Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2020/04/04 5:14 a.m.•62 views

CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Mitigation Mitigation to this problem is to not trigger polymorphic desrializatio...

9.8CVSS0.9AI score0.37925EPSS
Exploits7References1
RedhatCVE
RedhatCVE
•added 2020/03/23 8:1 p.m.•62 views

CVE-2020-9546

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS3.5AI score0.04613EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/02/25 6:10 a.m.•62 views

CVE-2020-6950

A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files. Mitigation There is no currently known mitigation for this flaw...

7.5CVSS4.9AI score0.10124EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2020/01/05 4:6 a.m.•62 views

CVE-2019-18805

A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter /proc/sys/net/ipv4/tcpminrttwlen is set incorrectly. This causes an integer overflow which can lead to a denial Of service DOS attack. Mitigation This flaw can be mitigated ...

9.8CVSS2.9AI score0.03431EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/12/10 8:48 p.m.•62 views

CVE-2019-19377

A flaw was found in the Linux kernel's implementation of the BTRFS file system. A local attacker, with the ability to mount a file system, can create a use-after-free memory fault after the file system has been unmounted. This may lead to memory corruption or privilege escalation. Mitigation As t...

7.8CVSS0.5AI score0.034EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2019/11/12 9:0 a.m.•62 views

CVE-2019-11479

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size MSS of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increas...

7.5CVSS6.4AI score0.9166EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2019/10/12 2:19 a.m.•62 views

CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...

7.5CVSS2.6AI score0.07694EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2019/10/08 10:15 a.m.•62 views

CVE-2017-13077

A new exploitation technique called key reinstallation attacks KRACKs affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key PTK-TK during a...

8.1CVSS2AI score0.04575EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2019/03/15 10:49 a.m.•62 views

CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

9.8CVSS4.1AI score0.92144EPSS
Exploits13References4
RedhatCVE
RedhatCVE
•added 2019/02/07 6:50 p.m.•62 views

CVE-2019-7221

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is stopped. The...

7.8CVSS2AI score0.00805EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2018/01/03 10:49 p.m.•62 views

CVE-2017-5754

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...

5.6CVSS5.7AI score0.84172EPSS
Exploits3References2
RedhatCVE
RedhatCVE
•added 2017/11/14 8:49 a.m.•62 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS6.1AI score0.09902EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2016/10/31 12:47 p.m.•62 views

CVE-2016-1247

A vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append data to files owned by root, potentially elevating their own privileges to root...

7.8CVSS5AI score0.04863EPSS
Exploits6References1
RedhatCVE
RedhatCVE
•added 2016/10/20 7:47 a.m.•62 views

CVE-2016-8858

DISPUTED The kexinputkexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."...

7.8CVSS5AI score0.29462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/07/19 3:48 p.m.•62 views

CVE-2016-1000027

Pivotal Spring Framework 4.1.4 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required...

9.8CVSS5.6AI score0.32257EPSS
Exploits4References2
RedhatCVE
RedhatCVE
•added 2016/06/27 6:49 a.m.•62 views

CVE-2016-4998

An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt. The function call is normally restricted to root, however some processes with capsysadmin may also be able to trigger this flaw in privileged container environments...

7.1CVSS2.7AI score0.01885EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/03/27 2:25 p.m.•61 views

CVE-2021-27393

A vulnerability has been identified in Nucleus NET All versions, Nucleus ReadyStart V3 All versions V2013.08, Nucleus Source Code Versions including affected DNS modules. The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS...

5.3CVSS6.8AI score0.00751EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/12/06 9:37 p.m.•61 views

CVE-2025-13426

A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute...

8.7CVSS8.4AI score0.00368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/06/17 11:21 p.m.•61 views

CVE-2024-37891

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects. Mitigation Mitigation for this...

4.4CVSS5.4AI score0.01141EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/05/15 4:28 a.m.•61 views

CVE-2024-26306

A timing-based side-channel flaw was found in iperf3. If the iperf3 server is running with the --rsa-private-key-path option, the user authentication API can be attacked. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...

5.9CVSS5.3AI score0.01107EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/05/14 11:56 p.m.•61 views

CVE-2024-32465

A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution. Mitigati...

7.3CVSS8.1AI score0.01271EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/03 6:54 p.m.•61 views

CVE-2022-48686

A use-after-free vulnerability was found in the Linux kernel in drivers/nvme/host/tcp.c in nvmetcpiowork. This issue can occur when a local user continues to read data after the connection finishes. This flaw allows a malicious user to cause a use-after-free problem. Mitigation Mitigation for thi...

5.3CVSS7AI score0.0025EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/18 7:53 p.m.•61 views

CVE-2024-21661

A flaw was found in Argo CD that may result in a remote denial of service. The expireOldFailedAttempts function modifies an array while it is being iterated over. This issue may cause an application crash when executed in a multi-threaded environment if two threads interact with the same array...

