Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2023/11/10 9:44 p.m.•65 views

CVE-2021-41411

A flaw was found in the XML external entity injection vulnerability in the KieModuleMarshaller.java module of drools-compiler. This issue may lead to the disclosure of sensitive information...

9.8CVSS9.3AI score0.01193EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/20 12:25 p.m.•65 views

CVE-2023-42752

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skbsharedinfo in the userspace, which is exploitable in systems without SMAP protection since skbsharedinfo contains references to function pointers...

5.5CVSS7.6AI score0.00266EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/04/26 6:22 a.m.•65 views

CVE-2023-29007

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

7.8CVSS7.3AI score0.06079EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2023/03/21 1:13 p.m.•65 views

CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

4.3CVSS9.3AI score0.01993EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/06 8:59 a.m.•65 views

CVE-2023-1192

A use-after-free flaw was found in smb2isstatusiotimeout in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region,...

6.5CVSS6.7AI score0.01094EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/27 6:30 p.m.•65 views

CVE-2023-1074

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. Mitigation To...

5.5CVSS6.1AI score0.00236EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/07 5:28 p.m.•65 views

CVE-2022-4450

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

7.5CVSS6.6AI score0.20444EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/08 6:4 p.m.•65 views

CVE-2022-45934

An integer overflow flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user generates malicious L2CAPCONFREQ packets. This flaw allows a local or bluetooth connection user to crash the system. Mitigation To mitigate these vulnerabilities on the operating system level,...

6.5CVSS8.3AI score0.00747EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/18 9:56 a.m.•65 views

CVE-2022-3566

A vulnerability was found in the tcp subsystem in the Linux Kernel, due to a data race around icsk-icskafops. This issue could allow an attacker to leak internal kernel information. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red H...

7.1CVSS6.7AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/20 6:47 a.m.•65 views

CVE-2022-43401

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS4.5AI score0.01211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/28 1:49 p.m.•65 views

CVE-2022-35256

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a...

6.5CVSS3.2AI score0.02587EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/26 4:48 a.m.•65 views

CVE-2022-35951

An Integer Overflow attack vulnerability was found in Redis, an in-memory database that persists on disk. Executing a XAUTOCLAIM command on a stream key in a specific state with a specially crafted COUNT argument may cause an integer overflow, and a subsequent heap overflow, potentially leading t...

9.8CVSS6AI score0.02904EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/22 6:21 p.m.•65 views

CVE-2022-39190

A flaw was found in net/netfilter/nftablesapi.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat Product Security criteria comprising eas...

5.5CVSS1AI score0.00308EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/02 10:13 a.m.•65 views

CVE-2022-32189

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability. Mitigation Mitigation for this issu...

6.5CVSS7AI score0.0198EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/07/15 5:4 a.m.•65 views

CVE-2022-29187

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by...

7.8CVSS4.6AI score0.00782EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/13 4:44 a.m.•65 views

CVE-2022-23816

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

5.6CVSS2.5AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/06 4:55 p.m.•65 views

CVE-2022-21454

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS2.3AI score0.0133EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/30 1:9 p.m.•65 views

CVE-2021-45417

A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large 16k extended file attributes or ACL...

7.8CVSS5.2AI score0.00493EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/31 8:47 p.m.•65 views

CVE-2022-1195

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service DOS when the mkiss or sixpack device is detached and reclaim resources early. Mitigation Mitigation for this issue is either n...

5.5CVSS2.3AI score0.00229EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2022/03/09 4:57 p.m.•65 views

CVE-2022-24723

An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation...

5.3CVSS5.4AI score0.01995EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/22 5:20 a.m.•65 views

CVE-2022-0696

A NULL pointer dereference flaw was found in vim's finducmd function of usercmd.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference. This issue leads to an application crash, causing a denial of service. Mitigation Untrusted vim...

6.2CVSS2.9AI score0.01525EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/17 4:52 p.m.•65 views

CVE-2022-25179

A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...

6.5CVSS3.6AI score0.01758EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/15 4:42 a.m.•65 views

CVE-2022-0583

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

7.5CVSS3.4AI score0.01839EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/01/26 2:43 p.m.•65 views

CVE-2022-22932

A flaw was found in the Apache Karaf obr: command, where a partial path traversal issue allows a break out of the expected folder. This entry is set by the user...

5.4CVSS3.7AI score0.0283EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/17 5:36 p.m.•65 views

CVE-2022-0264

A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating som...

5.5CVSS6AI score0.00255EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/17 9:49 a.m.•65 views

CVE-2021-42550

A flaw was found in the logback package. When using a specially-crafted configuration, this issue could allow a remote authenticated attacker to execute arbitrary code loaded from LDAP servers...

8.5CVSS7.2AI score0.04439EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2021/10/20 6:48 p.m.•65 views

CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

7.5CVSS0.1AI score0.0982EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/24 11:10 a.m.•65 views

CVE-2021-21239

A verification flaw was found in python-pysaml2, where it did not ensure that a signed SAML document was correctly signed. The default CryptoBackendXmlSec1 backend uses the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within...

