Lucene search
K
RedhatcveMost viewed

206391 matches found

RedhatCVE
RedhatCVE
•added 2024/03/21 6:29 p.m.•57 views

CVE-2024-27281

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution. Mitigation Mitigation for this issue is either not...

4.5CVSS7.4AI score0.01571EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/17 9:13 a.m.•57 views

CVE-2024-20919

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

5.9CVSS6.8AI score0.00792EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/08 8:57 a.m.•57 views

CVE-2023-6610

An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Mitigation To mitigate this issue, prevent module cifs from being loaded. Please see...

7.1CVSS6.6AI score0.0043EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/11/17 12:50 p.m.•57 views

CVE-2023-48236

A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAXINT. The impact is low because user interaction is required and a crash may not happen in all situations. Mitigation Mitigation for this issue is...

4.3CVSS4.7AI score0.00688EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/10/27 12:29 p.m.•57 views

CVE-2023-44483

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

6.5CVSS6.5AI score0.01212EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/05 7:55 a.m.•57 views

CVE-2023-43787

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges...

7.8CVSS7.9AI score0.00427EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/09/30 6:24 p.m.•57 views

CVE-2023-42114

An out-of-bounds read vulnerability was found in Exim within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to...

3.7CVSS5.9AI score0.28084EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/08/31 10:44 a.m.•57 views

CVE-2023-38802

A vulnerability was found in FRRouting FRR. This flaw allows a remote attacker to cause a denial of service issue via a crafted BGP update with a corrupted attribute 23 Tunnel Encapsulation...

7.5CVSS6.5AI score0.01437EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/08/22 5:18 p.m.•57 views

CVE-2021-36159

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...

9.1CVSS6.8AI score0.02637EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/08 10:48 p.m.•57 views

CVE-2023-35947

A flaw was found in Gradle. When unpacking Tar archives, Gradle did not check that files could be written outside the unpack location. This issue could lead to important files being overwritten anywhere the Gradle process has write permissions. This flaw allows an attacker with control of an...

7CVSS6.5AI score0.00528EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/29 4:40 a.m.•57 views

CVE-2023-2953

A vulnerability was found in OpenLDAP, in bermemallocx function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service...

7.1CVSS7.3AI score0.01947EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/08 9:53 a.m.•57 views

CVE-2023-29400

A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into...

7.3CVSS8.4AI score0.01037EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/05/05 6:19 p.m.•57 views

CVE-2022-40664

A flaw was found in Apache Shiro. An authentication bypass vulnerability occurs when forwarding or including via the RequestDispatcher...

9.8CVSS9.1AI score0.0221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/04/13 1:31 p.m.•57 views

CVE-2023-26554

An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS5.5AI score0.00645EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/04 8:43 p.m.•57 views

CVE-2023-24534

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS8.2AI score0.01888EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/07 3:59 p.m.•57 views

CVE-2023-0461

A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context struct tlscontext on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To mitigate this issue,...

7.8CVSS7.6AI score0.00652EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/17 11:57 a.m.•57 views

CVE-2023-23915

A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...

4.2CVSS7.6AI score0.00861EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 1:35 p.m.•57 views

CVE-2022-23813

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...

5.3CVSS6.1AI score0.00504EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/19 12:6 p.m.•57 views

CVE-2022-46877

The Mozilla Foundation Security Advisory describes this flaw as: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks...

4.3CVSS2.8AI score0.00699EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/12/30 5:35 a.m.•57 views

CVE-2022-46692

A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...

5.5CVSS6.7AI score0.00197EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/15 12:26 p.m.•57 views

CVE-2022-21608

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS4.8AI score0.01381EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/15 12:25 p.m.•57 views

CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4.3CVSS5.5AI score0.00911EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/08 7:56 a.m.•57 views

CVE-2022-43548

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...

7.5CVSS5.5AI score0.14024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/24 7:47 a.m.•57 views

CVE-2022-3647

A flaw was found in Redis when calling the sigsegvHandler function of the debug component crash report. This issue causes a crash, ignoring the report information and kills the processes, which leads to a denial of service...

2.3CVSS1.9AI score0.00573EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/21 10:49 a.m.•57 views

CVE-2022-32891

A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing...

6.1CVSS1AI score0.00705EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/14 2:44 p.m.•57 views

CVE-2022-37703

An information leak vulnerability was found in Amanda in the calcsize SUID binary. This flaw allows an attacker to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an arbitrary path...

