Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2021/08/19 7:40 p.m.•61 views

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

7.5CVSS5.9AI score0.01981EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•61 views

CVE-2021-2389

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

7.1CVSS2AI score0.08216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/02 5:14 p.m.•61 views

CVE-2021-34556

A flaw was found in the Linux kernel, where a BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highes...

5.5CVSS2.6AI score0.00419EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/07/28 2:20 p.m.•61 views

CVE-2021-30797

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution...

8.8CVSS2.2AI score0.01847EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/06/14 2:14 p.m.•61 views

CVE-2021-31811

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions...

5.5CVSS3.9AI score0.03445EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/10 6:47 p.m.•61 views

CVE-2021-3588

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...

3.3CVSS3.4AI score0.0045EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/19 12:27 a.m.•61 views

CVE-2021-32029

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

6.5CVSS2.7AI score0.01398EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/19 12:25 a.m.•61 views

CVE-2021-22116

A flaw was found in rabbitmq-server, where insufficient input validation in the AMQP 1.0 client connection endpoint could allow a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS3.2AI score0.01387EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/20 8:43 p.m.•61 views

CVE-2021-2163

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

5.3CVSS2.1AI score0.03566EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/26 11:53 a.m.•61 views

CVE-2020-0465

A flaw was found in the Linux kernel’s multi-touch input system. An out-of-bounds write triggered by a use-after-free issue could lead to memory corruption or possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.2CVSS0.5AI score0.00268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/19 12:18 p.m.•61 views

CVE-2020-25681

A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary da...

8.3CVSS2AI score0.81191EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/05/25 1:57 p.m.•61 views

CVE-2020-10751

A flaw was found in the Linux kernel’s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted...

3.6CVSS6.7AI score0.00348EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2020/05/20 6:56 a.m.•61 views

CVE-2019-11048

A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service...

5CVSS3.4AI score0.06264EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/04/09 9:20 a.m.•61 views

CVE-2017-9076

The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memo...

7.8CVSS3.7AI score0.01372EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2020/04/09 7:20 a.m.•61 views

CVE-2019-10126

A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation...

9.8CVSS3.1AI score0.06821EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/13 2:10 p.m.•61 views

CVE-2019-10768

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

7.5CVSS4.9AI score0.02179EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2019/12/11 1:22 a.m.•61 views

CVE-2019-13764

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.3AI score0.06432EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2019/11/04 6:56 p.m.•61 views

CVE-2019-13720

Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.7AI score0.72977EPSS
Exploits4References3
RedhatCVE
RedhatCVE
•added 2019/10/10 10:39 a.m.•61 views

CVE-2017-9788

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

9.1CVSS1.7AI score0.5677EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2019/10/08 11:45 a.m.•61 views

CVE-2018-0739

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

6.5CVSS4.4AI score0.19295EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2019/08/12 6:21 p.m.•61 views

CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS0.3AI score0.0388EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2019/01/29 9:50 p.m.•61 views

CVE-2019-3774

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

9.8CVSS3.4AI score0.03032EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2018/10/16 11:19 p.m.•61 views

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

9.1CVSS3.8AI score0.91789EPSS
Exploits11References2
RedhatCVE
RedhatCVE
•added 2017/11/08 10:20 a.m.•61 views

CVE-2017-16536

The cx231xxusbprobe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted USB device...

7.2CVSS6.6AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/01/11 2:47 p.m.•61 views

CVE-2016-10088

It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNELDS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service...

7.8CVSS4.3AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/06/29 12:18 p.m.•61 views

CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

9.8CVSS7.9AI score0.0926EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2025/11/13 12:4 p.m.•60 views

CVE-2025-12998

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

8.2CVSS6.9AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/04/17 1:0 p.m.•60 views

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

6CVSS5.5AI score0.00711EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/03/21 6:7 a.m.•60 views

CVE-2024-29018

A vulnerability was found in Moby due to excessive data output in external DNS requests from "internal" networks, enabling unauthorized access to sensitive system information by remote attackers. This flaw allows attackers to gain access to sensitive information by exploiting incorrect resource...

