Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2022/08/16 9:38 a.m.•57 views

CVE-2022-30580

A flaw was found in the os/exec golang package. This issue occurs when invoking different Cmd methods and the Cmd.Path is unset. This could lead to a command injection, allowing an attacker to execute any binaries in the working directory...

7.8CVSS5.7AI score0.00578EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/31 5:44 p.m.•57 views

CVE-2020-36558

A NULL pointer dereference flaw was found in the Linux kernel’s Virtual Terminal subsystem was found in how a user calls the VTRESIZEX ioctl. This flaw allows a local user to crash the system...

5.1CVSS2.1AI score0.00298EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/21 7:45 a.m.•57 views

CVE-2021-46828

A denial of service DoS vulnerability was found in libtirpc. This flaw allows a remote attacker to exhaust the file descriptors of a process that uses libtirpc due to mishandling idle TCP connections. This issue leads to a svcrun infinite loop without accepting new connections...

7.5CVSS4.2AI score0.02088EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/15 7:6 a.m.•57 views

CVE-2022-28693

A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to enable information disclosure via local access...

4.7CVSS3.5AI score0.00165EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/06 9:36 a.m.•57 views

CVE-2022-32086

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Itemfield::fixouterfield...

7.5CVSS3.3AI score0.0136EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/07/05 3:6 p.m.•57 views

CVE-2022-2318

There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges...

5.5CVSS4.7AI score0.00419EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/01 5:5 a.m.•57 views

CVE-2022-2274

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...

10CVSS3.4AI score0.44881EPSS
Exploits3References5
RedhatCVE
RedhatCVE
•added 2022/06/30 5:56 p.m.•57 views

CVE-2022-32549

A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...

5.3CVSS3.9AI score0.0222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/07 2:29 a.m.•57 views

CVE-2022-26700

A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...

8.8CVSS6.3AI score0.01262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/21 12:19 a.m.•57 views

CVE-2022-0096

Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

9.6CVSS2.7AI score0.01361EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:15 a.m.•57 views

CVE-2019-15618

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...

8.1CVSS0.9AI score0.01924EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:4 a.m.•57 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS4AI score0.17374EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2022/05/20 11:14 p.m.•57 views

CVE-2022-30596

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk...

2.9AI score0.00828EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/18 11:1 p.m.•57 views

CVE-2022-24904

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's...

4.3CVSS1.9AI score0.01051EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/18 10:56 p.m.•57 views

CVE-2022-1116

Integer Overflow or Wraparound vulnerability in iouring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions...

7.8CVSS6.4AI score0.00501EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/05/05 3:55 a.m.•57 views

CVE-2022-29155

A vulnerability was found in the openldap-servers package. A SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This issue occurs during an LDAP search operation when the search filter is processed due to a lack of proper...

9.8CVSS3.1AI score0.69899EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/28 5:54 p.m.•57 views

CVE-2022-1516

A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system...

5.5CVSS1.7AI score0.00328EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/26 4:34 p.m.•57 views

CVE-2022-0852

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

6.5CVSS3.2AI score0.00355EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/20 5:0 a.m.•57 views

CVE-2022-25648

A flaw was found in ruby-git, where the package is vulnerable to command injection via the git argument. This flaw allows an attacker to set additional flags, which leads to performing command injections...

9.8CVSS4.1AI score0.04606EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/03/31 8:48 p.m.•57 views

CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

7.5CVSS4.9AI score0.01441EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/23 5:49 a.m.•57 views

CVE-2022-25517

A flaw was found in MyBatis Plus. The issue contains a SQL Injection vulnerability...

9.8CVSS2.1AI score0.01809EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/22 5:35 p.m.•57 views

CVE-2022-1025

A privilege escalation flaw was found in ArgoCD. This flaw allows a malicious user who has push access to an application's source git or Helm repository, or sync and override access, to perform actions they are not authorized to do. For example, if the attacker has update or delete access, they c...

9CVSS2.8AI score0.01114EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/28 4:50 p.m.•57 views

CVE-2021-4173

A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution...

7.8CVSS4.4AI score0.01621EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/23 8:24 p.m.•57 views

CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

7.5CVSS0.7AI score0.02295EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/16 10:55 a.m.•57 views

CVE-2021-31566

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...

7.8CVSS3.5AI score0.00366EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/11 10:23 p.m.•57 views

CVE-2015-5236

A flaw was discovered that IcedTea-Web did not properly determine an applet's origin when performing same-origin checks. A malicious page could use this flaw to bypass the Same Origin Policy SOP and access data on unrelated sites using a spoofed value for the applet's codebase attribute...

7.5CVSS7.2AI score0.00786EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/10/05 5:46 p.m.•57 views

CVE-2021-42008

The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access. Mitigation Mitigation for this issue is either not available or the currently available...

