Lucene search
K
RedhatcveMost viewed

206286 matches found

RedhatCVE
RedhatCVE
•added 2023/09/07 7:35 a.m.•171 views

CVE-2023-4623

A use-after-free flaw was found in the Linux kernel's net/sched: schhfsc HFSC qdisc traffic control component that can be exploited to achieve local privilege escalation. If a class with a link-sharing curve, for example, with the HFSCFSC flag set, has a parent without a link-sharing curve, then...

7.8CVSS7.4AI score0.00287EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/22 5:50 p.m.•170 views

CVE-2023-35116

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS5.7AI score0.00352EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/05 1:36 p.m.•170 views

CVE-2022-24903

A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code...

8.1CVSS7.1AI score0.03821EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/13 6:9 p.m.•169 views

CVE-2024-23322

A flaw was found in the Envoy proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when hedgeonpertrytimeout is enabled, pertryidletimeout is enabled it can only be done in configuration, and per-try-timeout is enabled, either through headers or...

7.5CVSS7.1AI score0.00679EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/19 12:47 p.m.•169 views

CVE-2022-41853

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default. Mitigation By default, the static methods of any class that is on the classpath are available for u...

9.8CVSS9.1AI score0.03519EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2019/04/11 8:59 a.m.•169 views

CVE-2019-0227

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

8CVSS3.8AI score0.86503EPSS
Exploits7References4
RedhatCVE
RedhatCVE
•added 2022/09/22 4:48 a.m.•168 views

CVE-2022-3204

A vulnerability was found in unbound. The attack can cause a resolver to spend a lot of time and resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. This issue can trigger high CPU usage in some resolver implementations tha...

7.5CVSS7.1AI score0.01259EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/07 5:18 a.m.•167 views

CVE-2023-29409

A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying...

5.3CVSS6.2AI score0.01328EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2022/05/07 2:30 p.m.•167 views

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

10CVSS4.4AI score0.99999EPSS
Exploits350References4
RedhatCVE
RedhatCVE
•added 2023/12/11 6:27 a.m.•166 views

CVE-2023-50164

A flaw was found in Apache Struts. Affected versions of this package are vulnerable to Remote Code Execution RCE via manipulation of file upload parameters that enable path traversal. Under certain conditions, uploading a malicious file is possible, which may then be executed on the server...

9.8CVSS7.4AI score0.80819EPSS
Exploits15References4
RedhatCVE
RedhatCVE
•added 2022/07/29 10:9 a.m.•166 views

CVE-2022-2522

A heap buffer overflow vulnerability was found in vim's inscomplinfercasegettext function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file,...

7.8CVSS2.9AI score0.00552EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/18 12:41 a.m.•166 views

CVE-2020-8840

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

9.8CVSS3.5AI score0.26587EPSS
Exploits5References3
RedhatCVE
RedhatCVE
•added 2021/03/09 3:34 p.m.•166 views

CVE-2021-28041

A double-free memory corruption flaw was found in OpenSSH 8.2, more specifically in ssh-agent application. This flaw allows an attacker with access to the agent socket to forward an agent either to an account shared with a malicious user or to a host with an attacker holding root access. The...

7.1CVSS3.3AI score0.03422EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/02/14 9:34 p.m.•165 views

CVE-2024-23323

A flaw was found in the Envoy proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers...

5.3CVSS7.2AI score0.00504EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/25 1:49 p.m.•165 views

CVE-2023-3611

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation Mitigation for this issue is to skip loading the...

7.8CVSS6.5AI score0.00274EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/07 2:29 p.m.•164 views

CVE-2021-4104

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

10CVSS4.7AI score0.99999EPSS
Exploits349References7
RedhatCVE
RedhatCVE
•added 2022/08/18 5:17 a.m.•163 views

CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

7.1CVSS2.1AI score0.0152EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/11 9:24 a.m.•163 views

CVE-2021-3997

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

5.5CVSS2AI score0.01561EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/30 7:13 a.m.•162 views

CVE-2023-26464

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

7.5CVSS7.1AI score0.01905EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/27 8:3 p.m.•162 views

CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS7AI score0.56636EPSS
Exploits15References4
RedhatCVE
RedhatCVE
•added 2024/06/03 1:32 p.m.•161 views

CVE-2024-29415

A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securi...

9.8CVSS8.6AI score0.08279EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/10/02 4:18 p.m.•160 views

CVE-2021-27853

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers...

5.3CVSS2.1AI score0.0069EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/08/19 5:38 a.m.•160 views

CVE-2022-34175

Jenkins 2.335 through 2.355 both inclusive allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view...

7.5CVSS4.4AI score0.01288EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/08 8:1 p.m.•160 views

CVE-2022-28614

An out-of-bounds read vulnerability was found in httpd. A very large input to the aprputs and aprwrite functions can lead to an integer overflow and result in an out-of-bounds read...

5.3CVSS1.3AI score0.04428EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/21 9:39 a.m.•159 views

CVE-2023-52434

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. Mitigation To mitigate this issue, prevent module cifs from being loaded...

