Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2021/01/26 11:53 a.m.•61 views

CVE-2020-0465

A flaw was found in the Linux kernel’s multi-touch input system. An out-of-bounds write triggered by a use-after-free issue could lead to memory corruption or possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.2CVSS0.5AI score0.00268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/19 12:18 p.m.•61 views

CVE-2020-25681

A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary da...

8.3CVSS2AI score0.81191EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/12/08 4:10 p.m.•61 views

CVE-2020-1971

A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS1.6AI score0.06968EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2020/05/25 1:57 p.m.•61 views

CVE-2020-10751

A flaw was found in the Linux kernel’s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted...

3.6CVSS6.7AI score0.00348EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2020/05/20 6:56 a.m.•61 views

CVE-2019-11048

A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service...

5CVSS3.4AI score0.06264EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/04/09 10:9 a.m.•61 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS2.5AI score0.05329EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/04 5:14 a.m.•61 views

CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Mitigation Mitigation to this problem is to not trigger polymorphic desrializatio...

9.8CVSS0.9AI score0.37925EPSS
Exploits7References1
RedhatCVE
RedhatCVE
•added 2020/03/23 8:1 p.m.•61 views

CVE-2020-9546

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS3.5AI score0.04613EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/02/25 6:10 a.m.•61 views

CVE-2020-6950

A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files. Mitigation There is no currently known mitigation for this flaw...

7.5CVSS4.9AI score0.10124EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2020/01/05 4:6 a.m.•61 views

CVE-2019-18805

A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter /proc/sys/net/ipv4/tcpminrttwlen is set incorrectly. This causes an integer overflow which can lead to a denial Of service DOS attack. Mitigation This flaw can be mitigated ...

9.8CVSS2.9AI score0.03431EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/11/12 9:0 a.m.•61 views

CVE-2019-11479

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size MSS of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increas...

7.5CVSS6.4AI score0.9166EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2019/11/04 6:56 p.m.•61 views

CVE-2019-13720

Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.7AI score0.72977EPSS
Exploits4References3
RedhatCVE
RedhatCVE
•added 2019/10/10 10:39 a.m.•61 views

CVE-2017-9788

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

9.1CVSS1.7AI score0.5677EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2019/01/29 9:50 p.m.•61 views

CVE-2019-3774

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

9.8CVSS3.4AI score0.03032EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2017/01/11 2:47 p.m.•61 views

CVE-2016-10088

It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNELDS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service...

7.8CVSS4.3AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/10/31 12:47 p.m.•61 views

CVE-2016-1247

A vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append data to files owned by root, potentially elevating their own privileges to root...

7.8CVSS5AI score0.04863EPSS
Exploits6References1
RedhatCVE
RedhatCVE
•added 2016/06/29 12:18 p.m.•61 views

CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

9.8CVSS7.9AI score0.0926EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2025/12/06 9:37 p.m.•60 views

CVE-2025-13426

A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute...

8.7CVSS8.4AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/06/17 11:21 p.m.•60 views

CVE-2024-37891

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects. Mitigation Mitigation for this...

4.4CVSS5.4AI score0.01141EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/05/15 4:28 a.m.•60 views

CVE-2024-26306

A timing-based side-channel flaw was found in iperf3. If the iperf3 server is running with the --rsa-private-key-path option, the user authentication API can be attacked. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...

5.9CVSS5.3AI score0.01107EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/05/14 11:56 p.m.•60 views

CVE-2024-32465

A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution. Mitigati...

7.3CVSS8.1AI score0.01271EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/03 6:54 p.m.•60 views

CVE-2022-48686

A use-after-free vulnerability was found in the Linux kernel in drivers/nvme/host/tcp.c in nvmetcpiowork. This issue can occur when a local user continues to read data after the connection finishes. This flaw allows a malicious user to cause a use-after-free problem. Mitigation Mitigation for thi...

5.3CVSS7AI score0.0025EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/16 5:52 p.m.•60 views

CVE-2024-22019

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

7.5CVSS6AI score0.03168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/15 6:55 a.m.•60 views

CVE-2024-24989

A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a NULL pointer dereference error, causing a worker process to crash, leading to a denial of service...

7.5CVSS7AI score0.01061EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/14 8:25 p.m.•60 views

CVE-2023-4408

A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service. Mitigation Mitigation for this issue is either...