7.8CVSS1.8AI score0.01476EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2021/09/10 10:57 a.m.•57 views

CVE-2021-3781

A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...

9.9CVSS3.1AI score0.83913EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/06 6:5 p.m.•57 views

CVE-2021-39261

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.2AI score0.00452EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/06 6:4 p.m.•57 views

CVE-2021-39263

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.2AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/18 1:45 p.m.•57 views

CVE-2021-39242

haproxy was found to be vulnerable to HTTP host header attack: This problem creates a scenario in which it's possible to drop the Host header and use the authority only after forwarding to a second http2 layer, possibly causing two differing values of Host at a different stage. The highest threat...

7.5CVSS0.4AI score0.02341EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/18 7:5 a.m.•57 views

CVE-2021-3716

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...

3.5CVSS0.9AI score0.00573EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/08/10 9:21 p.m.•57 views

CVE-2021-38198

A flaw was found in the Linux kernel, where it incorrectly computes the access permissions of a shadow page. This issue leads to a missing guest protection page fault. Mitigation Do not disable hardware-assisted paging also known as nested paging and Second Level Address Translation on your hosts...

6.4CVSS1.6AI score0.00469EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/10 6:34 p.m.•57 views

CVE-2021-34334

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of...

5.5CVSS5.7AI score0.01104EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/05 8:57 a.m.•57 views

CVE-2021-31291

A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute cod...

4.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•57 views

CVE-2021-30663

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by an integer overflow in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a speciall...

8.8CVSS7.9AI score0.0369EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/07/22 5:20 p.m.•57 views

CVE-2021-22145

A memory disclosure flaw was found in Elasticsearch’s error reporting. A user who can submit arbitrary queries to Elasticsearch could submit a malformed query that results in an error message returned that contains previously used portions of a data buffer. This buffer could contain sensitive...

7.3CVSS1.1AI score0.76249EPSS
Exploits6References4
RedhatCVE
RedhatCVE
•added 2021/07/11 7:51 a.m.•57 views

CVE-2016-6816

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

7.1CVSS1.6AI score0.39633EPSS
Exploits6References2
RedhatCVE
RedhatCVE
•added 2021/07/09 2:52 p.m.•57 views

CVE-2021-32625

A flaw was found in Redis. An integer overflow could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The highest threat from this vulnerability is to data confidentiality and...

8.8CVSS2.1AI score0.04207EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/06/28 6:33 p.m.•57 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper...

5.4CVSS3.7AI score0.01437EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/04/29 3:48 a.m.•57 views

CVE-2021-25215

A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability. Mitigation Red Hat has investigated whether a possible...

7.5CVSS7.6AI score0.11296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/29 6:2 p.m.•57 views

CVE-2021-23358

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.2CVSS3.9AI score0.04087EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2021/03/25 2:58 p.m.•57 views

CVE-2021-3449

A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...

5.9CVSS2AI score0.62906EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2021/02/18 5:4 p.m.•57 views

CVE-2021-23840

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS8AI score0.50732EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/05 4:53 p.m.•57 views

CVE-2021-26708

A flaw was found in the Linux kernel. Wrong locking in the AFVSOCK socket can cause a local privilege escalation, bypassing SMEP and SMAP. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.2AI score0.01602EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/01/28 8:56 p.m.•57 views

CVE-2021-3326

A flaw was found in glibc's iconv functionality. This flaw allows an attacker capable of supplying a crafted sequence of characters to an application using iconv to convert from ISO-2022-JP-3 to cause an assertion failure. The highest threat from this vulnerability is to system availability...

7.5CVSS1.1AI score0.03093EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/08 7:34 p.m.•57 views

CVE-2020-17530

A flaw was found in the Apache Struts frameworks. When forced, some of the tag's attributes perform a double evaluation if a developer applies forced OGNL evaluation by using the %... syntax. Using a forced OGNL evaluation on untrusted user input allows an attacker to perform remote code executio...

9.8CVSS1.6AI score0.95922EPSS
Exploits11References3
RedhatCVE
RedhatCVE
•added 2020/12/03 2:10 p.m.•57 views

CVE-2020-27820

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off, but same happens if "unbind" the driver. Mitigation To mitigate this issue, prevent the module...

4.7CVSS1.1AI score0.00467EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2020/09/07 5:48 a.m.•57 views

CVE-2020-14386

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation If the CAPNETRAW capability disabled by...

7.8CVSS1.1AI score0.01308EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2020/08/27 1:38 p.m.•57 views

CVE-2020-14338

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This iss...

5.3CVSS2.1AI score0.04315EPSS
Exploits0References3
Total number of security vulnerabilities5000