5.9CVSS7.7AI score0.00566EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/09/06 6:5 p.m.•158 views

CVE-2023-3777

A use-after-free flaw was found in the Linux kernel's netfilter: nftables component, which can be exploited to achieve local privilege escalation. When nftablesdelrule is flushing table rules, it is not checked whether the chain is bound, and the chain's owner rule can release the objects in...

7.8CVSS7.8AI score0.00413EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/13 5:51 a.m.•158 views

CVE-2019-20149

A flaw was found in nodejs-kind-of. An external user is allowed input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

7.5CVSS3.1AI score0.02278EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/08/17 1:38 p.m.•157 views

CVE-2022-25168

A flaw was found in the hadoop-common package. This flaw allows an attacker to benefit from command injection using the org.apache.hadoop.fs.FileUtil.unTarUsingTar function...

9.8CVSS4.1AI score0.03259EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/06 7:12 a.m.•156 views

CVE-2024-24786

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

5.9CVSS6.2AI score0.01262EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/01/15 7:31 p.m.•155 views

CVE-2024-0565

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. Mitigation To mitigate this issue, prevent modul...

6.8CVSS6.8AI score0.01999EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/29 11:9 p.m.•155 views

CVE-2020-11022

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

4.3CVSS1AI score0.99019EPSS
Exploits7References4
RedhatCVE
RedhatCVE
•added 2015/10/30 9:58 a.m.•154 views

CVE-1999-0524

ICMP information such as 1 netmask and 2 timestamp is allowed from arbitrary hosts...

2.1CVSS7.1AI score0.31586EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2024/08/16 12:12 a.m.•152 views

CVE-2024-7347

A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service. Mitigation Restrict publishing of audio and video to trusted users only...

4.7CVSS4.8AI score0.0032EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/05 6:36 a.m.•152 views

CVE-2022-2668

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

6.4CVSS2.1AI score0.00834EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/07 2:28 a.m.•152 views

CVE-2022-1970

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: The originally reported issue in https://github.com/syedsohaibkarim/OpenRedirect-Keycloak18.0.0 is a known misconfiguration, and recommendation already exists in the Keycloak documentation to...

6.2AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/07 2:17 p.m.•152 views

CVE-2021-4155

A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. Mitigation This issue can be mitigated by ensuring...

5.5CVSS6.4AI score0.00289EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/15 2:43 p.m.•152 views

CVE-2022-23943

An out-of-bounds read/write vulnerability was found in the modsed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using modsed with data provided by the attacker. Mitigation Disabling modsed and restarting httpd will mitigate this flaw. See...

9.8CVSS8.9AI score0.50401EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/27 7:52 p.m.•151 views

CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

8.4CVSS6.8AI score0.02242EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2021/08/03 1:28 p.m.•151 views

CVE-2021-33195

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS2.6AI score0.03231EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/06/06 1:54 a.m.•151 views

CVE-2021-33503

A flaw was found in python-urllib3. When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking. This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect. T...

7.5CVSS0.9AI score0.03273EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/10 5:35 p.m.•151 views

CVE-2019-25017

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned only directory traversa...

7.4CVSS1.4AI score0.58204EPSS
Exploits11References4
RedhatCVE
RedhatCVE
•added 2023/06/20 8:14 a.m.•150 views

CVE-2023-35823

A race condition was found in the Linux kernel's saa7134 device driver. This occurs when removing the module before cleanup in the saa7134finidev function which can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors...

6.7CVSS6.5AI score0.00199EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/04 8:10 p.m.•150 views

CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

9.8CVSS3.2AI score0.0301EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/01/17 9:34 a.m.•149 views

CVE-2024-0639

A denial of service vulnerability due to a deadlock was found in sctpautoasconfinit in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. Mitigation Mitigation for this issue is either...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/22 9:43 a.m.•149 views

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

7.8CVSS7.1AI score0.0788EPSS
Exploits14References4
RedhatCVE
RedhatCVE
•added 2022/09/19 5:43 a.m.•149 views

CVE-2022-3172

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties...

5.1CVSS2.7AI score0.02464EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/10/05 1:27 p.m.•149 views

CVE-2021-41773

A path transversal flaw was found in Apache 2.4.49. A remote attacker could use this flaw to map URLs to files outside the expected document root. Additionally this flaw could leak the source of interpreted files like CGI scripts...

7.5CVSS2AI score0.99992EPSS
Exploits148References5
RedhatCVE
RedhatCVE
•added 2024/04/25 6:7 p.m.•148 views

CVE-2024-33599

A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity. Mitigation...

7.6CVSS8.3AI score0.0131EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/07 3:32 p.m.•148 views

CVE-2024-1312

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the masprevslot function. This issue could allow a local user to crash the system. Mitigation Mitigation for this issue is either not available or the...

5.1CVSS4.5AI score0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/16 4:16 a.m.•148 views

CVE-2023-5178

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead t...

8.8CVSS8.8AI score0.09141EPSS
Exploits2References4
Total number of security vulnerabilities5000