Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
added 2023/06/14 5:48 a.m.58 views

CVE-2023-24895

A flaw was found in dotnet. This issue can allow remote code execution when WPF is handling XAML Frame elements...

7.8CVSS8.1AI score0.01058EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/05/18 4:27 a.m.58 views

CVE-2023-32082

A flaw was found in etcd. Affected versions of etcd allow a remote, authenticated attacker to use the LeaseTimeToLive API to obtain sensitive information...

3.1CVSS5.9AI score0.00744EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/03/06 8:59 a.m.58 views

CVE-2023-1195

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request. Mitigation Mitigation for this issue is either not available or the...

5.5CVSS2AI score0.00208EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/02/14 5:57 p.m.58 views

CVE-2023-25725

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

8.2CVSS8.6AI score0.05493EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/02/07 5:27 p.m.58 views

CVE-2022-4203

A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the...

4.9CVSS6.3AI score0.01481EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/11/23 7:26 p.m.58 views

CVE-2022-42895

An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfreq function. An attacker with physical access within the range of standard Bluetooth transmission could use thi...

6.5CVSS4.9AI score0.00392EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/10/31 5:26 a.m.58 views

CVE-2022-3725

A vulnerability was found in Wireshark. This flaw causes a crash in the OPUS protocol dissector in Wireshark, leading to a denial of service via packet injection or a crafted capture file...

7.5CVSS2.8AI score0.008EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/09/30 5:18 p.m.58 views

CVE-2022-39956

A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection...

7.3CVSS1.2AI score0.00952EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/09/26 9:49 a.m.58 views

CVE-2022-41317

A flaw was found in squid. A trusted client can directly access the cache manager information, bypassing the manager ACL protection and resulting in information disclosure. Mitigation Adding the following line to the squid.conf file is a workaround: acl manager urlregex +i...

6.5CVSS6.6AI score0.0169EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/08/16 9:8 a.m.58 views

CVE-2022-2835

A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc. Mitigation Consider adding the svc namespace to the DNS operator to prevent a low-privileged user from creating it. Alternatively...

4.4CVSS2.7AI score0.00174EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/07/18 4:59 p.m.58 views

CVE-2022-24724

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing table.c:rowfromstring may lead to heap memory corruption when parsing tables who's marker rows contain mor...

9.8CVSS4.2AI score0.04192EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2022/07/07 4:12 p.m.58 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8CVSS3.2AI score0.01154EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/06/08 4:9 p.m.58 views

CVE-2022-32547

A flaw was found in ImageMagick, where there is a load of a misaligned address for type 'double,' which requires 8-byte alignment, and for type 'float,' which requires 4-byte alignment at MagickCore/property.c. Whenever ImageMagick processes crafted or untrusted input, this causes a negative impa...

7.8CVSS2.8AI score0.01327EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/05/24 8:13 a.m.58 views

CVE-2022-29163

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

4.3CVSS3.9AI score0.01015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/05/17 4:10 p.m.58 views

CVE-2022-22976

A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor 31 due to an integer overflow error...

5.3CVSS2.8AI score0.02139EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/11 7:8 p.m.58 views

CVE-2022-1622

An out-of-bounds read vulnerability was found in Libtiff's LZWDecode function in libtiff/tiflzw.c. This flaw allows an attacker to perform a denial-of-service attack via a crafted tiff file, leading to the application crashing...

5.5CVSS4.5AI score0.01664EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/05/11 7:37 a.m.58 views

CVE-2022-30115

A vulnerability was found in curl. This issue occurs because when using its HTTP Strict Transport SecurityHSTS support, it can instruct curl to use HTTPS directly instead of using an insecure clear text HTTP step even when HTTP is provided in the URL. This flaw leads to a clear text transmission ...

5.3CVSS0.01118EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/05/10 5:31 p.m.58 views

CVE-2022-23267

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS2.3AI score0.04935EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/07 1:58 p.m.58 views

CVE-2022-0235

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS3.4AI score0.01646EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/04/20 5:24 a.m.58 views

CVE-2022-28739

A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...

7.5CVSS3.3AI score0.04127EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/04/13 9:22 a.m.58 views

CVE-2022-29041

A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with...

6.4CVSS2.6AI score0.00825EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/04/04 4:26 p.m.58 views

CVE-2022-27943

A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangleconst function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a...

5.5CVSS5.6AI score0.00892EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/03/23 9:3 p.m.58 views

CVE-2022-24772

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...

7.5CVSS3.7AI score0.01015EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/03/20 2:32 p.m.58 views

CVE-2022-0854

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat...

5.5CVSS1.1AI score0.00465EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/03/03 9:51 p.m.58 views

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...