7.5CVSS7.4AI score0.01176EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/03/10 10:10 a.m.•61 views

CVE-2024-28757

An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers...

7.5CVSS5.8AI score0.02006EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/02/15 6:55 a.m.•61 views

CVE-2024-24989

A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a NULL pointer dereference error, causing a worker process to crash, leading to a denial of service...

7.5CVSS7AI score0.01061EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/14 8:25 p.m.•61 views

CVE-2023-4408

A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service. Mitigation Mitigation for this issue is either...

7.5CVSS7.6AI score0.01327EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/09 2:59 a.m.•61 views

CVE-2023-4639

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS6.5AI score0.01117EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/06 9:47 a.m.•61 views

CVE-2023-46218

A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set "super cookies" in curl that are passed back to more origins than what is otherwise allowed or possible...

5.3CVSS6.2AI score0.01685EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/11/30 3:26 a.m.•61 views

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

7.5CVSS8.6AI score0.8581EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2023/11/09 11:45 p.m.•61 views

CVE-2023-39913

An input validation flaw was found in Apache UIMA. This issue may allow a remote attacker to execute arbitrary code, compromising the confidentiality, integrity, and availability of affected systems...

8.8CVSS8AI score0.01471EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/03 5:25 p.m.•61 views

CVE-2023-44466

An flaw was found in net/ceph/messengerv2.c in the Linux Kernel. An integer signing error leads to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This issue occurs due to an untrusted length taken from a TCP packet in cephdecode32...

8.8CVSS8.1AI score0.54577EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/09/25 9:51 a.m.•61 views

CVE-2023-5157

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service...

7.5CVSS6.7AI score0.02021EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/13 6:54 a.m.•61 views

CVE-2023-39320

A flaw was found in Golang. The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module...

8.8CVSS7.2AI score0.01424EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/09/13 6:54 a.m.•61 views

CVE-2023-39318

A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in...

6.1CVSS7.8AI score0.00815EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/08/29 6:45 a.m.•61 views

CVE-2020-22219

A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwritergrow function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder. Mitigation Mitigation for this issue is either not available or the current...

7.8CVSS7.9AI score0.00749EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/08/22 7:49 a.m.•61 views

CVE-2023-32559

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...

7.5CVSS8.8AI score0.01484EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/07/21 9:11 p.m.•61 views

CVE-2023-22043

Vulnerability in Oracle Java SE component: JavaFX. The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability...

5.9CVSS6.2AI score0.00974EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/29 5:17 p.m.•61 views

CVE-2023-3338

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system...

6.5CVSS6.3AI score0.08091EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2023/06/20 5:14 a.m.•61 views

CVE-2023-29326

A vulnerability was found in dotnet. This issue can allow remote code execution. The attack itself is carried out locally, and requires user interaction...

7.8CVSS7.7AI score0.009EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/18 1:45 p.m.•61 views

CVE-2023-33250

A use-after-free flaw was found in the Linux kernel’s IOMMU subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...

4.4CVSS8.6AI score0.0025EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/24 6:10 a.m.•61 views

CVE-2023-32697

A flaw was found in SQLite-JDBC. A vulnerability found JDBC URL allowed a malicious user to cause Remote Code Execution RCE...

8.8CVSS7.3AI score0.01592EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/08 4:21 p.m.•61 views

CVE-2023-2156

A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of service condition...

7.5CVSS6AI score0.06127EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/30 1:0 p.m.•61 views

CVE-2023-0225

A vulnerability was found in Samba. This security issue occurs as an incomplete access check on the dnsHostName allows authenticated but otherwise, unprivileged users to delete this attribute from any object in the directory...

4.3CVSS5.7AI score0.00719EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/24 6:11 p.m.•61 views

CVE-2021-3923

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdmacm device node. While this access is unlikely to leak sensitive user information, it can be...

3.3CVSS5.3AI score0.00199EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/21 1:13 p.m.•61 views

CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

3.7CVSS9.3AI score0.02195EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/20 11:13 a.m.•61 views

CVE-2022-4900

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...

6.2CVSS6.5AI score0.00367EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/14 10:43 a.m.•61 views

CVE-2023-28328

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of...

5.5CVSS5.9AI score0.00226EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/27 6:30 p.m.•61 views

CVE-2023-1079

A use-after-free flaw was found in asuskbdbacklightset in drivers/hid/hid-asus.c in the Linux Kernel. This issue could allow an attacker to crash the system when plugging in or disconnecting a malicious USB device, which may lead to a kernel information leak problem. Mitigation This flaw can be...

6.8CVSS6.6AI score0.00454EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/19 4:59 p.m.•61 views

CVE-2023-23559

An integer overflow flaw was found in the Linux kernel’s wireless RNDIS USB device driver in how a user installs a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7CVSS7.4AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/01/16 9:6 a.m.•61 views

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

5.5CVSS5.3AI score0.00523EPSS
Exploits0References3
Total number of security vulnerabilities5000