6.5CVSS1.1AI score0.0118EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2021/08/26 8:25 a.m.•65 views

CVE-2021-3739

A NULL pointer dereference flaw was found in the btrfsrmdevice function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAPSYSADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability...

7.1CVSS0.3AI score0.00582EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/11 6:57 p.m.•65 views

CVE-2020-21676

A stack-based buffer overflow in the genpstrxtext component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pstricks format...

5.5CVSS4.6AI score0.0107EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/20 2:20 p.m.•65 views

CVE-2020-36427

There's a flaw in gThumb. An attacker who is able to trick a victim into opening a specially crafted file with gThumb could trigger a crash via assertion failure or memory leak. The greatest impact of this flaw is to application availability...

5.5CVSS3.4AI score0.00708EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/15 12:51 a.m.•65 views

CVE-2021-25740

A flaw was found in Kubernetes. This issue enables users to send network traffic to locations they would otherwise not have access to via a confused deputy attack...

3.5CVSS4.4AI score0.01815EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/13 5:57 p.m.•65 views

CVE-2021-36090

A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' zip...

7.5CVSS2.8AI score0.13292EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2021/07/12 7:46 p.m.•65 views

CVE-2021-30639

A flaw was found in Apache Tomcat. This flaw allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This mean...

7.5CVSS2.4AI score0.06889EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/08 4:56 p.m.•65 views

CVE-2021-21806

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability...

8.8CVSS4.7AI score0.02824EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/07 5:48 p.m.•65 views

CVE-2021-35039

A flaw incorrect handle of boot param module.sigenforce=1 in the Linux kernel modules sign verification functionality was found in the way user boot with this param enabled and both if kernel compiled with param CONFIGMODULESIG unset, then user still can load unsigned module even param...

7.8CVSS1.6AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/06/25 6:33 p.m.•65 views

CVE-2021-27021

A flaw was discovered in puppet. An escalation of privileges which allows the user to delete tables via an SQL query is possible in Puppet DB. The highest threat from this vulnerability is to system availability and integrity...

8.9CVSS3.2AI score0.01262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/19 12:26 a.m.•65 views

CVE-2020-26147

A flaw was found in ieee80211rxhdefragment in net/mac80211/rx.c in the Linux Kernel's WiFi implementation. This vulnerability can be abused to inject packets or exfiltrate selected fragments when another device sends fragmented frames, and the WEP, CCMP, or GCMP data-confidentiality protocol is...

5.4CVSS0.8AI score0.07604EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/13 5:56 a.m.•65 views

CVE-2020-24586

A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device...

4.3CVSS1.1AI score0.05765EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/02/08 1:33 p.m.•65 views

CVE-2020-36242

A buffer-overflow flaw was found in the python-cryptography package. In certain sequences of update calls when symmetrically encrypting very large payloads 2GB could result in an integer overflow, leading to buffer overflows. Note: This fix is a workaround for the OpenSSL CVE-2021-23840 flaw...

9.1CVSS7.8AI score0.50732EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/09/07 1:19 p.m.•65 views

CVE-2019-8783

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary...

8.8CVSS2.4AI score0.01952EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/09 3:19 a.m.•65 views

CVE-2019-19054

A flaw was found in the Linux kernel. The CX23888 Integrated Consumer Infrared Controller probe code handles resource cleanup low memory conditions. A local attacker able to induce low memory conditions could use this flaw to crash the system. The highest threat from this vulnerability is to syst...

4.7CVSS0.7AI score0.00446EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/08 5:29 a.m.•65 views

CVE-2019-11884

A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol HIDP. A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the dohidpsockioctl function in net/bluetooth/hidp/sock.c.c. This function can leak...

6.8CVSS2.7AI score0.00495EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/04 5:27 p.m.•65 views

CVE-2018-20676

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

6.1CVSS6.1AI score0.03835EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/01/19 9:51 p.m.•65 views

CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

7.8CVSS4.2AI score0.01087EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2020/01/14 3:25 a.m.•65 views

CVE-2018-1108

A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated...

5.9CVSS2.4AI score0.01825EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2019/12/26 10:17 a.m.•65 views

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

6.5CVSS3.1AI score0.07473EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2019/12/10 8:18 a.m.•65 views

CVE-2019-19338

A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is not affected by the MDS issue MDSNO=1, the guest was to...

6.5CVSS1.4AI score0.03133EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2019/11/13 7:7 a.m.•65 views

CVE-2019-18683

A flaw was found in the Linux kernel. Multiple race conditions were found in the vivid driver leading to privilege escalation and in at least one case a use-after-free condition. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.2AI score0.00985EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2019/10/10 2:30 p.m.•65 views

CVE-2019-16233

A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to allocworkqueue return was not validated and can cause a denial of service. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this...

4.7CVSS6.6AI score0.00381EPSS
Exploits0References4
Total number of security vulnerabilities5000