7.5CVSS2AI score0.0193EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/25 3:18 p.m.58 views

CVE-2022-26126

frrouting is vulnerable to a flaw that can cause stack overflow due to processing binary data as simple string data. Since c string data is not being processed when processing packets , correct binary aware functions should be used. There is high impact to availability due to the fact that the...

7.8CVSS4.1AI score0.01068EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/02/17 3:48 p.m.58 views

CVE-2022-25308

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service...

7.8CVSS4.3AI score0.00508EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/02/07 10:20 a.m.58 views

CVE-2022-24448

A flaw was found in the Linux kernel. When an application tries to open a directory using the ODIRECTORY flag in a mounted NFS filesystem, a lookup operation is performed. If the NFS server returns a file as a result of the lookup, the NFS filesystem returns an uninitialized file descriptor inste...

3.3CVSS2AI score0.00397EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/07 8:48 a.m.58 views

CVE-2022-23707

A Cross-Site Scripting XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permission to create index patterns can inject malicious javascript into the index pattern, which could execute against other users...

8.1CVSS2.9AI score0.00527EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/01/24 4:56 p.m.58 views

CVE-2022-20612

A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...

4.3CVSS2.1AI score0.01779EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/01/13 4:15 p.m.58 views

CVE-2021-43612

An out-of-bounds read vulnerability is present in lldpd. An attacker on the same network as the vulnerable system may use this vulnerability to leak memory data from the application or crash it by sending shorter SONMP packets than what is expected...

7.5CVSS2.1AI score0.01142EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/01/13 6:46 a.m.58 views

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS2AI score0.37951EPSS
Exploits7References3
RedhatCVE
RedhatCVE
added 2022/01/12 11:23 p.m.58 views

CVE-2022-22748

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol...

6.5CVSS1.6AI score0.00737EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/01/12 11:23 p.m.58 views

CVE-2022-22751

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these...

8.8CVSS2.1AI score0.0087EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/12/23 9:11 p.m.58 views

CVE-2021-4158

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Mitigation Mitigation for this issue is either not available or the currently...

6CVSS1.6AI score0.00375EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/12/21 12:20 p.m.58 views

CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...

4.3CVSS3.6AI score0.01268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/10/22 4:44 p.m.58 views

CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

8.8CVSS1.9AI score0.00501EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/09/24 10:45 a.m.58 views

CVE-2021-41073

A flaw was found in looprwiter in fs/iouring.c in the Linux kernel. This problem gives the ability to a local user with a normal user privilege to free a user-defined kernel space buffer. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the...

7.8CVSS2AI score0.01692EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2021/09/07 11:37 a.m.58 views

CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS4.3AI score0.0142EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/09/06 5:22 p.m.58 views

CVE-2021-39252

The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.1AI score0.00426EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/08/25 6:58 p.m.58 views

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

6.5CVSS2.6AI score0.05918EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/08/18 4:32 p.m.58 views

CVE-2021-31556

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob...

9.8CVSS3.7AI score0.01615EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/08/10 9:50 p.m.58 views

CVE-2021-2372

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.4CVSS2.1AI score0.02956EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/02 8:49 a.m.58 views

CVE-2020-19716

There's a flaw in exiv2. An attacker able to submit a crafted file to an application linked with exiv2 could trigger excessive resource consumption or a null pointer dereference, leading to an impact to application availability...

6.5CVSS2.5AI score0.0114EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/02 8:49 a.m.58 views

CVE-2020-19715

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13110 Reason: This candidate is a duplicate of CVE-2019-13110. Notes: All CVE users should reference CVE-2019-13110 instead of this candidate...

6.5CVSS6.1AI score0.01925EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/07/30 5:50 a.m.58 views

CVE-2021-3639

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

6.1CVSS2.7AI score0.00752EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/07/02 4:45 p.m.58 views

CVE-2021-21705

A flaw was found in php. Currently, php's FILTERVALIDATEURL check doesn't recognize some non-compliant RFC 3986 URLs and returns them as valid. This flaw allows an attacker to craft URLs, which depending on how the URL filter checking is used on the application side, lead to Server Side Request...

5.3CVSS2.4AI score0.01945EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/05/19 12:27 a.m.58 views

CVE-2021-29953

A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. Note: This issue only affected Firefox for Android. Other operating systems are unaffected...

6.1CVSS3.3AI score0.00647EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/05/19 12:27 a.m.58 views

CVE-2021-29952

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox 88.0.1 and Firefox for Android 88.1.3...

7.5CVSS2.4AI score0.0073EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/04/01 6:17 p.m.58 views

CVE-2021-28165

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS1.9AI score0.53861EPSS
Exploits1References4
Total number of security vulnerabilities5000