Lucene search
K
RedhatcveMost viewed

206362 matches found

RedhatCVE
RedhatCVE
•added 2023/06/20 5:14 a.m.•61 views

CVE-2023-29326

A vulnerability was found in dotnet. This issue can allow remote code execution. The attack itself is carried out locally, and requires user interaction...

7.8CVSS7.7AI score0.009EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/18 1:45 p.m.•61 views

CVE-2023-33250

A use-after-free flaw was found in the Linux kernel’s IOMMU subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...

4.4CVSS8.6AI score0.0025EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/08 4:21 p.m.•61 views

CVE-2023-2156

A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of service condition...

7.5CVSS6AI score0.06127EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/20 11:13 a.m.•61 views

CVE-2022-4900

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...

6.2CVSS6.5AI score0.00367EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/14 10:43 a.m.•61 views

CVE-2023-28328

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of...

5.5CVSS5.9AI score0.00226EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/27 6:30 p.m.•61 views

CVE-2023-1079

A use-after-free flaw was found in asuskbdbacklightset in drivers/hid/hid-asus.c in the Linux Kernel. This issue could allow an attacker to crash the system when plugging in or disconnecting a malicious USB device, which may lead to a kernel information leak problem. Mitigation This flaw can be...

6.8CVSS6.6AI score0.00454EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/19 4:59 p.m.•61 views

CVE-2023-23559

An integer overflow flaw was found in the Linux kernel’s wireless RNDIS USB device driver in how a user installs a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7CVSS7.4AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/01/25 4:13 p.m.•61 views

CVE-2022-3736

A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. Mitigation Setting stale-answer-client-timeout to 0 or to off/disabled will...

7.5CVSS7.3AI score0.5017EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/25 3:4 p.m.•61 views

CVE-2022-42328

A possible deadlock flaw was found in the Linux kernel’s XEN driver in how some packets generated by a user dropped. This flaw allows a local user to crash the system...

5.5CVSS2.8AI score0.00213EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2022/12/16 10:35 a.m.•61 views

CVE-2022-3619

A memory leak flaw was found in the Linux kernel’s L2CAP bluetooth functionality. This issue occurs when a user generates malicious packets, triggering the l2caprecvacldata function. This flaw allows a local or bluetooth connection user to potentially crash the system. Mitigation To mitigate thes...

4.3CVSS5.8AI score0.00567EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/11/22 2:26 p.m.•61 views

CVE-2022-41858

A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sltxtimeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. Mitigation This flaw can be mitigated by...

7.1CVSS0.7AI score0.00275EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/16 11:26 a.m.•61 views

CVE-2022-45411

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS2.3AI score0.00575EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/10/14 5:59 a.m.•61 views

CVE-2022-39201

A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability...

6.8CVSS4.6AI score0.01228EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/13 3:30 p.m.•61 views

CVE-2022-40152

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

7.5CVSS7.9AI score0.19653EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/10/07 5:26 a.m.•61 views

CVE-2022-41715

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

6.5CVSS7.4AI score0.01339EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/09/26 6:19 a.m.•61 views

CVE-2022-38751

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...

6.5CVSS4AI score0.01507EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/06 9:53 p.m.•61 views

CVE-2022-3143

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

7.4CVSS5.3AI score0.00584EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/31 7:59 p.m.•61 views

CVE-2022-35252

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

3.1CVSS6AI score0.01839EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/07/04 5:6 a.m.•61 views

CVE-2022-34176

A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...

5.4CVSS2.1AI score0.76878EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/01 1:36 p.m.•61 views

CVE-2022-33124

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...

5.5CVSS5.5AI score0.00669EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/06/08 8:2 p.m.•61 views

CVE-2022-30556

A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure. Mitigation Disabling modlua and restarting httpd will mitigate this flaw...

7.5CVSS0.3AI score0.04687EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/07 2:29 a.m.•61 views

CVE-2022-30322

A flaw was found in go-getter. Several vulnerabilities were identified in the way go-getter processes HTTP responses, response headers, and password-protected ZIP files. This flaw allows an attacker to bypass certain configuration settings and may lead to a denial of service. Mitigation The fix...

8.6CVSS2AI score0.01279EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/01 10:22 a.m.•61 views

CVE-2022-31621

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dsxbstream.cc, when an error occurs streamctxt-destfile == NULL while executing the method xbstreamopen, the held lock is not released correctly, which allows local users to trigger a denial of service due to the...

5.5CVSS5.3AI score0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/25 2:30 p.m.•61 views

CVE-2022-1853

No description is available for this CVE...

