Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2021/07/30 5:50 a.m.•58 views

CVE-2021-3639

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

6.1CVSS2.7AI score0.00752EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/20 9:41 p.m.•58 views

CVE-2018-3620

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

5.6CVSS6.2AI score0.84172EPSS
Exploits5References2
RedhatCVE
RedhatCVE
•added 2021/02/22 8:16 a.m.•58 views

CVE-2021-20257

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits tx descriptors in processtxdesc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial o...

6.5CVSS1.9AI score0.00358EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/11/17 2:8 p.m.•58 views

CVE-2020-25660

A flaw was found in the Cephx authentication protocol, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform...

8.8CVSS3.5AI score0.01374EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2020/10/14 9:1 p.m.•58 views

CVE-2020-12352

An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP Alternate MAC-PHY Manager Protocol packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory o...

6.5CVSS1AI score0.05714EPSS
Exploits4References6
RedhatCVE
RedhatCVE
•added 2020/10/02 2:6 a.m.•58 views

CVE-2020-26116

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

7.2CVSS7.2AI score0.0642EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/10/01 2:51 p.m.•58 views

CVE-2020-25643

A flaw was found in the HDLCPPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data...

7.5CVSS0.9AI score0.03292EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/07/13 7:16 p.m.•58 views

CVE-2019-20907

A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. Mitigation This flaw can be mitigated by not opening untrusted files with tarfile...

7.5CVSS1.6AI score0.06304EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/16 1:3 p.m.•58 views

CVE-2020-11668

A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' in the Linux kernel. The driver mishandles invalid descriptors leading to a denial-of-service DoS. This could allow a local attacker with user privilege to crash the system or leak kernel internal information...

7.1CVSS6.7AI score0.00487EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/14 9:33 p.m.•58 views

CVE-2020-2754

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS2.5AI score0.04128EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/09 10:53 a.m.•58 views

CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

6.5CVSS3.5AI score0.05406EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2020/04/07 11:26 a.m.•58 views

CVE-2019-2988

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS4.5AI score0.03155EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/04 5:35 a.m.•58 views

CVE-2019-15118

A flaw was found in the sound mixer handling of the Linux kernel. An attacker with physical access able to insert a specially crafted USB device can cause a recursive loop which continues to consume the reserved stack space leading to a system panic. The highest threat from this vulnerability is ...

6.5CVSS0.6AI score0.00761EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/31 8:47 a.m.•58 views

CVE-2019-15219

A NULL pointer dereference flaw was found in the way the USB2VGA dongles driver in the Linux kernel handled failed initialization. This flaw allows an attacker able to insert USB2VGA dongles into the system to crash the system. Mitigation To mitigate this issue, prevent module sisusbvga from bein...

4.9CVSS1.3AI score0.00712EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/02/25 6:40 a.m.•58 views

CVE-2020-1935

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

5.8CVSS7.6AI score0.09386EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2020/02/02 2:38 p.m.•58 views

CVE-2019-15031

A flaw in the Linux kernel on the PowerPC platform, was found where a local user can read vector registers of other user processes during a hardware interrupt. An attacker must start a transaction when the FPU operation begins or there is no leakage. Vector registers will become corrupted with...

4.4CVSS2AI score0.00555EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/01/19 9:40 a.m.•58 views

CVE-2018-20783

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to pharparsepharfile in...

7.5CVSS5AI score0.0566EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2019/05/28 5:50 p.m.•58 views

CVE-2018-15664

A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on t...

7.5CVSS1.2AI score0.03398EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2018/03/26 2:48 p.m.•58 views

CVE-2017-15710

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

7.5CVSS1.5AI score0.18197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2018/03/26 4:49 a.m.•58 views

CVE-2018-1283

It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...

5.3CVSS2.1AI score0.10118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/12/18 8:49 a.m.•58 views

CVE-2017-17712

A flaw was found in the Linux kernel's implementation of rawsendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of creating raw sockets, can abuse a possible race condition when setting the socket option to allow the kernel...

7.8CVSS2.9AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/10/26 1:49 p.m.•58 views

CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

5.3CVSS4.8AI score0.03359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/06/30 4:48 a.m.•58 views

CVE-2017-3143

A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG0 signature for a dynamic update request. Mitigation Th...

7.5CVSS0.7AI score0.18299EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2016/12/20 8:47 a.m.•58 views

CVE-2016-10011

It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information...

5.5CVSS2.4AI score0.01101EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2016/12/15 8:18 p.m.•58 views

CVE-2016-6663

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

7CVSS1.1AI score0.04313EPSS
Exploits17References2
RedhatCVE
RedhatCVE
•added 2016/06/27 6:49 a.m.•58 views

CVE-2016-4997

A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled wit...

7.8CVSS4.9AI score0.05676EPSS
Exploits10References1
RedhatCVE
RedhatCVE
•added 2016/06/10 4:25 p.m.•58 views

CVE-2016-1583

It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to...

