Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2022/05/10 5:31 p.m.•60 views

CVE-2022-23267

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS2.3AI score0.05041EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/06 5:10 p.m.•60 views

CVE-2022-21418

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

5CVSS2.9AI score0.01101EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/06 5:9 p.m.•60 views

CVE-2022-21417

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS2.1AI score0.01496EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/06 4:56 p.m.•60 views

CVE-2022-21460

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.4CVSS4.1AI score0.01359EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/05 6:24 a.m.•60 views

CVE-2022-1587

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength function of the pcre2jitcompile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers...

9.1CVSS3.7AI score0.02413EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/20 8:23 a.m.•60 views

CVE-2022-21476

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

7.5CVSS2.2AI score0.04046EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/20 5:24 a.m.•60 views

CVE-2022-28739

A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...

7.5CVSS3.3AI score0.04127EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/22 5:41 p.m.•60 views

CVE-2022-24731

A path traversal flaw was found in ArgoCD. This flaw allows an attacker who has been granted create or update access to applications to leak the contents of any text file on the repo-server by crafting a malicious Helm chart. Such text files could include sensitive information that the attacker...

6.8CVSS4AI score0.00923EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/20 2:32 p.m.•60 views

CVE-2022-0854

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat...

5.5CVSS1.1AI score0.00465EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/03/15 7:48 a.m.•60 views

CVE-2022-0924

A heap buffer overflow flaw was found in Libtiffs' cpContigBufToSeparateBuf function of the tiffcp.c file. This flaw allows an attacker with a crafted TIFF file to trigger a heap out-of-bounds read access issue, causing a crash that leads to a denial of service...

6.1CVSS6.2AI score0.0133EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/25 8:0 p.m.•60 views

CVE-2022-24615

zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library...

5.5CVSS4AI score0.00698EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/15 4:29 a.m.•60 views

CVE-2022-0581

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

7.5CVSS3.4AI score0.01839EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/08 7:14 p.m.•60 views

CVE-2022-219862

A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service...

7.5CVSS5.2AI score0.03739EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2022/02/07 10:20 a.m.•60 views

CVE-2022-24448

A flaw was found in the Linux kernel. When an application tries to open a directory using the ODIRECTORY flag in a mounted NFS filesystem, a lookup operation is performed. If the NFS server returns a file as a result of the lookup, the NFS filesystem returns an uninitialized file descriptor inste...

3.3CVSS2AI score0.00397EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/27 5:28 p.m.•60 views

CVE-2022-21363

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...

6.6CVSS4.9AI score0.0132EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/24 5:32 p.m.•60 views

CVE-2022-22824

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

9.8CVSS2.1AI score0.03376EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/24 4:56 p.m.•60 views

CVE-2022-20612

A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...

4.3CVSS2.1AI score0.01779EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•60 views

CVE-2022-22741

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When resizing a popup and requesting fullscreen access, the popup would have become unable to leave fullscreen mode...

7.5CVSS1.7AI score0.00652EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•60 views

CVE-2022-22737

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Constructing audio sinks could have led to a race condition when playing audio files and closing windows. This could have lead to a use-after-free issue, causing a potentially exploitable crash...

7.5CVSS2.5AI score0.0075EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/11/22 8:20 p.m.•60 views

CVE-2020-17049

It was found that the Kerberos Key Distribution Center KDC delegation feature, Service for User S4U, did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user...

9CVSS7.5AI score0.13794EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/19 3:20 p.m.•60 views

CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. ...

5CVSS6.1AI score0.02085EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2021/10/28 5:0 a.m.•60 views

CVE-2021-25219

A flaw was found in the way bind processes broken responses from authoritative servers. This caching mechanism could be abused by an attacker to significantly degrade resolver performance. Mitigation The vulnerability has been mitigated by changing the default value of lame-ttl to 0...

5.3CVSS4.5AI score0.08001EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/11 5:12 a.m.•60 views

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

7.8CVSS4.2AI score0.00515EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/16 3:5 p.m.•60 views

CVE-2021-23440

A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or...

9.8CVSS4.6AI score0.02475EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/09/06 5:22 p.m.•60 views

CVE-2021-39256

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.2AI score0.00455EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/31 5:10 p.m.•60 views

CVE-2021-37701

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS1.5AI score0.03286EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/08/24 2:18 p.m.•60 views

CVE-2021-39358

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

7.5CVSS3.7AI score0.01469EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 6:57 p.m.•60 views

CVE-2021-38207

A flaw was found in the Linux kernel. A buffer overflow and lockup, leading to a denial of service, can occur when a remote attacker sends heavy network traffic for approximately ten minutes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.5CVSS3.7AI score0.03354EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 6:26 p.m.•60 views

CVE-2021-38206

A flaw was found on the Linux kernel. A NULL pointer dereference in the radiotap parser, leading to a denial of service, can occur in the mac80211 subsystem when a device supports only 5 GHz is used and frames with 802.11a rates are injected. The highest threat from this vulnerability is to syste...

