Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
added 2024/05/15 6:28 a.m.66 views

CVE-2024-3044

A flaw was found in LibreOffice. Unchecked script execution in graphic on-click binding allows an attacker to create a document, which, without a prompt, will execute scripts built into LibreOffice when clicking a graphic. These scripts were previously deemed trusted but are now deemed untrusted...

7.3CVSS6AI score0.01008EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/04/17 9:32 p.m.66 views

CVE-2024-26911

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fix allocrange error handling code Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root caused the problem that whenever allocrange couldn't find the requir...

5.5CVSS7.6AI score0.00191EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/04/17 1:2 p.m.66 views

CVE-2024-2419

A flaw was found in Keycloak's redirecturi validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291...

7.1CVSS6.7AI score0.0095EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/03/06 9:22 p.m.66 views

CVE-2024-27304

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. T...

8.1CVSS9.8AI score0.01109EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/09/13 5:24 a.m.66 views

CVE-2023-4039

A vulnerability was found in GCC. The GCC's stack protection feature, enabled with the flag -fstack-protector, aims to detect buffer overflows in C/C++ function local variables that might allow an attacker to overwrite saved registers on the stack. If an attacker can modify saved register values,...

6.6AI score0.00666EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2023/09/07 8:40 p.m.66 views

CVE-2023-4206

There are 3 CVEs for the use-after-free flaw found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. A local user could use any of these flaws to crash the system or potentially escalate their privileges on the system...

7.8CVSS7.3AI score0.00565EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2023/08/22 5:50 p.m.66 views

CVE-2023-40267

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

9.8CVSS9AI score0.00984EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/07/05 3:18 p.m.66 views

CVE-2023-30584

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.j...

7.5CVSS7.1AI score0.00379EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/06/05 12:35 p.m.66 views

CVE-2023-29499

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service...

6.2CVSS6.1AI score0.00761EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/05/05 9:21 a.m.66 views

CVE-2023-2319

It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 for PCS package, which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. Th...

9.1CVSS8.4AI score0.01421EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/01/13 7:35 p.m.66 views

CVE-2023-0056

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...

4.3CVSS7.5AI score0.01834EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/12/21 9:36 a.m.66 views

CVE-2022-43551

A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given...

7.5CVSS7.4AI score0.1654EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/07/15 4:7 a.m.66 views

CVE-2022-31107

A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions. Mitigation As a workaround, it is possible to disable any OAuth login or ensure that a...

7.1CVSS4.9AI score0.02039EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/06/28 3:35 a.m.66 views

CVE-2022-32207

A vulnerability was found in curl. This issue occurs because when curl saves cookies, alt-svc, and HSTS data to local files, it makes the operation atomic by finalizing the process with a rename from a temporary name to the final target file name. This flaw leads to unpreserved file permissions,...

9.8CVSS2AI score0.06823EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/06/14 7:29 p.m.66 views

CVE-2022-21166

A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available options...

5.5CVSS6.5AI score0.05899EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/03/24 6:4 p.m.66 views

CVE-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

7.8CVSS3.1AI score0.00615EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/03/22 8:10 a.m.66 views

CVE-2022-1043

A flaw was found in the Linux kernel’s iouring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges...

8.8CVSS4.2AI score0.03718EPSS
Exploits4References5
RedhatCVE
RedhatCVE
added 2022/02/21 5:51 a.m.66 views

CVE-2022-25236

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

9.8CVSS1AI score0.34174EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/11 2:3 p.m.66 views

CVE-2022-23773

A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...

7.5CVSS4.8AI score0.02698EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/01/18 10:0 p.m.66 views

CVE-2022-21293

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS4.7AI score0.08346EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/12/22 5:20 a.m.66 views

CVE-2021-4154

A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...

8.8CVSS2.4AI score0.01206EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2021/10/21 7:17 p.m.66 views

CVE-2021-25742

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...

7.6CVSS1AI score0.01784EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/10/19 9:3 p.m.66 views

CVE-2021-35556

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS2.3AI score0.07819EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/09/28 12:45 p.m.66 views

CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. Mitigation Mitigatio...

