Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2024/07/03 4:27 p.m.•72 views

CVE-2024-39894

A flaw was found in OpenSSH. A logic error in the SSH ObscureKeystrokeTiming feature on by default rendered this feature ineffective. A passive observer could still detect which network packets contained real keystrokes when the countermeasure was active because fake and real keystroke packets we...

3.1CVSS7.4AI score0.01634EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/06/11 2:28 p.m.•72 views

CVE-2024-5585

In PHP, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments tha...

9.4CVSS8.8AI score0.32568EPSS
Exploits3References5
RedhatCVE
RedhatCVE
•added 2024/04/03 12:18 p.m.•72 views

CVE-2024-29025

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

5.3CVSS5.4AI score0.0138EPSS
Exploits1References7
RedhatCVE
RedhatCVE
•added 2024/03/27 7:36 p.m.•72 views

CVE-2024-23451

An incorrect authorization flaw was found in the API key based security model for Remote Cluster Security in the elasticsearch package. A malicious user with a valid API key can leverage this issue to gain access to read any documents from any index in the remote cluster, exposing possible...

4.4CVSS7AI score0.00435EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/07 6:38 a.m.•72 views

CVE-2024-27307

A vulnerability was found in JSONata. A malicious expression can exploit the transform operator to override properties on the Object constructor and prototype. This issue can result in denial of service, remote code execution, or other unforeseen behavior in applications that assess user-provided...

8.6CVSS9.6AI score0.01422EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/07 6:38 a.m.•72 views

CVE-2024-25111

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, an...

8.6CVSS8.4AI score0.65254EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/30 11:27 a.m.•72 views

CVE-2023-31419

A flaw was found in Elasticsearch. This issue affects the search API that allowed a specially crafted query string to cause a stack overflow and, ultimately, a denial of service...

7.5CVSS9.2AI score0.60679EPSS
Exploits4References4
RedhatCVE
RedhatCVE
•added 2023/09/25 11:25 a.m.•72 views

CVE-2023-42753

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...

7CVSS7.3AI score0.00514EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/09/07 8:40 p.m.•72 views

CVE-2023-4208

There are 3 CVEs for the use-after-free flaw found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. A local user could use any of these flaws to crash the system or potentially escalate their privileges on the system...

7.8CVSS7.3AI score0.00565EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/07/20 9:31 a.m.•72 views

CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS6.1AI score0.0039EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/24 1:7 p.m.•72 views

CVE-2023-1582

A race problem was found in fs/proc/taskmmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. Mitigation This flaw can be mitigated by disabling THP on the system. How to disable THP ?...

4.7CVSS5.5AI score0.00131EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/17 12:0 p.m.•72 views

CVE-2023-0662

A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker...

7.5CVSS7.6AI score0.01408EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 4:14 p.m.•72 views

CVE-2022-3924

A flaw was found in Bind. When resolver receives many queries requiring recursion, there will be a corresponding increase in the number of clients waiting for recursion to complete. This may, under certain conditions, lead to an assertion failure and a denial of service. Mitigation Disabling...

7.5CVSS7.2AI score0.15989EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/17 6:5 p.m.•72 views

CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Mitigation This flaw can be mitigated by...

7.8CVSS4.2AI score0.01944EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2022/11/09 6:2 p.m.•72 views

CVE-2022-31008

A flaw was found in RabbitMQ. The shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. In certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable dat...

7.5CVSS0.7AI score0.00307EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/11/06 2:26 p.m.•72 views

CVE-2022-41849

A use-after-free flaw was found in the Linux kernel’s video fbdev driver. This flaw allows a local user with physical access to crash the system...

4.2CVSS3.2AI score0.00309EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/09 1:37 p.m.•72 views

CVE-2022-2598

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not...

5.5CVSS5.4AI score0.00872EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/10 6:58 p.m.•72 views

CVE-2021-42581

A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application...

9.1CVSS6.3AI score0.01325EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/06 4:55 p.m.•72 views

CVE-2022-21479

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

5.5CVSS3AI score0.01597EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/16 11:47 a.m.•72 views

CVE-2020-36518

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

5CVSS7.2AI score0.0486EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/22 4:16 a.m.•72 views

CVE-2022-0708

Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure...

6.5CVSS4.3AI score0.00792EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/17 4:52 p.m.•72 views

CVE-2022-25182

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...

8.8CVSS5.2AI score0.01601EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/15 1:5 p.m.•72 views

CVE-2022-0512

An authorization bypass vulnerability was found in nodes-url-parse. This flaw allows a remote attacker with a basic user account to evade hostname verification by inserting the at symbol "@" at the end of the password field. This issue can allow entry to systems designed to block remote access an...

8.8CVSS3.7AI score0.01782EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/15 4:47 a.m.•72 views

CVE-2022-0585

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file...

