Lucene search
K
RedhatcveMost viewed

206360 matches found

RedhatCVE
RedhatCVE
•added 2019/07/22 2:36 p.m.•63 views

CVE-2019-10173

It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...

9.8CVSS6AI score0.94774EPSS
Exploits9References2
RedhatCVE
RedhatCVE
•added 2017/09/07 2:48 p.m.•63 views

CVE-2017-12611

It was found that Freemarker in Struts would permit using read-only properties in value assignment of tag expressions. An attacker could use this to execute arbitrary code...

9.8CVSS3.5AI score0.8802EPSS
Exploits6References2
RedhatCVE
RedhatCVE
•added 2017/02/09 3:48 p.m.•63 views

CVE-2017-3159

It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack...

9.8CVSS4.2AI score0.06286EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2017/02/07 9:22 a.m.•63 views

CVE-2017-5897

An issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. At this time we understand no trust barrier has been crossed and there is no security implications in this flaw...

9.8CVSS5.5AI score0.04953EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/07/12 8:48 a.m.•63 views

CVE-2016-5696

It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the chang...

5.8CVSS1.1AI score0.15073EPSS
Exploits3References2
RedhatCVE
RedhatCVE
•added 2016/06/27 6:49 a.m.•63 views

CVE-2016-4998

An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt. The function call is normally restricted to root, however some processes with capsysadmin may also be able to trigger this flaw in privileged container environments...

7.1CVSS2.7AI score0.01885EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/03/30 3:30 p.m.•62 views

CVE-2025-29928

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

8CVSS7.1AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/05/03 8:53 a.m.•62 views

CVE-2024-34144

A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including...

9.8CVSS7.5AI score0.48081EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/04/26 6:4 a.m.•62 views

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

6.8CVSS6.2AI score0.02868EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/03/27 8:32 a.m.•62 views

CVE-2024-2955

A flaw was found in the T.38 dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a use-after-free problem, resulting in a denial of service...

6.5CVSS7.4AI score0.01403EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/03/13 9:45 p.m.•62 views

CVE-2024-26629

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASELOCKOWNER The test on socount in nfsd4releaselockowner is nonsense and harmful. Revert to using checkforlocks, changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/09 2:59 a.m.•62 views

CVE-2023-4639

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS6.5AI score0.01117EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/18 10:58 p.m.•62 views

CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. Mitigation Mitigation for...

4.8CVSS5.9AI score0.00449EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/06 9:47 a.m.•62 views

CVE-2023-46218

A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set "super cookies" in curl that are passed back to more origins than what is otherwise allowed or possible...

5.3CVSS6.2AI score0.01685EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/11/30 3:26 a.m.•62 views

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

7.5CVSS8.6AI score0.8581EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2023/11/09 11:45 p.m.•62 views

CVE-2023-39913

An input validation flaw was found in Apache UIMA. This issue may allow a remote attacker to execute arbitrary code, compromising the confidentiality, integrity, and availability of affected systems...

8.8CVSS8AI score0.01471EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/08/29 6:45 a.m.•62 views

CVE-2020-22219

A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwritergrow function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder. Mitigation Mitigation for this issue is either not available or the current...

7.8CVSS7.9AI score0.00749EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/08/22 7:49 a.m.•62 views

CVE-2023-32559

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...

7.5CVSS8.8AI score0.01484EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/06/30 7:17 a.m.•62 views

CVE-2023-32435

A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution. Mitigation This vulnerability can be mitigated by setting the environment variable JSCuseWebAssembly=0, which will disable support for WebAssembly. It's not necessary...

8.8CVSS8.8AI score0.22951EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/06/29 5:17 p.m.•62 views

CVE-2023-3338

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system...

6.5CVSS6.3AI score0.08091EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2023/06/21 4:24 p.m.•62 views

CVE-2023-25194

A flaw was found in Apache Kafka Connect's REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a...

8.8CVSS7.6AI score0.95302EPSS
Exploits8References5
RedhatCVE
RedhatCVE
•added 2023/05/24 6:10 a.m.•62 views

CVE-2023-32697

A flaw was found in SQLite-JDBC. A vulnerability found JDBC URL allowed a malicious user to cause Remote Code Execution RCE...

8.8CVSS7.3AI score0.01592EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/30 7:21 a.m.•62 views

CVE-2023-2430

A vulnerability was found due to a missing lock for the IOPOLL in iocqringeventoverflow in iouring.c in the Linux kernel. This flaw allows a local attacker with user privileges to trigger a denial of service. Mitigation Mitigation for this issue is either not available or the currently available...

6.6CVSS5.9AI score0.00163EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/26 6:17 a.m.•62 views

CVE-2023-25652

A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to git apply --reject; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch...

7.5CVSS7.1AI score0.52164EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/30 1:0 p.m.•62 views

CVE-2023-0225

A vulnerability was found in Samba. This security issue occurs as an incomplete access check on the dnsHostName allows authenticated but otherwise, unprivileged users to delete this attribute from any object in the directory...

