Lucene search
K
RedhatcveMost viewed

206305 matches found

RedhatCVE
RedhatCVE
•added 2020/04/09 7:20 a.m.•60 views

CVE-2019-10126

A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation...

9.8CVSS3.1AI score0.06821EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/13 2:10 p.m.•60 views

CVE-2019-10768

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

7.5CVSS4.9AI score0.02179EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/01/07 9:41 a.m.•60 views

CVE-2019-6974

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...

8.1CVSS1.8AI score0.16523EPSS
Exploits2References2
RedhatCVE
RedhatCVE
•added 2019/12/11 1:22 a.m.•60 views

CVE-2019-13764

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.3AI score0.06432EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2019/10/31 4:26 p.m.•60 views

CVE-2017-11176

A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mqnotify function, a local attacker could potentially use this flaw to escalate their privileges on the system...

7.8CVSS3.1AI score0.03631EPSS
Exploits8References1
RedhatCVE
RedhatCVE
•added 2019/10/26 12:27 p.m.•60 views

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

9.8CVSS2.7AI score0.09317EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2019/10/10 10:12 a.m.•60 views

CVE-2017-5645

It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the...

9.8CVSS4.2AI score0.8904EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2019/10/08 11:45 a.m.•60 views

CVE-2018-0739

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

6.5CVSS4.4AI score0.19295EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2019/08/23 4:52 a.m.•60 views

CVE-2019-9851

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...

9.8CVSS1.8AI score0.78347EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2019/05/28 5:50 p.m.•60 views

CVE-2018-15664

A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on t...

7.5CVSS1.2AI score0.03398EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2019/04/26 7:50 a.m.•60 views

CVE-2019-11331

Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. Mitigation On Red Hat Enterprise Linux 6 and later, switching from ntp to chrony is recommended. Amo...

8.1CVSS0.6AI score0.02637EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2018/10/16 11:19 p.m.•60 views

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

9.1CVSS3.8AI score0.91789EPSS
Exploits10References2
RedhatCVE
RedhatCVE
•added 2018/06/15 6:20 p.m.•60 views

CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

5.5CVSS2.4AI score0.00887EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2017/11/08 10:20 a.m.•60 views

CVE-2017-16536

The cx231xxusbprobe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted USB device...

7.2CVSS6.6AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/10/18 8:18 p.m.•60 views

CVE-2016-5597

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS0.9AI score0.03937EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2025/09/10 12:34 a.m.•59 views

CVE-2025-56630

FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the columnmodel parameter in the app/admin/controller/Column.php file...

7.3CVSS8.1AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/09/26 8:9 p.m.•59 views

CVE-2024-47176

A security issue was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description PPD file based on attributes retrieved from an Internet Printing Protocol IPP response. Essentially, it takes printer information...

7.5CVSS8.2AI score0.50174EPSS
Exploits14References5
RedhatCVE
RedhatCVE
•added 2024/04/17 1:0 p.m.•59 views

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

6CVSS5.5AI score0.00711EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/03/21 6:7 a.m.•59 views

CVE-2024-29018

A vulnerability was found in Moby due to excessive data output in external DNS requests from "internal" networks, enabling unauthorized access to sensitive system information by remote attackers. This flaw allows attackers to gain access to sensitive information by exploiting incorrect resource...

5.9CVSS5.5AI score0.0075EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/03/18 7:53 p.m.•59 views

CVE-2024-21661

A flaw was found in Argo CD that may result in a remote denial of service. The expireOldFailedAttempts function modifies an array while it is being iterated over. This issue may cause an application crash when executed in a multi-threaded environment if two threads interact with the same array...

7.5CVSS7.4AI score0.01176EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/03/04 9:32 a.m.•59 views

CVE-2024-27351

An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service...

7.5CVSS7AI score0.01854EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/19 3:51 p.m.•59 views

CVE-2024-1627

No description is available for this CVE...

7.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/29 9:25 a.m.•59 views

CVE-2023-46752

A data mishandling vulnerability was found in FRRouting. A malformed MPREACHNLRI data can lead to a crash, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising...

5.9CVSS7.4AI score0.00849EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/22 10:55 a.m.•59 views

CVE-2023-4921

A use-after-free flaw was found in qfqdequeue and aggdequeue in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This issue may allow a local user to crash the system or escalate their privileges on the system. Mitigation Mitigation for this issue is to skip loading th...

7.8CVSS7.1AI score0.00396EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/10/16 4:16 a.m.•59 views

CVE-2018-25091

A flaw was found in the urllib3 package. Affected versions of this package are vulnerable to information exposure through sent data when the authorization HTTP header is not removed during a cross-origin redirect. An attacker can expose credentials in the authorization header to unintended hosts ...

