Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2022/11/18 9:56 a.m.•65 views

CVE-2022-3566

A vulnerability was found in the tcp subsystem in the Linux Kernel, due to a data race around icsk-icskafops. This issue could allow an attacker to leak internal kernel information. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red H...

7.1CVSS6.7AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/28 6:2 p.m.•65 views

CVE-2022-3715

A flaw was found in the bash package, where a heap-buffer overflow can occur in validparametertransform. This issue may lead to memory problems...

6.6CVSS2.9AI score0.00356EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/10/20 6:47 a.m.•65 views

CVE-2022-43401

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS4.5AI score0.01211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/26 4:48 a.m.•65 views

CVE-2022-35951

An Integer Overflow attack vulnerability was found in Redis, an in-memory database that persists on disk. Executing a XAUTOCLAIM command on a stream key in a specific state with a specially crafted COUNT argument may cause an integer overflow, and a subsequent heap overflow, potentially leading t...

9.8CVSS6AI score0.02904EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/23 6:18 p.m.•65 views

CVE-2022-31197

A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...

8CVSS3.2AI score0.01662EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/08/25 1:40 p.m.•65 views

CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

3.6CVSS2.1AI score0.00307EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/15 10:33 a.m.•65 views

CVE-2022-32148

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

6.5CVSS2.2AI score0.01103EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/07/13 4:44 a.m.•65 views

CVE-2022-23816

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

5.6CVSS2.5AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/29 8:5 p.m.•65 views

CVE-2022-2256

A Stored Cross-site scripting XSS vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

3.8CVSS3.3AI score0.00572EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/19 4:18 a.m.•65 views

CVE-2022-30065

A flaw was found in BusyBox. It did not properly sanitize while processing a crafted awk pattern, leading to possible code execution...

7.8CVSS2.4AI score0.01167EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/05/17 3:1 p.m.•65 views

CVE-2022-24823

CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled. Mitigation As a workaround, speci...

6.2CVSS6.4AI score0.01777EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2022/05/16 2:31 p.m.•65 views

CVE-2021-33117

A flaw was found in hw. Improper access control for some third-generation IntelR XeonR Scalable processors before BIOS version MR7 may potentially allow a local attacker to enable information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currentl...

6.5CVSS5.4AI score0.00306EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/10 8:0 p.m.•65 views

CVE-2022-1662

A flaw was found in convert2rhel, where an Ansible playbook named ansible/run-convert2rhel.yml passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This flaw allows unauthorized local users to view the password via the process list while convert2rhel is running...

5.9CVSS2.9AI score0.00203EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/07 2:6 p.m.•65 views

CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Mitigation Ensure the following global smb.conf parameters are set to their default values as show...

6.8CVSS7.5AI score0.01752EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/30 1:9 p.m.•65 views

CVE-2021-45417

A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large 16k extended file attributes or ACL...

7.8CVSS5.2AI score0.00493EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/26 6:54 a.m.•65 views

CVE-2022-27380

A flaw was found in MariaDB. The component, mydecimal::operator=, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

7.5CVSS5.1AI score0.02264EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/15 11:42 a.m.•65 views

CVE-2022-26490

A buffer overflow flaw was found in the Linux kernel’s NFC protocol functionality. This flaw allows a local user to crash or escalate their privileges on the system...

7.8CVSS3.7AI score0.00432EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/22 5:20 a.m.•65 views

CVE-2022-0696

A NULL pointer dereference flaw was found in vim's finducmd function of usercmd.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference. This issue leads to an application crash, causing a denial of service. Mitigation Untrusted vim...

6.2CVSS2.9AI score0.01525EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/22 4:20 a.m.•65 views

CVE-2021-44575

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. Al...

4.3CVSS6.7AI score0.01313EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/17 3:22 p.m.•65 views

CVE-2022-0629

A stack-based buffer overflow flaw was found in vim's gaconcatshortenesc function of src/testing.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a stack-overflow. This issue can lead to an application crash, causing a denial of service. Mitigation...

8.4CVSS3.3AI score0.01806EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/17 9:49 a.m.•65 views

CVE-2021-42550

A flaw was found in the logback package. When using a specially-crafted configuration, this issue could allow a remote authenticated attacker to execute arbitrary code loaded from LDAP servers...

8.5CVSS7.2AI score0.04439EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2021/11/26 2:21 p.m.•65 views

CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data...

5.1CVSS6AI score0.00515EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2021/10/20 6:48 p.m.•65 views

CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

7.5CVSS0.1AI score0.0982EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/12 12:17 p.m.•65 views

CVE-2021-3764

A memory leak flaw was found in the Linux kernel's ccprunaesgcmcmd function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is...

5.5CVSS1.7AI score0.00329EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/11 4:20 a.m.•65 views

CVE-2021-29980

Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

8.8CVSS2.8AI score0.01406EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/20 2:20 p.m.•65 views

CVE-2020-36427

There's a flaw in gThumb. An attacker who is able to trick a victim into opening a specially crafted file with gThumb could trigger a crash via assertion failure or memory leak. The greatest impact of this flaw is to application availability...