2.3CVSS3.5AI score0.00703EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/06 9:36 a.m.•57 views

CVE-2022-32086

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Itemfield::fixouterfield...

7.5CVSS3.3AI score0.0136EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/06/07 5:19 p.m.•57 views

CVE-2022-28734

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

8.1CVSS1.2AI score0.01131EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/07 2:30 a.m.•57 views

CVE-2022-30783

A vulnerability was found in NTFS-3G. An invalid return code in fusekernmount allows libfuse-lite protocol traffic between NTFS-3G and the kernel to be intercepted...

6.7CVSS3.4AI score0.00417EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/06 10:57 p.m.•57 views

CVE-2022-30126

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...

5.5CVSS4.2AI score0.02495EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/25 2:32 p.m.•57 views

CVE-2022-1865

No description is available for this CVE...

1.3AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:19 a.m.•57 views

CVE-2022-0096

Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

9.6CVSS2.7AI score0.01361EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:16 a.m.•57 views

CVE-2021-21204

Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.3AI score0.01555EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2022/05/21 12:15 a.m.•57 views

CVE-2019-15618

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...

8.1CVSS0.9AI score0.01924EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:4 a.m.•57 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS4AI score0.17374EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2022/05/18 10:56 p.m.•57 views

CVE-2022-1116

Integer Overflow or Wraparound vulnerability in iouring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions...

7.8CVSS6.4AI score0.00501EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/05/14 11:39 a.m.•57 views

CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. Mitigation The following conditions are needed for an exploit, we recommend avoiding all if possible: Deserialization from sources you do not control enableDefaultTyping @JsonTypeInfo using id.CLASS or...

9.8CVSS3.1AI score0.0864EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/05 3:55 a.m.•57 views

CVE-2022-29155

A vulnerability was found in the openldap-servers package. A SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This issue occurs during an LDAP search operation when the search filter is processed due to a lack of proper...

9.8CVSS3.1AI score0.69899EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/28 5:54 p.m.•57 views

CVE-2022-1516

A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system...

5.5CVSS1.7AI score0.00328EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/26 4:34 p.m.•57 views

CVE-2022-0852

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

6.5CVSS3.2AI score0.00355EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/31 8:43 p.m.•57 views

CVE-2021-33061

A denial of service flaw was found in the Linux kernel due to insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters. This flaw allows a locally authenticated user to potentially cause a denial of service. The highest threat from this vulnerability is to syste...

5.5CVSS3.1AI score0.00283EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/23 5:49 a.m.•57 views

CVE-2022-25517

A flaw was found in MyBatis Plus. The issue contains a SQL Injection vulnerability...

9.8CVSS2.1AI score0.01809EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/23 5:21 p.m.•57 views

CVE-2021-45095

A memory leak flaw in the Linux kernel's PhoNet Phone Network protocol functionality was found in the way user gets memory allocation fail inside function pepsockaccept for the failure branch. A local user could use this flaw to starve the resources causing a denial of service...

5.5CVSS1.3AI score0.00338EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/10 6:24 p.m.•57 views

CVE-2018-25020

A buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or escalate their...

7.8CVSS1.4AI score0.00505EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/11/11 10:23 p.m.•57 views

CVE-2015-5236

A flaw was discovered that IcedTea-Web did not properly determine an applet's origin when performing same-origin checks. A malicious page could use this flaw to bypass the Same Origin Policy SOP and access data on unrelated sites using a spoofed value for the applet's codebase attribute...

7.5CVSS7.2AI score0.00786EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/10/21 3:9 p.m.•57 views

CVE-2021-42782

A stack buffer overflow issue was found in the OpenSC package. This flaw can potentially crash programs using the library. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

5.3CVSS5.9AI score0.02675EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/05 6:58 p.m.•57 views

CVE-2021-32626

A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest...

8.8CVSS1.3AI score0.15126EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/17 6:35 p.m.•57 views

CVE-2020-21531

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to an off by one error during range checking. This leads to a denial of service, impacting availability of the program...

5.5CVSS4.1AI score0.0102EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/17 6:35 p.m.•57 views

CVE-2020-21532

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to accepting an invalid value. This leads to a denial of service, impacting availability of the program...

5.5CVSS4.8AI score0.01044EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/10 10:57 a.m.•57 views

CVE-2021-3781

A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...

9.9CVSS3.1AI score0.83913EPSS
Exploits0References4
Total number of security vulnerabilities5000