Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2017/11/08 10:20 a.m.•61 views

CVE-2017-16536

The cx231xxusbprobe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted USB device...

7.2CVSS6.6AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/01/11 2:47 p.m.•61 views

CVE-2016-10088

It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNELDS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service...

7.8CVSS4.3AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/06/29 12:18 p.m.•61 views

CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

9.8CVSS7.9AI score0.0926EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2025/11/13 12:4 p.m.•60 views

CVE-2025-12998

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

8.2CVSS6.9AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/04/17 1:0 p.m.•60 views

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

6CVSS5.5AI score0.00711EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/03/04 9:32 a.m.•60 views

CVE-2024-27351

An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service...

7.5CVSS7AI score0.01854EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/19 3:51 p.m.•60 views

CVE-2024-1627

No description is available for this CVE...

7.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/16 5:52 p.m.•60 views

CVE-2024-22019

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

7.5CVSS6AI score0.03168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/28 6:30 a.m.•60 views

CVE-2023-51074

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

5.3CVSS5.1AI score0.0067EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/10/29 9:25 a.m.•60 views

CVE-2023-46752

A data mishandling vulnerability was found in FRRouting. A malformed MPREACHNLRI data can lead to a crash, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising...

5.9CVSS7.4AI score0.00849EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/22 10:55 a.m.•60 views

CVE-2023-4921

A use-after-free flaw was found in qfqdequeue and aggdequeue in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This issue may allow a local user to crash the system or escalate their privileges on the system. Mitigation Mitigation for this issue is to skip loading th...

7.8CVSS7.1AI score0.00396EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/10/16 4:16 a.m.•60 views

CVE-2018-25091

A flaw was found in the urllib3 package. Affected versions of this package are vulnerable to information exposure through sent data when the authorization HTTP header is not removed during a cross-origin redirect. An attacker can expose credentials in the authorization header to unintended hosts ...

6.1CVSS7.5AI score0.04488EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/07 1:19 p.m.•60 views

CVE-2023-2640

A flaw was found in the Linux Kernel where the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. This flaw allows a local attacker to gain elevated privileges due to skipped permission in checking for trusted.overlayfs. xattrs...

7.8CVSS6.9AI score0.15783EPSS
Exploits14References6
RedhatCVE
RedhatCVE
•added 2023/07/25 8:51 a.m.•60 views

CVE-2023-37903

A flaw was found in the vm2 custom inspect function, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

9.8CVSS6.3AI score0.0279EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/07/20 1:37 p.m.•60 views

CVE-2023-3812

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigati...

7.8CVSS7.5AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/19 4:6 p.m.•60 views

CVE-2023-21400

A double-free vulnerability was found in the iouring subsystem in the Linux kernel. This issue may allow a malicious local user to crash the kernel or elevate their privileges on the system...

7CVSS6.5AI score0.00258EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/07/12 4:5 p.m.•60 views

CVE-2023-3640

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

7CVSS6.5AI score0.00719EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/06/26 6:48 p.m.•60 views

CVE-2023-33733

A vulnerability was found in python-reportlab. This flaw allows an attacker to execute arbitrary code by supplying a crafted PDF file...

7.8CVSS7.7AI score0.02123EPSS
Exploits6References3
RedhatCVE
RedhatCVE
•added 2023/05/19 4:10 a.m.•60 views

CVE-2023-31655

A vulnerability was found in the Redis package. This security flaw causes a segmentation violation in redisraft.c. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deploymen...

7.5CVSS7.1AI score0.01028EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/02/06 5:26 a.m.•60 views

CVE-2022-23498

A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a data source where the caching is enabled can acquire another user’s session. Mitigation To mitigate the vulnerability,...

8.8CVSS3AI score0.01132EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/25 4:13 p.m.•60 views

CVE-2022-3736

A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. Mitigation Setting stale-answer-client-timeout to 0 or to off/disabled will...

7.5CVSS7.3AI score0.5017EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 1:36 p.m.•60 views

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...

5.3CVSS6.2AI score0.00475EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/11 3:55 a.m.•60 views

CVE-2022-3294

A flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While...

8.8CVSS2.6AI score0.01618EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/26 2:53 p.m.•60 views

CVE-2022-42915

A vulnerability was found in curl. The issue occurs if curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL. It sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this...