6.5CVSS0.8AI score0.00269EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 4:20 a.m.•60 views

CVE-2021-29989

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.13,...

8.8CVSS2.9AI score0.01268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•60 views

CVE-2021-2412

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.02088EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/20 2:50 p.m.•60 views

CVE-2019-25051

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist...

7.8CVSS3.6AI score0.00549EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2021/07/07 9:52 p.m.•60 views

CVE-2021-32066

Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...

7.4CVSS1.2AI score0.02909EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/01 5:22 p.m.•60 views

CVE-2021-34824

A flaw was found in istio. Any client authorized to access Istio XDS API can retrieve any cached gateway TLS certificate and private keys. The highest threat from this vulnerability is to data confidentiality. Mitigation This vulnerability can be mitigated by disabling istiod caching. This is...

9.1CVSS2.2AI score0.01972EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/06/28 9:49 p.m.•60 views

CVE-2021-25321

A UNIX Symbolic Link Symlink Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon th...

7.8CVSS3.7AI score0.00441EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/06/27 1:54 p.m.•60 views

CVE-2019-11091

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

5.6CVSS5.3AI score0.00607EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/27 12:24 p.m.•60 views

CVE-2020-14040

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...

5CVSS3.7AI score0.01855EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/05/28 12:46 a.m.•60 views

CVE-2021-25945

A flaw has been identified in js-extend. A prototype pollution vulnerability allows attackers to cause a denial of service and may lead to remote code execution. The highest threat from this vulnerability is to system availability...

9.8CVSS6.5AI score0.02961EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/05/19 12:26 a.m.•60 views

CVE-2020-26146

A vulnerability was found in Linux kernel, where the WiFi implementation reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP...

5.3CVSS2.1AI score0.05622EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/05 6:15 p.m.•60 views

CVE-2021-29477

A flaw was found in redis. An integer overflow bug could be exploited to corrupt the heap and potentially result with remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The flaw can be mitigated by...

8.8CVSS2.2AI score0.04028EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/29 3:48 a.m.•60 views

CVE-2021-25215

A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability. Mitigation Red Hat has investigated whether a possible...

7.5CVSS7.6AI score0.11296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/20 3:0 p.m.•60 views

CVE-2021-29155

A vulnerability was discovered in retrieveptrlimit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads Spectre mitigation. In this flaw a local, special user privileged CAPSYSADMIN BPF program running on affected systems may bypass the protection,...

5.5CVSS2.8AI score0.01071EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/12 9:16 p.m.•60 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...

5.8CVSS3.5AI score0.10608EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/02/18 7:13 p.m.•60 views

CVE-2020-24503

Insufficient access control in some IntelR Ethernet E810 Adapter drivers for Linux may allow an authenticated user to potentially enable information disclosure via local access...

5.5CVSS4.6AI score0.00345EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/20 8:55 a.m.•60 views

CVE-2021-3177

A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack an...

9.8CVSS2.1AI score0.23293EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/01/11 12:51 a.m.•60 views

CVE-2020-15969

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.7AI score0.01705EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/12/10 6:11 p.m.•60 views

CVE-2020-29661

A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS1.3AI score0.01129EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2020/08/26 10:9 a.m.•60 views

CVE-2020-24606

A flaw was found in squid. A denial of service attack is possible due to an improper input validation. The highest threat from this vulnerability is to system availability. Mitigation Add the no-digest option to all cachepeer lines in squid.conf...

7.5CVSS2.3AI score0.05162EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/07/13 7:12 a.m.•60 views

CVE-2020-15104

An improper certificate validation vulnerability was found in envoyproxy/envoy, when externally created certificates with wildcards in the DNS Subject Alternative Name are used. This flaw allows an attacker to subvert the envoy filter or destination rules to access restricted resources. The highe...

5.5CVSS6.1AI score0.00252EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/06/29 2:20 p.m.•60 views

CVE-2020-15358

A heap buffer overflow was found in SQLite in the query flattening optimization technique. This flaw allows an attacker to execute SQL statements to crash the application, resulting in a denial of service...

2.1CVSS3.5AI score0.01027EPSS
Exploits1References3
Total number of security vulnerabilities5000