due to discrepancy...

4.3CVSS1.5AI score0.00481EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/13 7:44 a.m.•77 views

CVE-2022-31105

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OpenID Connect OIDC...

8.3CVSS1.9AI score0.00635EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/29 1:5 p.m.•77 views

CVE-2022-2208

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

7.8CVSS2AI score0.01303EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/05/20 11:37 p.m.•77 views

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

8.1CVSS3.6AI score0.01221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/18 10:58 p.m.•77 views

CVE-2022-22978

A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

9.8CVSS3.5AI score0.10037EPSS
Exploits6References4
RedhatCVE
RedhatCVE
•added 2022/04/25 8:30 a.m.•77 views

CVE-2021-25745

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

8.1CVSS1.7AI score0.01109EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/01 5:2 p.m.•77 views

CVE-2022-1204

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system...

5.5CVSS2.6AI score0.00385EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/24 5:35 p.m.•77 views

CVE-2022-24052

A flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running...

7.8CVSS4.2AI score0.00645EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/18 9:49 p.m.•77 views

CVE-2022-21277

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS4.5AI score0.03091EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 4:38 a.m.•77 views

CVE-2021-29985

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

8.8CVSS2.6AI score0.01451EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/14 1:28 a.m.•77 views

CVE-2021-29976

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbi...

8.8CVSS2.9AI score0.01223EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/12 6:31 p.m.•77 views

CVE-2021-30129

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0...

6.5CVSS5.1AI score0.03394EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/01 5:22 p.m.•77 views

CVE-2021-3632

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

7.5CVSS3.6AI score0.0091EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/28 7:16 p.m.•77 views

CVE-2021-34427

A flaw was found in eclipse-birt. An attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

9.8CVSS4.2AI score0.5771EPSS
Exploits4References1
RedhatCVE
RedhatCVE
•added 2021/05/19 12:28 a.m.•77 views

CVE-2021-33034

A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...

7.8CVSS1.3AI score0.00819EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2021/04/01 1:38 a.m.•77 views

CVE-2020-28469

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

7.5CVSS2.9AI score0.04456EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/03/17 10:35 a.m.•77 views

CVE-2021-27568

A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform...

5.9CVSS0.02886EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/06/09 5:15 p.m.•77 views

CVE-2020-0543

A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this fl...

2.1CVSS3.6AI score0.0054EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2019/04/02 10:19 a.m.•77 views

CVE-2019-0217

A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. Mitigation This flaw only affects a threaded server...

7.5CVSS0.9AI score0.17666EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/07/02 5:32 p.m.•76 views

CVE-2024-32498

An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...

8.8CVSS7.8AI score0.00835EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/04/15 2:55 p.m.•76 views

CVE-2024-27980

A command injection flaw was found in Node.js exclusive to Windows environments. This flaw allows an attacker to perform command injection via the args parameter of childprocess.spawn without the shell option enabled on Windows. This behavior is caused by cmd.exe when executing batch files, which...

9.7AI score0.01387EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/06 3:33 a.m.•76 views

CVE-2024-24784

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

5.4CVSS7.2AI score0.01042EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/23 4:50 a.m.•76 views

CVE-2023-4822

A flaw was found in the Grafana enterprise package. Grafana is incorrectly assessing permissions to update global roles and role assignments, therefore, users with administrator permissions in one organization can change global role permissions and global role assignments. After successful...

6.7CVSS6.8AI score0.01074EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/30 5:57 a.m.•76 views

CVE-2023-31422

A flaw was found by Elastic, where sensitive information is recorded in Kibana logs. This issue occurs in the event of an error when logging in to the JSON layout or when the pattern layout is configured to log the %meta pattern...

7.5CVSS7.3AI score0.00656EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/26 3:59 p.m.•76 views

CVE-2023-46233

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

9.1CVSS8.8AI score0.00635EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/30 10:15 a.m.•76 views

CVE-2023-4580

The Mozilla Foundation Security Advisory describes this flaw as: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information...

6.1CVSS6.7AI score0.00361EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/19 1:43 p.m.•76 views

CVE-2023-22045

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS3.6AI score0.01164EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/26 6:17 p.m.•76 views

CVE-2023-29405

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...

7.5CVSS9.3AI score0.01728EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/05/17 9:28 a.m.•76 views

CVE-2023-28322

A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application...

3.7CVSS8.4AI score0.02211EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/04/25 6:21 a.m.•76 views

CVE-2023-2269

A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Mitigation Mitigation for this issue i...

4.4CVSS6AI score0.00223EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/30 5:43 p.m.•76 views

CVE-2023-28427

The Mozilla Foundation Security Advisory describes this flaw as: Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack...

7.5CVSS7.9AI score0.01185EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/01/09 7:35 a.m.•76 views

CVE-2023-0049

A flaw was found in vim, which is vulnerable to an out-of-bounds read in the buildstlstrhl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software. Mitigation Do not run vim with -s scriptin on untrusted scripts...

7.3CVSS7.2AI score0.00471EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/11/07 4:26 a.m.•76 views

CVE-2022-42823

A vulnerability was found in webkitgtk, where a logic issue was addressed with improved state management. Processing maliciously crafted web content may disclose sensitive user information...

8.8CVSS7.8AI score0.0141EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/09 3:36 p.m.•76 views

CVE-2022-2048

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

7.5CVSS3.6AI score0.0227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/10 5:27 p.m.•76 views

CVE-2022-29117

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that man...

7.5CVSS1.3AI score0.04913EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/02 7:38 a.m.•76 views

CVE-2022-25647

A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes. This issue may lead to availability attacks...

7.7CVSS3.4AI score0.1158EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/23 9:22 a.m.•76 views

CVE-2022-24407

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

8.8CVSS5.4AI score0.04123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/21 5:51 a.m.•76 views

CVE-2022-25235

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor. Mitigation There i...

9.8CVSS1.4AI score0.04955EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/15 5:20 p.m.•76 views

CVE-2022-21698

A denial of service attack was found in prometheus/clientgolang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability...

7.5CVSS8.3AI score0.05994EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/15 2:52 p.m.•76 views

CVE-2021-44733

A use-after-free flaw in the Linux kernel TEE Trusted Execution Environment subsystem was found in the way user calls ioctl TEEIOCOPENSESSION or TEEIOCINVOKE. A local user could use this flaw to crash the system or escalate their privileges on the system. If the Linux system non configured with t...

7.4CVSS7.5AI score0.00694EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/10/19 9:3 p.m.•76 views

CVE-2021-35550

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

7.1CVSS2.4AI score0.06868EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/15 7:22 a.m.•76 views

CVE-2021-22947

A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as...

6.1CVSS0.4AI score0.02799EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/14 3:9 p.m.•76 views

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS3.7AI score0.05651EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/27 5:51 p.m.•76 views

CVE-2021-37576

A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtasargs.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Mitigation for thi...

7.8CVSS1.6AI score0.00575EPSS
Exploits1References4
Total number of security vulnerabilities5000