Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
added 2022/02/17 6:50 a.m.67 views

CVE-2022-25265

A vulnerability was found in the Linux kernel when certain binary files have the exec-all attribute with gcc. This issue can cause the execution of bytes located in the non-executable regions of a file. Mitigation Mitigation for this issue is either not available or the currently available option...

7.8CVSS2.4AI score0.01054EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2021/12/22 5:20 a.m.67 views

CVE-2021-4154

A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...

8.8CVSS2.4AI score0.01206EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2021/09/28 12:45 p.m.67 views

CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. Mitigation Mitigatio...

9.8CVSS2.5AI score0.04513EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/09/07 2:41 p.m.67 views

CVE-2021-40490

A flaw was found in the Linux kernel. A race condition was discovered in the ext4 subsystem. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Mitigation for this issue is either not available or the currently available...

7CVSS1.3AI score0.00303EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/09/02 6:6 p.m.67 views

CVE-2021-33929

A flaw was found in libsolv. A buffer overflow vulnerability in the pooldisabledsolvable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS4.4AI score0.01441EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/08/10 5:20 p.m.67 views

CVE-2021-34532

ASP.NET Core and Visual Studio Information Disclosure Vulnerability...

5.5CVSS1.4AI score0.01121EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/08/04 6:23 p.m.67 views

CVE-2021-22147

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view...

6.5CVSS2.5AI score0.01004EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/08/03 4:44 p.m.67 views

CVE-2021-3679

A lack of CPU resources in the Linux kernel tracing module functionality was found in the way users use the trace ring buffer in specific way. Only privileged local users with CAPSYSADMIN capability could use this flaw to starve the resources causing denial of service. Mitigation Mitigation for...

5.5CVSS2.2AI score0.00734EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/07/30 10:20 a.m.67 views

CVE-2021-0144

A flaw was found in the Linux kernel. The Intel BIOS Shared SW Architecture BSSA Design for Test DFT feature may allow escalation of privilege in the customer build time configuration. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

7.5CVSS2.4AI score0.00327EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/07/13 5:57 p.m.67 views

CVE-2021-36090

A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' zip...

7.5CVSS2.8AI score0.13292EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2021/07/06 5:20 p.m.67 views

CVE-2021-36086

The CIL compiler in SELinux 3.2 has a use-after-free in cilresetclasspermission called from cilresetclasspermsset and cilresetclasspermslist...

3.3CVSS5.2AI score0.00592EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/06/22 3:59 p.m.67 views

CVE-2021-0605

A flaw was found in the way the Linux kernel's pfkeydump function trusted the provided filter size parameters. A local, sufficiently privileged user could use this flaw to leak information from the kernel. Mitigation If the CAPNETADMIN capability is privileged by default which is true for Red Hat...

4.9CVSS1.9AI score0.00201EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/06/21 3:38 p.m.67 views

CVE-2021-3609

A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. Mitigation As the CAN module will be auto-loaded when required, its use can be disabled by preventing t...

7CVSS0.3AI score0.00431EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/06/18 10:50 a.m.67 views

CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

7.5CVSS2.8AI score0.03074EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/06/08 8:13 p.m.67 views

CVE-2020-24512

Observable timing discrepancy in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

3.3CVSS3.7AI score0.00383EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/05/20 11:21 a.m.67 views

CVE-2021-31806

An incorrect input validation flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently...

6.5CVSS2AI score0.95785EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2021/05/13 6:48 a.m.67 views

CVE-2020-26139

Frames used for authentication and key management between the AP and connected clients. Some clients may take these redirected frames masquerading as control mechanisms from the AP. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the R...

5.3CVSS1.6AI score0.06487EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/04/29 3:48 a.m.67 views

CVE-2021-25216

A flaw was found in bind. The SPNEGO implementation used by BIND, which is a negotiation mechanism used by GSSAPI to support the secure exchange of keys used to verify the authenticity of communications between parties on a network, is subject to a buffer overflow attack. The highest threat from...

9.8CVSS9.1AI score0.83406EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/04/01 11:38 a.m.67 views

CVE-2021-3481

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelperp.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics SVG file this flaw may lead to an unauthorized memory access. The highest threat...

7.1CVSS1AI score0.00511EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/12/01 12:31 p.m.67 views

CVE-2020-28974

An out-of-bounds OOB SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest...