1.3AI score0.0088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:24 a.m.•61 views

CVE-2020-13667

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...

7.4CVSS4.7AI score0.00928EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/16 2:55 p.m.•61 views

CVE-2022-21136

A flaw was found in hw. Improper input validation for some IntelR XeonR processors may allow a privileged user to enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...

5.5CVSS5.1AI score0.00259EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/14 11:32 a.m.•61 views

CVE-2019-9512

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS2.2AI score0.83433EPSS
Exploits1References8
RedhatCVE
RedhatCVE
•added 2022/05/06 4:55 p.m.•61 views

CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

5.9CVSS5.1AI score0.02092EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/02 5:54 a.m.•61 views

CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

7.5CVSS2.2AI score0.01267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/13 11:53 a.m.•61 views

CVE-2022-27383

A flaw was found in the MariaDB Server. A use-after-free in the component, mystrcasecmp8bit, can be exploited via specially crafted SQL statements, impacting availability...

7.5CVSS7.9AI score0.02097EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/05 9:52 a.m.•61 views

CVE-2022-26280

An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with libarchive, using the LZMA zip functionality. The consequences depend on the specific program linked wi...

6.5CVSS1.6AI score0.01877EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/23 6:11 p.m.•61 views

CVE-2022-0567

A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in...

9.1CVSS3.5AI score0.00972EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/19 11:40 p.m.•61 views

CVE-2021-44906

An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or proto payload, resulting in prototype pollution and loss of confidentiality, availability, and...

9.8CVSS4.7AI score0.04581EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2022/03/14 9:17 a.m.•61 views

CVE-2022-26966

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device...

5.5CVSS4.7AI score0.00338EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/24 6:57 a.m.•61 views

CVE-2022-0685

A flaw was found in vim. The vulnerability occurs due to a crash when using a special multi-byte character and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s...

8.4CVSS4.9AI score0.01723EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/22 4:46 a.m.•61 views

CVE-2021-44571

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. Al...

4.3CVSS6.7AI score0.01313EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/17 4:52 p.m.•61 views

CVE-2022-25180

A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS4.2AI score0.0052EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/10 3:52 p.m.•61 views

CVE-2022-0435

A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...

9CVSS1.5AI score0.67994EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/01/27 6:43 p.m.•61 views

CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

7.5CVSS7.6AI score0.08325EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/14 11:59 a.m.•61 views

CVE-2021-4083

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...

7.4CVSS1.9AI score0.0031EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/11 4:27 p.m.•61 views

CVE-2021-3947

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvmechangednslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information...

6CVSS5.6AI score0.00312EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/10/20 9:12 p.m.•61 views

CVE-2020-13974

A flaw integer overflow in the Linux kernel's virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. A local user could use this flaw to crash the system or possibly escalate their privileges on the system. Mitigation Mitigation for this...

7.8CVSS0.9AI score0.0057EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/10/05 6:58 p.m.•61 views

CVE-2021-32628

An integer overflow issue was found in the redis ziplist data structure. The vulnerability involves modifying the default ziplist configuration parameters hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value to a very large value, and then...

7.5CVSS3.5AI score0.03636EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/20 7:13 p.m.•61 views

CVE-2021-39293

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could...

7.5CVSS2.9AI score0.06934EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/15 6:52 a.m.•61 views

CVE-2021-22945

A flaw was found in libcurl. When sending data to an MQTT server could in some situations lead to libcurl using already freed memory and then try to free it again. The highest threat from this vulnerability is to data confidentiality as well as system availability...

9.1CVSS2.2AI score0.06216EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/24 10:14 p.m.•61 views

CVE-2021-32779

An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...

8.6CVSS2.4AI score0.00948EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/19 7:40 p.m.•61 views

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

7.5CVSS5.9AI score0.01981EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/17 7:10 p.m.•61 views

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and QPaintEngineEx::stroke...

7.5CVSS1.9AI score0.0306EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/02 5:14 p.m.•61 views

CVE-2021-34556

A flaw was found in the Linux kernel, where a BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highes...

5.5CVSS2.6AI score0.00419EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/07/29 4:20 p.m.•61 views

CVE-2021-36386

A flaw was found in fetchmail. The flaw lies in how fetchmail when running in verbose mode using the -v flag tries to log long messages that are created from long headers. An attacker could potentially use this flaw to cause a Denial of Service attack or crash. The highest threat from this...

7.5CVSS1.9AI score0.03003EPSS
Exploits1References4
Total number of security vulnerabilities5000