7.5CVSS7.6AI score0.01327EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/28 6:30 a.m.•60 views

CVE-2023-51074

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

5.3CVSS5.1AI score0.0067EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/10/03 5:25 p.m.•60 views

CVE-2023-44466

An flaw was found in net/ceph/messengerv2.c in the Linux Kernel. An integer signing error leads to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This issue occurs due to an untrusted length taken from a TCP packet in cephdecode32...

8.8CVSS8.1AI score0.54577EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/09/25 9:51 a.m.•60 views

CVE-2023-5157

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service...

7.5CVSS6.7AI score0.02021EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/13 6:54 a.m.•60 views

CVE-2023-39318

A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in...

6.1CVSS7.8AI score0.00815EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/08/07 1:19 p.m.•60 views

CVE-2023-2640

A flaw was found in the Linux Kernel where the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. This flaw allows a local attacker to gain elevated privileges due to skipped permission in checking for trusted.overlayfs. xattrs...

7.8CVSS6.9AI score0.15783EPSS
Exploits14References6
RedhatCVE
RedhatCVE
•added 2023/07/21 9:11 p.m.•60 views

CVE-2023-22043

Vulnerability in Oracle Java SE component: JavaFX. The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability...

5.9CVSS6.2AI score0.00974EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/19 4:6 p.m.•60 views

CVE-2023-21400

A double-free vulnerability was found in the iouring subsystem in the Linux kernel. This issue may allow a malicious local user to crash the kernel or elevate their privileges on the system...

7CVSS6.5AI score0.00258EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/07/12 4:5 p.m.•60 views

CVE-2023-3640

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

7CVSS6.5AI score0.00719EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/05/08 4:21 p.m.•60 views

CVE-2023-2156

A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of service condition...

7.5CVSS6AI score0.06127EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/30 1:0 p.m.•60 views

CVE-2023-0225

A vulnerability was found in Samba. This security issue occurs as an incomplete access check on the dnsHostName allows authenticated but otherwise, unprivileged users to delete this attribute from any object in the directory...

4.3CVSS5.7AI score0.00719EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/14 10:43 a.m.•60 views

CVE-2023-28328

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of...

5.5CVSS5.9AI score0.00226EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/19 4:59 p.m.•60 views

CVE-2023-23559

An integer overflow flaw was found in the Linux kernel’s wireless RNDIS USB device driver in how a user installs a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7CVSS7.4AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/07 5:28 p.m.•60 views

CVE-2023-0215

A use-after-free vulnerability was found in OpenSSL's BIOnewNDEF function. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be...

7.5CVSS6.7AI score0.04494EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 1:36 p.m.•60 views

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...

5.3CVSS6.2AI score0.00475EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/16 6:5 p.m.•60 views

CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

8.1CVSS2.8AI score0.00454EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/16 11:26 a.m.•60 views

CVE-2022-45411

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS2.3AI score0.00575EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/11/11 3:55 a.m.•60 views

CVE-2022-3294

A flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While...

8.8CVSS2.6AI score0.01618EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/26 2:53 p.m.•60 views

CVE-2022-42915

A vulnerability was found in curl. The issue occurs if curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL. It sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this...

7.5CVSS8.9AI score0.02927EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/14 5:59 a.m.•60 views

CVE-2022-39201

A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability...

6.8CVSS4.6AI score0.01228EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/13 3:30 p.m.•60 views

CVE-2022-40152

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

7.5CVSS7.9AI score0.19653EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/10/07 5:26 a.m.•60 views

CVE-2022-41715

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

6.5CVSS7.4AI score0.01339EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/09/26 6:19 a.m.•60 views

CVE-2022-38751

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...

6.5CVSS4AI score0.01453EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/20 2:14 p.m.•60 views

CVE-2022-36087

A flaw was found in python-oauthlib. This flaw allows an attacker providing a malicious redirect URI to cause a denial of service to OAuthLib's web application. Mitigation The redirecturi can be verified in the web toolkit before OAuthLib is called. Check to see if : is present to reject the...

6.5CVSS6.4AI score0.01258EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/06 9:53 p.m.•60 views

CVE-2022-3143

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

7.4CVSS5.3AI score0.00584EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/31 7:59 p.m.•60 views

CVE-2022-35252

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

3.1CVSS6AI score0.01788EPSS
Exploits1References3
Total number of security vulnerabilities5000