6.1CVSS7.5AI score0.04488EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/28 7:24 a.m.•59 views

CVE-2023-20555

A flaw was found in hw. Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer, potentially leading to arbitrary code execution in SMM. Mitigation Please contact AMD for further informatio...

8.2CVSS7.8AI score0.00299EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/09 7:48 a.m.•59 views

CVE-2023-34319

A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service DoS of the host by sending network packets to the backend, causing the backend to crash...

5.5CVSS6.7AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/25 8:51 a.m.•59 views

CVE-2023-37903

A flaw was found in the vm2 custom inspect function, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

9.8CVSS6.3AI score0.0279EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/07/20 1:37 p.m.•59 views

CVE-2023-3812

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigati...

7.8CVSS7.5AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/26 6:48 p.m.•59 views

CVE-2023-33733

A vulnerability was found in python-reportlab. This flaw allows an attacker to execute arbitrary code by supplying a crafted PDF file...

7.8CVSS7.7AI score0.02123EPSS
Exploits6References3
RedhatCVE
RedhatCVE
•added 2023/06/14 5:48 a.m.•59 views

CVE-2023-24895

A flaw was found in dotnet. This issue can allow remote code execution when WPF is handling XAML Frame elements...

7.8CVSS8.1AI score0.01058EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/05/19 4:10 a.m.•59 views

CVE-2023-31655

A vulnerability was found in the Redis package. This security flaw causes a segmentation violation in redisraft.c. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deploymen...

7.5CVSS7.1AI score0.01028EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/14 5:13 a.m.•59 views

CVE-2022-25967

A flaw was found in the ETA npm package. Affected versions of this package are vulnerable to remote code execution RCE by overwriting template engine configuration variables with view options received from The Express render API...

8.8CVSS6.6AI score0.01995EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/02/14 5:57 p.m.•59 views

CVE-2023-25725

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

8.2CVSS8.6AI score0.05493EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/06 5:26 a.m.•59 views

CVE-2022-23498

A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a data source where the caching is enabled can acquire another user’s session. Mitigation To mitigate the vulnerability,...

8.8CVSS3AI score0.01132EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/25 4:13 p.m.•59 views

CVE-2022-3736

A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. Mitigation Setting stale-answer-client-timeout to 0 or to off/disabled will...

7.5CVSS7.3AI score0.5017EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/24 4:36 a.m.•59 views

CVE-2022-39193

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression...

3.5CVSS5.4AI score0.00601EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/11/23 7:26 p.m.•59 views

CVE-2022-42895

An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfreq function. An attacker with physical access within the range of standard Bluetooth transmission could use thi...

6.5CVSS4.9AI score0.00392EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/14 7:28 p.m.•59 views

CVE-2022-3517

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

7.5CVSS4.3AI score0.01674EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/30 5:18 p.m.•59 views

CVE-2022-39956

A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection...

7.3CVSS1.2AI score0.00952EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/26 9:49 a.m.•59 views

CVE-2022-41317

A flaw was found in squid. A trusted client can directly access the cache manager information, bypassing the manager ACL protection and resulting in information disclosure. Mitigation Adding the following line to the squid.conf file is a workaround: acl manager urlregex +i...

6.5CVSS6.6AI score0.0169EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/05 5:58 a.m.•59 views

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

7.5CVSS2.4AI score0.03213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/30 6:40 p.m.•59 views

CVE-2022-38149

A vulnerability was found in the HashiCorp Consul Template. This issue may reveal the contents of a Vault secret when used with an invalid template...

7.5CVSS0.7AI score0.00718EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/09 1:37 p.m.•59 views

CVE-2022-2581

A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

7.8CVSS5.6AI score0.00481EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/12 10:14 a.m.•59 views

CVE-2022-1955

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

4.2AI score0.00361EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/05/18 10:42 p.m.•59 views

CVE-2022-1473

A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously to trigger this vulnerability, resulting in a loss of application availability. Mitigation Red H...

7.5CVSS1.6AI score0.02386EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/11 7:8 p.m.•59 views

CVE-2022-1622

An out-of-bounds read vulnerability was found in Libtiff's LZWDecode function in libtiff/tiflzw.c. This flaw allows an attacker to perform a denial-of-service attack via a crafted tiff file, leading to the application crashing...

5.5CVSS4.5AI score0.01664EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/05/07 1:58 p.m.•59 views

CVE-2022-0235

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS3.4AI score0.01646EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/06 5:10 p.m.•59 views

CVE-2022-21418

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

5CVSS2.9AI score0.01064EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/06 5:9 p.m.•59 views

CVE-2022-21417

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS2.1AI score0.01414EPSS
Exploits0References3
Total number of security vulnerabilities5000