6.1CVSS6.4AI score0.00511EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/10/06 9:20 p.m.67 views

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

5CVSS1.3AI score0.05029EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2020/09/07 9:49 a.m.67 views

CVE-2020-3897

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution...

9.3CVSS3.3AI score0.04369EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/04/07 4:56 a.m.67 views

CVE-2019-10092

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation. Mitigation This flaw is only exploitable ...

6.1CVSS0.5AI score0.81466EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2020/02/03 9:12 p.m.67 views

CVE-2020-7059

When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

9.1CVSS1.4AI score0.07402EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2019/12/11 12:21 p.m.67 views

CVE-2019-19339

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure...

6.5CVSS0.3AI score0.00915EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/05/29 10:50 a.m.67 views

CVE-2016-4607

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

9.8CVSS7AI score0.05146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/04/02 11:19 a.m.67 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS1AI score0.1786EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 a.m.66 views

CVE-2019-14221

1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation...

5.4CVSS5.7AI score0.01709EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/04/16 8:52 a.m.66 views

CVE-2025-21587

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle...

7.4CVSS7AI score0.0073EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/08/27 6:59 p.m.66 views

CVE-2024-43788

A DOM Clobbering vulnerability was found in Webpack via AutoPublicPathRuntimeModule. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the...

6.1CVSS5.8AI score0.00897EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2024/03/06 9:22 p.m.66 views

CVE-2024-27304

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. T...

8.1CVSS9.8AI score0.01109EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2024/01/16 11:57 a.m.66 views

CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.8AI score0.01614EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/12/25 10:30 p.m.66 views

CVE-2023-51765

A flaw was found in some SMTP server configurations in Sendmail. This issue may allow a remote attacker to break out of the email message data to "smuggle" SMTP commands and send spoofed emails that pass SPF checks. Mitigation Mitigation for this issue is either not available or the currently...

5.3CVSS5AI score0.01073EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2023/11/08 8:46 p.m.66 views

CVE-2023-39197

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking conntrack in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol...

4CVSS6.6AI score0.00976EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/09/20 12:25 p.m.66 views

CVE-2023-42752

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skbsharedinfo in the userspace, which is exploitable in systems without SMAP protection since skbsharedinfo contains references to function pointers...

5.5CVSS7.6AI score0.00266EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/03/21 1:13 p.m.66 views

CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

4.3CVSS9.3AI score0.01993EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/03/06 8:59 a.m.66 views

CVE-2023-1192

A use-after-free flaw was found in smb2isstatusiotimeout in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region,...

6.5CVSS6.7AI score0.01094EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/02/07 5:28 p.m.66 views

CVE-2022-4450

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

7.5CVSS6.6AI score0.20444EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/01/16 9:6 a.m.66 views

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

5.5CVSS5.3AI score0.00523EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/12/21 9:36 a.m.66 views

CVE-2022-43551

A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given...

7.5CVSS7.4AI score0.1654EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/09/28 1:49 p.m.66 views

CVE-2022-35256

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a...

6.5CVSS3.2AI score0.02587EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/08/02 10:13 a.m.66 views

CVE-2022-32189

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability. Mitigation Mitigation for this issu...

6.5CVSS7AI score0.0198EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2022/07/15 5:4 a.m.66 views

CVE-2022-29187

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by...

7.8CVSS4.6AI score0.00782EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/07/15 4:7 a.m.66 views

CVE-2022-31107

A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions. Mitigation As a workaround, it is possible to disable any OAuth login or ensure that a...

7.1CVSS4.9AI score0.02039EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/06/14 7:29 p.m.66 views

CVE-2022-21166

A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available options...

5.5CVSS6.5AI score0.05899EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/06 4:55 p.m.66 views

CVE-2022-21454

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS2.3AI score0.01407EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/03/09 4:57 p.m.66 views

CVE-2022-24723

An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation...

5.3CVSS5.4AI score0.01995EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/02/15 4:42 a.m.66 views

CVE-2022-0583

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

7.5CVSS3.4AI score0.01839EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/02/11 2:3 p.m.66 views

CVE-2022-23773

A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...

7.5CVSS4.8AI score0.02698EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/01/26 2:43 p.m.66 views

CVE-2022-22932

A flaw was found in the Apache Karaf obr: command, where a partial path traversal issue allows a break out of the expected folder. This entry is set by the user...

5.4CVSS3.7AI score0.0283EPSS
Exploits0References3
Total number of security vulnerabilities5000