8.1CVSS4.9AI score0.01393EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2016/05/05 9:48 a.m.•58 views

CVE-2016-4486

The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

2.1CVSS3.2AI score0.0171EPSS
Exploits4References1
RedhatCVE
RedhatCVE
•added 2026/01/09 9:30 a.m.•57 views

CVE-2023-29425

Cross-Site Request Forgery CSRF vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

8.8CVSS7.1AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/08/17 3:24 p.m.•57 views

CVE-2025-55207

Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the...

6.9CVSS7AI score0.00572EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/03/22 8:30 p.m.•57 views

CVE-2024-22029

A flaw was found in the Tomcat package of OpenSUSE and derived distributions. This issue occurs due to incorrect permissions and a race condition in the %post section of the Tomcat RPM package, resulting in local privilege escalation when the Tomcat package is re-installed...

7CVSS6.5AI score0.00182EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/03/21 11:3 p.m.•57 views

CVE-2024-26642

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFTSETEVAL to ensure legacy meters still work...

4.7CVSS7.4AI score0.00257EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/31 2:7 p.m.•57 views

CVE-2023-6780

An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...

5.3CVSS7.6AI score0.04794EPSS
Exploits8References5
RedhatCVE
RedhatCVE
•added 2024/01/17 9:13 a.m.•57 views

CVE-2024-20919

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

5.9CVSS6.8AI score0.00792EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/07 12:35 p.m.•57 views

CVE-2023-45285

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available. Mitigation This issue only affects users who are not using the module proxy and are fetching modules directly i.e...

7.5CVSS6.7AI score0.01137EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/11/17 12:50 p.m.•57 views

CVE-2023-48236

A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAXINT. The impact is low because user interaction is required and a crash may not happen in all situations. Mitigation Mitigation for this issue is...

4.3CVSS4.7AI score0.00688EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/10/09 8:24 a.m.•57 views

CVE-2023-39189

A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnlosfaddcallback function did not validate the user mode controlled optnum field. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, leading to a crash or information disclosure...

5.1CVSS6.4AI score0.00411EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/05 4:54 p.m.•57 views

CVE-2023-3171

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result i...

7.5CVSS6.8AI score0.00851EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/15 11:54 a.m.•57 views

CVE-2022-33065

Libsndfile is vulnerable to integer overflow in function aureadheader in src/au.c and in functions mat4open and mat4readheader in src/mat4.c allows an attacker to cause Denial of Service...

7.8CVSS7.4AI score0.00351EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/31 10:44 a.m.•57 views

CVE-2023-38802

A vulnerability was found in FRRouting FRR. This flaw allows a remote attacker to cause a denial of service issue via a crafted BGP update with a corrupted attribute 23 Tunnel Encapsulation...

7.5CVSS6.5AI score0.01437EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/05/08 9:53 a.m.•57 views

CVE-2023-29400

A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into...

7.3CVSS8.4AI score0.01037EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/01/24 8:5 a.m.•57 views

CVE-2022-4254

A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...

8.8CVSS8.8AI score0.0095EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/01/19 12:6 p.m.•57 views

CVE-2022-46877

The Mozilla Foundation Security Advisory describes this flaw as: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks...

4.3CVSS2.8AI score0.00699EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/01/16 10:8 a.m.•59 views

CVE-2022-3543

A flaw was found in unixsockdestructor/unixreleasesock in net/unix/afunix.c in the BPF component in the Linux Kernel. This issue may lead to a memory leak problem. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat Product Securit...

5.5CVSS1.6AI score0.0026EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/21 10:1 p.m.•58 views

CVE-2022-46364

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

9.8CVSS3.7AI score0.0193EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2022/12/19 2:35 p.m.•57 views

CVE-2021-33640

After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues to use pointer t: freelonglinklongnamet-thbuf . As a result, the released memory is used use-after-free...

6.2CVSS1.6AI score0.01431EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/23 1:56 p.m.•57 views

CVE-2022-45047

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server. Mitigation From the maintainer: For Apache MINA SSHD =...

9.8CVSS9.2AI score0.03571EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/11/15 12:26 p.m.•57 views

CVE-2022-21608

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS4.8AI score0.01381EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/01 4:26 p.m.•57 views

CVE-2022-3786

A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious...

7.5CVSS4.3AI score0.91153EPSS
Exploits2References5
RedhatCVE
RedhatCVE
•added 2022/10/24 7:47 a.m.•57 views

CVE-2022-3647

A flaw was found in Redis when calling the sigsegvHandler function of the debug component crash report. This issue causes a crash, ignoring the report information and kills the processes, which leads to a denial of service...

2.3CVSS1.9AI score0.00573EPSS
Exploits1References4
Total number of security vulnerabilities5000