5.9CVSS5.5AI score0.0075EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/03/04 9:32 a.m.•60 views

CVE-2024-27351

An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service...

7.5CVSS7AI score0.01854EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/19 3:51 p.m.•60 views

CVE-2024-1627

No description is available for this CVE...

7.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/16 5:52 p.m.•60 views

CVE-2024-22019

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

7.5CVSS6AI score0.03168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/28 6:30 a.m.•60 views

CVE-2023-51074

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

5.3CVSS5.1AI score0.0067EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/10/29 9:25 a.m.•60 views

CVE-2023-46752

A data mishandling vulnerability was found in FRRouting. A malformed MPREACHNLRI data can lead to a crash, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising...

5.9CVSS7.4AI score0.00849EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/22 10:55 a.m.•60 views

CVE-2023-4921

A use-after-free flaw was found in qfqdequeue and aggdequeue in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This issue may allow a local user to crash the system or escalate their privileges on the system. Mitigation Mitigation for this issue is to skip loading th...

7.8CVSS7.1AI score0.00396EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/07/25 8:51 a.m.•60 views

CVE-2023-37903

A flaw was found in the vm2 custom inspect function, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

9.8CVSS6.3AI score0.0279EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/07/20 1:37 p.m.•60 views

CVE-2023-3812

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigati...

7.8CVSS7.5AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/19 4:6 p.m.•60 views

CVE-2023-21400

A double-free vulnerability was found in the iouring subsystem in the Linux kernel. This issue may allow a malicious local user to crash the kernel or elevate their privileges on the system...

7CVSS6.5AI score0.0025EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/07/12 4:5 p.m.•60 views

CVE-2023-3640

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

7CVSS6.5AI score0.00719EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/06/26 6:48 p.m.•60 views

CVE-2023-33733

A vulnerability was found in python-reportlab. This flaw allows an attacker to execute arbitrary code by supplying a crafted PDF file...

7.8CVSS7.7AI score0.02123EPSS
Exploits6References3
RedhatCVE
RedhatCVE
•added 2023/05/19 4:10 a.m.•60 views

CVE-2023-31655

A vulnerability was found in the Redis package. This security flaw causes a segmentation violation in redisraft.c. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deploymen...

7.5CVSS7.1AI score0.01028EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/25 1:36 p.m.•60 views

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...

5.3CVSS6.2AI score0.00475EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/23 1:56 p.m.•60 views

CVE-2022-45047

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server. Mitigation From the maintainer: For Apache MINA SSHD =...

9.8CVSS9.2AI score0.03571EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/11/11 3:55 a.m.•60 views

CVE-2022-3294

A flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While...

8.8CVSS2.6AI score0.01618EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/26 2:53 p.m.•60 views

CVE-2022-42915

A vulnerability was found in curl. The issue occurs if curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL. It sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this...

7.5CVSS8.9AI score0.02927EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/20 2:14 p.m.•60 views

CVE-2022-36087

A flaw was found in python-oauthlib. This flaw allows an attacker providing a malicious redirect URI to cause a denial of service to OAuthLib's web application. Mitigation The redirecturi can be verified in the web toolkit before OAuthLib is called. Check to see if : is present to reject the...

6.5CVSS6.4AI score0.01258EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/05 5:58 a.m.•60 views

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

7.5CVSS2.4AI score0.03213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/09 1:37 p.m.•60 views

CVE-2022-2581

A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

7.8CVSS5.6AI score0.00481EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/19 10:54 p.m.•60 views

CVE-2022-21541

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

5.9CVSS1.5AI score0.02062EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/12 10:14 a.m.•60 views

CVE-2022-1955

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

4.2AI score0.00361EPSS
Exploits1References3
Total number of security vulnerabilities5000