5.5CVSS3.4AI score0.00708EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/08 4:56 p.m.•65 views

CVE-2021-21806

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability...

8.8CVSS4.7AI score0.02824EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/06/25 6:33 p.m.•65 views

CVE-2021-27021

A flaw was discovered in puppet. An escalation of privileges which allows the user to delete tables via an SQL query is possible in Puppet DB. The highest threat from this vulnerability is to system availability and integrity...

8.9CVSS3.2AI score0.01262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/06/10 6:23 p.m.•65 views

CVE-2017-12621

An XML External Entity XXE Injection vulnerability was found in Commons Jelly library. If a custom doctype entity is declared with a SYSTEM entity with a URL and that entity is used in the body of the Jelly file, the parser will attempt to connect to provided URL...

9.8CVSS4AI score0.08536EPSS
Exploits3References2
RedhatCVE
RedhatCVE
•added 2021/04/20 3:20 a.m.•65 views

CVE-2021-23961

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 85...

7.4CVSS0.7AI score0.01323EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/22 8:28 p.m.•65 views

CVE-2021-28964

A race condition flaw was found in getoldroot in fs/btrfs/ctree.c in the Linux kernel in btrfs file-system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this...

4.7CVSS6.1AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/07 1:19 p.m.•65 views

CVE-2019-8783

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary...

8.8CVSS2.4AI score0.01952EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/09 3:19 a.m.•65 views

CVE-2019-19054

A flaw was found in the Linux kernel. The CX23888 Integrated Consumer Infrared Controller probe code handles resource cleanup low memory conditions. A local attacker able to induce low memory conditions could use this flaw to crash the system. The highest threat from this vulnerability is to syst...

4.7CVSS0.7AI score0.00446EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/04 5:27 p.m.•65 views

CVE-2018-20676

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

6.1CVSS6.1AI score0.03835EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/03/30 2:31 p.m.•65 views

CVE-2020-8832

An information disclosure flaw was found in the Linux kernel. The original fix for CVE-2019-14615 was deemed to be incomplete. The i915 graphics driver lacks control of flow for data structures which may allow a local, authenticated user to disclose information when using ioctl commands with an...

5.5CVSS0.2AI score0.01447EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/01/14 3:25 a.m.•65 views

CVE-2018-1108

A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated...

5.9CVSS2.4AI score0.01825EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2019/11/13 7:7 a.m.•65 views

CVE-2019-18683

A flaw was found in the Linux kernel. Multiple race conditions were found in the vivid driver leading to privilege escalation and in at least one case a use-after-free condition. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.2AI score0.00985EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2019/10/23 7:51 p.m.•65 views

CVE-2019-18348

A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection e.g. through urlopen or HTTPConnection. An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and HTTP headers by...

6.5CVSS7AI score0.03513EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/10/10 2:30 p.m.•65 views

CVE-2019-16233

A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to allocworkqueue return was not validated and can cause a denial of service. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this...

4.7CVSS6.6AI score0.00381EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2019/01/22 9:50 p.m.•65 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS2AI score0.19404EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2017/08/14 8:49 a.m.•65 views

CVE-2017-10661

A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'mightcancel' queuing. An unprivileged local user...

7.6CVSS3.5AI score0.13378EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2016/09/01 8:19 a.m.•65 views

CVE-2016-5164

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

6.5CVSS3.9AI score0.01042EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2025/04/12 12:1 a.m.•64 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS7.2AI score0.87776EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2024/10/08 10:24 p.m.•64 views

CVE-2024-8928

A flaw was found in PHP. Erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed, violating data integrity...

9.4AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/14 6:1 p.m.•64 views

CVE-2023-6291

A flaw was found in the redirecturi validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. Mitigation Mitigation for this issue...

7.1CVSS6.5AI score0.0095EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/21 11:10 p.m.•64 views

CVE-2023-6209

The Mozilla Foundation Security Advisory describes this flaw as: Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites...

6.1CVSS6.2AI score0.01406EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/05 8:25 a.m.•64 views

CVE-2023-5345

A flaw was found in the SMB client component in the Linux kernel. In case of an error in smb3fscontextparseparam, ctx-password was freed, but the field was not set to NULL, potentially leading to a use-after-free vulnerability. This flaw allows a local user to crash or potentially escalate their...

7.8CVSS7.4AI score0.0047EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/02 7:55 p.m.•64 views

CVE-2023-34034

A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information...

8.1CVSS9.1AI score0.03465EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/08/08 5:21 p.m.•64 views

CVE-2023-34454

A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...

5.9CVSS6.9AI score0.01469EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/30 12:18 p.m.•64 views

CVE-2023-4004

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nftpipaporemove function with the element, without a NFTSETEXTKEYEND. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Mitigation This flaw...

7.8CVSS7.6AI score0.0095EPSS
Exploits0References4
Total number of security vulnerabilities5000