7.5CVSS8.9AI score0.02927EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/14 5:59 a.m.•60 views

CVE-2022-39201

A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability...

6.8CVSS4.6AI score0.01228EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/20 2:14 p.m.•60 views

CVE-2022-36087

A flaw was found in python-oauthlib. This flaw allows an attacker providing a malicious redirect URI to cause a denial of service to OAuthLib's web application. Mitigation The redirecturi can be verified in the web toolkit before OAuthLib is called. Check to see if : is present to reject the...

6.5CVSS6.4AI score0.01258EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/05 5:58 a.m.•60 views

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

7.5CVSS2.4AI score0.03213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/19 5:39 a.m.•60 views

CVE-2022-36885

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...

5.3CVSS4.1AI score0.00721EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/09 1:37 p.m.•60 views

CVE-2022-2581

A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

7.8CVSS5.6AI score0.00481EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/19 10:54 p.m.•60 views

CVE-2022-21541

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

5.9CVSS1.5AI score0.02062EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/01 1:36 p.m.•60 views

CVE-2022-33124

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...

5.5CVSS5.5AI score0.00669EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/05/25 2:30 p.m.•60 views

CVE-2022-1853

No description is available for this CVE...

1.3AI score0.0088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/10 5:31 p.m.•60 views

CVE-2022-23267

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS2.3AI score0.05041EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/06 5:10 p.m.•60 views

CVE-2022-21418

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

5CVSS2.9AI score0.01064EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/06 5:9 p.m.•60 views

CVE-2022-21417

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS2.1AI score0.01414EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/06 4:56 p.m.•60 views

CVE-2022-21460

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.4CVSS4.1AI score0.01285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/06 4:55 p.m.•60 views

CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

5.9CVSS5.1AI score0.02023EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/13 11:53 a.m.•60 views

CVE-2022-27383

A flaw was found in the MariaDB Server. A use-after-free in the component, mystrcasecmp8bit, can be exploited via specially crafted SQL statements, impacting availability...

7.5CVSS7.9AI score0.02097EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/22 4:46 a.m.•60 views

CVE-2021-44571

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. Al...

4.3CVSS6.7AI score0.01313EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/17 4:52 p.m.•60 views

CVE-2022-25180

A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS4.2AI score0.0052EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/15 4:29 a.m.•60 views

CVE-2022-0581

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

7.5CVSS3.4AI score0.01839EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/10 3:52 p.m.•60 views

CVE-2022-0435

A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...

9CVSS1.5AI score0.67994EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•60 views

CVE-2022-22741

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When resizing a popup and requesting fullscreen access, the popup would have become unable to leave fullscreen mode...

7.5CVSS1.7AI score0.00652EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•60 views

CVE-2022-22737

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Constructing audio sinks could have led to a race condition when playing audio files and closing windows. This could have lead to a use-after-free issue, causing a potentially exploitable crash...

7.5CVSS2.5AI score0.0075EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/16 6:19 p.m.•60 views

CVE-2021-3929

A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...

8.2CVSS3.1AI score0.00643EPSS
Exploits3References5
RedhatCVE
RedhatCVE
•added 2021/11/19 3:20 p.m.•60 views

CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. ...

5CVSS6.1AI score0.02085EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2021/10/28 5:0 a.m.•60 views

CVE-2021-25219

A flaw was found in the way bind processes broken responses from authoritative servers. This caching mechanism could be abused by an attacker to significantly degrade resolver performance. Mitigation The vulnerability has been mitigated by changing the default value of lame-ttl to 0...

5.3CVSS4.5AI score0.08001EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/05 6:58 p.m.•60 views

CVE-2021-32628

An integer overflow issue was found in the redis ziplist data structure. The vulnerability involves modifying the default ziplist configuration parameters hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value to a very large value, and then...

7.5CVSS3.5AI score0.03636EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/16 3:5 p.m.•60 views

CVE-2021-23440

A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or...

9.8CVSS4.6AI score0.02475EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/08/31 5:10 p.m.•60 views

CVE-2021-37701

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS1.5AI score0.03286EPSS
Exploits0References5
Total number of security vulnerabilities5000