Lucene search
K
RedhatcveMost viewed

206305 matches found

RedhatCVE
RedhatCVE
added 2020/11/24 4:51 p.m.74 views

CVE-2020-15436

A use-after-free flaw was observed in blkdevget, in fs/blockdev.c after a call to blkdevget fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue. Mitigation Mitigation for this...

7.2CVSS1.9AI score0.00928EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/11/10 7:52 p.m.74 views

CVE-2020-8695

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem. Mitigation Until a firmwar...

5.5CVSS4.1AI score0.00414EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/08/11 8:13 p.m.74 views

CVE-2020-9490

A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability. Mitigation Configuring the HTTP/2...

5CVSS3.5AI score0.89744EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/02/10 11:44 a.m.74 views

CVE-2019-13990

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS9.3AI score0.162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/02 7:16 p.m.74 views

CVE-2025-32777

Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the scheduler. This is a privilege...

8.2CVSS6.8AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/05/21 11:0 a.m.73 views

CVE-2024-35195

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...

5.6CVSS5.3AI score0.0034EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/02/26 7:33 p.m.73 views

CVE-2024-22201

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

7.5CVSS7.2AI score0.01433EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/01/26 6:49 p.m.73 views

CVE-2022-48622

A flaw was found in GNOME's GdkPixbuf library, a library used to load image data in various formats used by GDK for handling graphical assets. This issue occurs when loading a crafted ANI animated cursor file file, which may lead to a heap based out-of-bounds write, causing memory corruption. Whe...

7.3CVSS7.4AI score0.00415EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/12/18 7:56 a.m.73 views

CVE-2023-24023

A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live...

6.8CVSS7.8AI score0.01297EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/11/23 12:21 p.m.73 views

CVE-2023-47108

A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system. Mitigation As a...

7.5CVSS7.5AI score0.01592EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/08/30 10:15 a.m.73 views

CVE-2023-4574

The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...

7.5CVSS7.1AI score0.00571EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/08/28 7:15 p.m.73 views

CVE-2023-4563

A use-after-free flaw was found in the nftables sub-component due to a race problem between the set GC and transaction in the Linux Kernel. This flaw allows a local attacker to crash the system due to a missing call to nftsetelemmarkbusy, causing double deactivation of the element and possibly...

6.2AI score0.00218EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/08/23 1:49 p.m.73 views

CVE-2023-3893

A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes running kubernetes-csi-proxy to escalate to admin privileges on those nodes...

8.8CVSS6.9AI score0.02864EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/01/31 10:35 a.m.73 views

CVE-2022-40898

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

7.5CVSS7.2AI score0.02659EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/01/25 1:5 p.m.73 views

CVE-2021-46795

A Time-of-check to time-of-use TOCTOU vulnerability exists in hw. This flaw allows an attacker to use a compromised BIOS to cause the trusted execution environment TEE operating system to read memory out-of-bounds, potentially resulting in a denial of service. Mitigation Please contact AMD for mo...

1.9CVSS4.4AI score0.00137EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/21 12:23 a.m.73 views

CVE-2018-11769

CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...

9CVSS3.6AI score0.90602EPSS
Exploits18References1
RedhatCVE
RedhatCVE
added 2022/05/21 12:4 a.m.73 views

CVE-2021-26910

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation...

7.8CVSS5.5AI score0.00444EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2022/05/06 4:55 p.m.73 views

CVE-2022-21451

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.4CVSS2.1AI score0.01196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/26 6:40 a.m.73 views

CVE-2022-27376

A use-after-free flaw was found in Maria DB. The MariaDB Server contains a use-after-free in the component, Itemargs::walkarg, which is exploited via specially crafted SQL statements, affecting availability...

7.5CVSS3.6AI score0.02199EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/04/22 9:3 p.m.73 views

CVE-2022-29589

Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username...

6.1CVSS3.8AI score0.00632EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/11 11:29 a.m.73 views

CVE-2022-21703

A Cross-site request forgery CSRF vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, editors or admins. An attacker can exploit this vulnerability for...

8.8CVSS3.8AI score0.02283EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/02/04 7:54 p.m.73 views

CVE-2021-23566

A flaw was found in the nanoid library where the valueOf function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information...

5.5CVSS2.9AI score0.0044EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/10/19 9:3 p.m.73 views

CVE-2021-35565

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

5.3CVSS3.3AI score0.06886EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/04 6:56 p.m.73 views

CVE-2021-3682

A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash ...

8.5CVSS1.4AI score0.02904EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/03 6:24 a.m.73 views

CVE-2021-3664

An input validation flaw was found in the nodejs url-parse library, which incorrectly parses a URL that contains backslashes. This flaw allows an attacker to specify a relative URL and cause the browser to redirect to a malicious website. The highest threat from this vulnerability is to integrity...

5.3CVSS4.1AI score0.01964EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2021/07/14 5:31 p.m.73 views

CVE-2021-3648

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate is a reservation duplicate of CVE-2021-3530. Notes: All CVE users should reference CVE-2021-3530 instead of this...