7.5CVSS4.4AI score0.02374EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/01/27 1:19 p.m.•72 views

CVE-2021-20323

A flaw has been found in Keycloak. The clients-registrations endpoint allows execution of javascript code on the client-side, which makes it vulnerable to a Cross-Site Scripting attack...

6.1CVSS3AI score0.37246EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2022/01/24 12:42 p.m.•72 views

CVE-2021-3996

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...

5.5CVSS2.6AI score0.00634EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•72 views

CVE-2022-22739

The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...

6.5CVSS2.2AI score0.00679EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2021/08/18 2:32 p.m.•72 views

CVE-2021-29657

A flaw was found in the Linux kernel. A KVM guest on AMD can launch a nested guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nestedsvmvmrun. A malicious guest could use this flaw to gain unrestricted access to host MSRs, possibly leading to guest-to-host esca...

7.8CVSS1.3AI score0.00413EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/16 2:54 p.m.•72 views

CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

8.8CVSS1.3AI score0.00413EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/02 4:50 p.m.•72 views

CVE-2021-35477

A flaw in the Linux kernel allows a privileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel in the eBPF subsystem Mitigation The default Red Hat Enterprise Linux kernel setting prevents unprivileged users from being able to use eBPF vi...

5.5CVSS2.9AI score0.0046EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/28 9:2 a.m.•72 views

CVE-2021-3659

A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. Mitigation To...

5.5CVSS5.7AI score0.00264EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/20 11:44 a.m.•72 views

CVE-2021-3654

A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

6.1CVSS1.1AI score0.26792EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/13 5:52 p.m.•72 views

CVE-2021-35516

A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' Seven...

7.5CVSS3.1AI score0.12697EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2021/06/28 9:16 p.m.•72 views

CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

7.5CVSS2.8AI score0.06001EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/08 6:52 a.m.•72 views

CVE-2021-3575

A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG...

7.8CVSS4.3AI score0.01536EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/26 9:45 a.m.•72 views

CVE-2021-22898

A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text...

3.1CVSS1.4AI score0.04385EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/03/15 7:17 p.m.•72 views

CVE-2021-28375

An issue was discovered in the Linux kernel. Fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages. This is a related issue to CVE-2019-2308. Mitigation Mitigation for this issue is either not available or the currently available optio...

7.8CVSS7.4AI score0.00305EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/15 9:39 a.m.•72 views

CVE-2020-14583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

5.1CVSS2AI score0.04029EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/06/02 5:21 p.m.•72 views

CVE-2020-8165

A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...

7.5CVSS1.4AI score0.45732EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2020/04/05 5:5 p.m.•72 views

CVE-2019-6977

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

8.8CVSS3.6AI score0.65116EPSS
Exploits7References2
RedhatCVE
RedhatCVE
•added 2020/03/06 4:40 p.m.•72 views

CVE-2019-15126

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...

8.8CVSS2.4AI score0.07709EPSS
Exploits9References3
RedhatCVE
RedhatCVE
•added 2024/02/28 8:10 a.m.•71 views

CVE-2024-1597

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value. Mitigation Do not use the connection...

10CVSS9.8AI score0.0481EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/02/02 1:11 a.m.•71 views

CVE-2024-24557

A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a 'FROM scratch' in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulle...

6.9CVSS6.4AI score0.00258EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/30 6:30 p.m.•71 views

CVE-2023-7192

A memory leak problem was found in ctnetlinkcreateconntrack in net/netfilter/nfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow. Mitigation Triggering this issue requires th...

5.5CVSS5.8AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/19 9:45 p.m.•71 views

CVE-2023-6931

A flaw was found in the Linux kernel's Performance Events system component. A condition can be triggered that allows data to be written past the end or before the beginning of the intended memory buffer. This may lead to a system crash, code execution, or local privilege escalation. Mitigation It...

7CVSS7.3AI score0.00715EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/11/15 2:11 p.m.•71 views

CVE-2023-36049

A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease...

9.8CVSS8.7AI score0.12512EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/27 10:28 p.m.•71 views

CVE-2023-45142

A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server's memory by sending many malicious requests, affecting the availability. Mitigation As a workaround to stop being affected otelhttp.WithFilter can be used...

7.5CVSS7.3AI score0.01364EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/27 5:55 p.m.•71 views

CVE-2023-5129

This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863...

8.3AI score0.99735EPSS
Exploits9References5
RedhatCVE
RedhatCVE
•added 2023/09/22 5:54 p.m.•71 views

CVE-2023-2163

An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape. Mitigation The default Red Hat Enterprise Linux kernel...

8.2CVSS8AI score0.03546EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/26 6:48 p.m.•71 views

CVE-2023-2422

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...

5.5CVSS7.5AI score0.00522EPSS
Exploits0References3
Total number of security vulnerabilities5000