9.8CVSS2.5AI score0.04513EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/09/02 6:6 p.m.66 views

CVE-2021-33929

A flaw was found in libsolv. A buffer overflow vulnerability in the pooldisabledsolvable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS4.4AI score0.01441EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/08/10 5:20 p.m.66 views

CVE-2021-34532

ASP.NET Core and Visual Studio Information Disclosure Vulnerability...

5.5CVSS1.4AI score0.01121EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/08/04 6:23 p.m.66 views

CVE-2021-22147

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view...

6.5CVSS2.5AI score0.01004EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/06/23 8:25 a.m.66 views

CVE-2020-5404

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

6.5CVSS1.8AI score0.00653EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/06/18 10:50 a.m.66 views

CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

7.5CVSS2.8AI score0.03074EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/06/11 5:12 p.m.66 views

CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS3.6AI score0.7848EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2021/05/20 11:21 a.m.66 views

CVE-2021-31806

An incorrect input validation flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently...

6.5CVSS2AI score0.95785EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2021/05/13 5:56 a.m.66 views

CVE-2020-24587

A flaw was found in the Linux kernel's WiFi implementation. An attacker within the wireless range can abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating them as valid. This flaw allows an attacker to send a fragment under a...

3.1CVSS1.2AI score0.02592EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2021/03/31 7:14 p.m.66 views

CVE-2021-29650

A denial-of-service DoS flaw was identified in the Linux kernel due to an incorrect memory barrier in xtreplacetable in net/netfilter/xtables.c in the netfilter subsystem. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat Product...

5.5CVSS6.3AI score0.00413EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/02/07 3:15 p.m.66 views

CVE-2017-5664

A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Mitigation If it is necessary to have the DefaultServlet propert...

7.5CVSS0.4AI score0.16567EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/09/07 9:49 a.m.66 views

CVE-2020-3897

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution...

9.3CVSS3.3AI score0.04369EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/01/15 3:43 a.m.66 views

CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS4.5AI score0.03749EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/11/07 10:14 p.m.66 views

CVE-2017-10295

It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additiona...

4.3CVSS1.3AI score0.02199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/10/08 10:39 p.m.66 views

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

7.5CVSS2.4AI score0.83645EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2019/03/01 6:49 a.m.66 views

CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\\1\\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

7.5CVSS7.3AI score0.05804EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2018/06/27 8:49 a.m.66 views

CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was...

9.8CVSS2.8AI score0.20985EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/03/03 3:19 p.m.66 views

CVE-2017-6353

It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service invalid unlock and double free via a multithreaded application. This...

7.1CVSS4.5AI score0.01162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/01/25 4:17 p.m.66 views

CVE-2016-7480

The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...

9.8CVSS9.4AI score0.41558EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.65 views

CVE-2022-31619

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...

8.8CVSS7.5AI score0.01256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/19 7:43 a.m.65 views

CVE-2025-10750

The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the moepbradminobserver function hooked ...

5.3CVSS5.4AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 a.m.65 views

CVE-2019-14221

1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation...

5.4CVSS5.7AI score0.01709EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2024/08/27 6:59 p.m.65 views

CVE-2024-43788

A DOM Clobbering vulnerability was found in Webpack via AutoPublicPathRuntimeModule. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the...

6.1CVSS5.8AI score0.00897EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2024/05/06 5:55 p.m.65 views

CVE-2024-4438

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

7.5CVSS8.2AI score0.99999EPSS
Exploits19References3
RedhatCVE
RedhatCVE
added 2024/01/16 11:57 a.m.65 views

CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.8AI score0.01614EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/11/10 9:44 p.m.65 views

CVE-2021-41411

A flaw was found in the XML external entity injection vulnerability in the KieModuleMarshaller.java module of drools-compiler. This issue may lead to the disclosure of sensitive information...

9.8CVSS9.3AI score0.01193EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/11/08 8:46 p.m.65 views

CVE-2023-39197

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking conntrack in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol...

4CVSS6.6AI score0.00976EPSS
Exploits0References3
Total number of security vulnerabilities5000