7.5CVSS6.4AI score0.024EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/07/01 5:36 p.m.73 views

CVE-2021-32690

A vulnerability was discovered in Helm, which could allow credentials associated with one Helm repository to be leaked to another repository referenced by the first one. In order to exploit this vulnerability, an attacker would need to control a repository trusted by the configuration of the targ...

8.6CVSS3.6AI score0.01395EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/07/01 5:23 p.m.73 views

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

6.3CVSS1.8AI score0.00493EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/05/19 10:37 a.m.73 views

CVE-2021-30465

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

8.5CVSS1.7AI score0.06604EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/12/10 9:57 p.m.73 views

CVE-2019-14899

A flaw was found in openvpn. A malicous access point or adjacent user can determine if a connected user is using a VPN by making positive inferences about the websites they are visiting, and determining the correct sequence and acknowledgement numbers in use, which allows the attacker to inject...

7.4CVSS3AI score0.00838EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2018/03/08 8:19 p.m.73 views

CVE-2017-18214

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

7.8CVSS3.5AI score0.09905EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2024/07/03 11:20 p.m.72 views

CVE-2024-34750

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

7.5CVSS7.3AI score0.04602EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/06/11 2:28 p.m.72 views

CVE-2024-5585

In PHP, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments tha...

9.4CVSS8.8AI score0.32568EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2024/04/03 12:18 p.m.72 views

CVE-2024-29025

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

5.3CVSS5.4AI score0.0138EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2024/03/07 6:38 a.m.72 views

CVE-2024-25111

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, an...

8.6CVSS8.4AI score0.65254EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/02/23 4:35 p.m.72 views

CVE-2023-42282

A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic function by inducing a Server-Side Request Forgery SSRF attack and obtaining access to normally inaccessible resources. Mitigation...

9.8CVSS8.9AI score0.01613EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/02/16 5:21 p.m.72 views

CVE-2023-46809

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

5.9CVSS7.3AI score0.01302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/10/30 11:27 a.m.72 views

CVE-2023-31419

A flaw was found in Elasticsearch. This issue affects the search API that allowed a specially crafted query string to cause a stack overflow and, ultimately, a denial of service...

7.5CVSS9.2AI score0.60679EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2023/06/15 5:45 a.m.72 views

CVE-2023-2727

A flaw was found in Kubernetes, where users may be able to launch containers using images restricted by the ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. Mitigation...

6.5CVSS6.4AI score0.01134EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/04/03 7:43 p.m.72 views

CVE-2022-3510

A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbag...

5.3CVSS7.3AI score0.00483EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/01/17 6:5 p.m.72 views

CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Mitigation This flaw can be mitigated by...

7.8CVSS4.2AI score0.01944EPSS
Exploits5References4
RedhatCVE
RedhatCVE
added 2022/11/06 2:26 p.m.72 views

CVE-2022-41849

A use-after-free flaw was found in the Linux kernel’s video fbdev driver. This flaw allows a local user with physical access to crash the system...

4.2CVSS3.2AI score0.00309EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/08/09 1:37 p.m.72 views

CVE-2022-2598

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not...

5.5CVSS5.4AI score0.00854EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/05/10 6:58 p.m.72 views

CVE-2021-42581

A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application...

9.1CVSS6.3AI score0.01325EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/05/02 1:25 p.m.72 views

CVE-2022-28391

An escape sequence injection attack was found in BusyBox on Alpine. For this issue to occur, a remote host's virtual terminal must contain an escape sequence, and the victim must then execute netstat. This flaw allows an attacker can inject arbitrary code, leading to a loss of integrity...

8.8CVSS3.6AI score0.03505EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/03/21 8:49 p.m.72 views

CVE-2022-0494

A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege CAPSYSADMIN or CAPSYSRAWIO to create issues with confidentiality. Mitigation Mitigation for this issue is either...

4.9CVSS2.1AI score0.00416EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/03/11 3:37 p.m.72 views

CVE-2021-39713

A use-after-free flaw was found in the Linux kernel’s network scheduling subsystem due to a race condition. This flaw allows a local user to cause a denial of service memory corruption or crash or privilege escalation. Mitigation Mitigation for this issue is either not available or the currently...

7CVSS1.4AI score0.0021EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2022/02/22 4:16 a.m.72 views

CVE-2022-0708

Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure...

6.5CVSS4.3AI score0.00792EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/21 11:18 a.m.72 views

CVE-2022-23645

An out-of-bounds read vulnerability was found in swtpm. The vulnerability exists due to a boundary condition when the byte array representing the state of the TPM is accessed. This flaw allows an attacker to send a specially crafted header, triggering an out-of-bounds read access on the byte arra...

6.2CVSS2AI score0.00404EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/01/28 7:41 a.m.72 views

CVE-2022-22942

A use-after-free flaw was found in the Linux kernel’s vmwexecbufcopyfenceuser function in drivers/gpu/drm/vmwgfx/vmwgfxexecbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem. Mitigation Mitigation for this issue is to skip loading the...

7.8CVSS1.7AI score0.02579EPSS
Exploits3References3
Total number of security vulnerabilities5000