4.3CVSS5.7AI score0.00719EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/24 6:11 p.m.•62 views

CVE-2021-3923

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdmacm device node. While this access is unlikely to leak sensitive user information, it can be...

3.3CVSS5.3AI score0.00199EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/21 1:13 p.m.•62 views

CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

3.7CVSS9.3AI score0.02195EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/02/07 5:28 p.m.•62 views

CVE-2023-0215

A use-after-free vulnerability was found in OpenSSL's BIOnewNDEF function. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be...

7.5CVSS6.7AI score0.04494EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/31 9:6 a.m.•62 views

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected. Mitigation Mitigation f...

7CVSS5.7AI score0.00198EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/24 5:37 a.m.•62 views

CVE-2023-24021

A vulnerability was found in ModSecurity. This issue occurs when FILESTMPCONTENT lacks complete content, which can lead to a Web Application Firewall bypass...

7.5CVSS7.3AI score0.00906EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/26 1:4 p.m.•62 views

CVE-2022-41765

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users...

5.3CVSS2.1AI score0.00641EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/16 6:5 p.m.•62 views

CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

8.1CVSS2.8AI score0.00454EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/23 7:26 p.m.•62 views

CVE-2022-42896

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

8.1CVSS8.1AI score0.02014EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/09 2:26 p.m.•62 views

CVE-2022-42252

A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack...

4.8CVSS1.5AI score0.01448EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/01 12:26 p.m.•62 views

CVE-2022-3705

A use-after-free flaw was found in the qfupdatebuffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code...

7CVSS3.2AI score0.01196EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/24 9:17 a.m.•62 views

CVE-2022-41218

A use-after-free flaw was found in the Linux kernel’s dvb-core subsystem DVB API used by Digital TV devices in how a user physically removed a USB device such as a DVB demultiplexer device while running malicious code. This flaw allows a local user to crash or potentially escalate their privilege...

5.5CVSS6.4AI score0.00778EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/10/05 8:0 a.m.•62 views

CVE-2022-34917

A flaw was found in Apache Kafka that allows malicious unauthenticated clients to allocate large amounts of memory on brokers, which could lead to an Out Of Memory Exception, causing a denial of service. Various authentication methods were affected in different degrees. In Kafka clusters without...

7.5CVSS4.3AI score0.0125EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/30 11:9 a.m.•62 views

CVE-2021-3782

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...

6.6CVSS1.6AI score0.00297EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/08/19 5:39 a.m.•62 views

CVE-2022-36885

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...

5.3CVSS4.1AI score0.00721EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/19 5:14 a.m.•62 views

CVE-2022-34170

In Jenkins 2.320 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting XSS vulnerability exploitable by attacker...

6.1CVSS1.4AI score0.01351EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/19 4:38 a.m.•62 views

CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...

6.5CVSS4.6AI score0.00864EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/25 7:22 a.m.•62 views

CVE-2022-35737

An array-bounds overflow vulnerability was discovered in SQLite. The vulnerability occurs when handling an overly large input passed as a string argument to some of the C-language APIs provided by SQLite. This flaw allows a remote attacker to pass specially crafted large input to the application...

5.9CVSS4.9AI score0.19193EPSS
Exploits2References5
RedhatCVE
RedhatCVE
•added 2022/07/11 2:15 p.m.•62 views

CVE-2022-32088

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...

7.5CVSS3.3AI score0.01766EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/06/14 7:29 p.m.•62 views

CVE-2022-21125

A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some IntelĀ® Processors may allow an authenticated user to enable information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the...

5.5CVSS6.4AI score0.06451EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/25 2:30 p.m.•62 views

CVE-2022-1854

No description is available for this CVE...

1.3AI score0.00735EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/09 4:56 p.m.•62 views

CVE-2022-1632

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of...

6.5CVSS3.7AI score0.00353EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/17 1:44 p.m.•62 views

CVE-2022-23648

An information leak was discovered in containerd. This issue could allow a remote attacker access to read-only copies of arbitrary files and directories on the host, which can be exploited with a specially-crafted image configuration...

7.5CVSS3.1AI score0.27392EPSS
Exploits4References4
RedhatCVE
RedhatCVE
•added 2022/03/15 7:56 p.m.•62 views

CVE-2022-0891

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

7.1CVSS6AI score0.01542EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/14 9:55 a.m.•62 views

CVE-2021-44879

In gcdatasegment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a movedatapage NULL pointer dereference...

5.5CVSS3.5AI score0.01234EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•62 views

CVE-2022-22746

The Mozilla Foundation Security Advisory describes this flaw as: A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed. This bug only affects Thunderbird for Windows. Other operating systems are unaffected...

7.5CVSS7.1AI score0.0059EPSS
Exploits0References3
Total number of security vulnerabilities5000