Lucene search
K
RedhatcveMost viewed

206360 matches found

RedhatCVE
RedhatCVE
•added 2022/09/21 10:49 a.m.•57 views

CVE-2022-32891

A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing...

6.1CVSS1AI score0.00705EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/14 2:44 p.m.•57 views

CVE-2022-37703

An information leak vulnerability was found in Amanda in the calcsize SUID binary. This flaw allows an attacker to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an arbitrary path...

2.3CVSS3.5AI score0.00703EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/06 9:36 a.m.•57 views

CVE-2022-32086

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Itemfield::fixouterfield...

7.5CVSS3.3AI score0.0136EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/06/07 5:19 p.m.•57 views

CVE-2022-28734

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

8.1CVSS1.2AI score0.01131EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/25 2:32 p.m.•57 views

CVE-2022-1865

No description is available for this CVE...

1.3AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:19 a.m.•57 views

CVE-2022-0096

Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

9.6CVSS2.7AI score0.01361EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:16 a.m.•57 views

CVE-2021-21204

Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.3AI score0.01555EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2022/05/21 12:15 a.m.•57 views

CVE-2019-15618

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...

8.1CVSS0.9AI score0.01924EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:4 a.m.•57 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS4AI score0.17374EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2022/05/18 10:56 p.m.•57 views

CVE-2022-1116

Integer Overflow or Wraparound vulnerability in iouring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions...

7.8CVSS6.4AI score0.00501EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/05/05 3:55 a.m.•57 views

CVE-2022-29155

A vulnerability was found in the openldap-servers package. A SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This issue occurs during an LDAP search operation when the search filter is processed due to a lack of proper...

9.8CVSS3.1AI score0.69899EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/28 5:54 p.m.•57 views

CVE-2022-1516

A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system...

5.5CVSS1.7AI score0.00328EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/26 4:34 p.m.•57 views

CVE-2022-0852

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

6.5CVSS3.2AI score0.00355EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/31 8:43 p.m.•57 views

CVE-2021-33061

A denial of service flaw was found in the Linux kernel due to insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters. This flaw allows a locally authenticated user to potentially cause a denial of service. The highest threat from this vulnerability is to syste...

5.5CVSS3.1AI score0.00283EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/23 5:49 a.m.•57 views

CVE-2022-25517

A flaw was found in MyBatis Plus. The issue contains a SQL Injection vulnerability...

9.8CVSS2.1AI score0.01809EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/18 5:32 p.m.•57 views

CVE-2022-23218

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunixcreate in the sunrpc's svcunix.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its path argument onto the stack without validating its length, which may result in ...

9.8CVSS4.1AI score0.04729EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/28 4:50 p.m.•57 views

CVE-2021-4173

A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution...

7.8CVSS4.4AI score0.01621EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/23 5:21 p.m.•57 views

CVE-2021-45095

A memory leak flaw in the Linux kernel's PhoNet Phone Network protocol functionality was found in the way user gets memory allocation fail inside function pepsockaccept for the failure branch. A local user could use this flaw to starve the resources causing a denial of service...

5.5CVSS1.3AI score0.00338EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/10 6:24 p.m.•57 views

CVE-2018-25020

A buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or escalate their...

7.8CVSS1.4AI score0.00505EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/11/11 10:23 p.m.•57 views

CVE-2015-5236

A flaw was discovered that IcedTea-Web did not properly determine an applet's origin when performing same-origin checks. A malicious page could use this flaw to bypass the Same Origin Policy SOP and access data on unrelated sites using a spoofed value for the applet's codebase attribute...

7.5CVSS7.2AI score0.00786EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/10/21 3:9 p.m.•57 views

CVE-2021-42782

A stack buffer overflow issue was found in the OpenSC package. This flaw can potentially crash programs using the library. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

5.3CVSS5.9AI score0.02675EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/05 6:58 p.m.•57 views

CVE-2021-32626

A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest...

8.8CVSS1.3AI score0.15126EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/17 6:35 p.m.•57 views

CVE-2020-21531

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to an off by one error during range checking. This leads to a denial of service, impacting availability of the program...

5.5CVSS4.1AI score0.0102EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/17 6:35 p.m.•57 views

CVE-2020-21532

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to accepting an invalid value. This leads to a denial of service, impacting availability of the program...

5.5CVSS4.8AI score0.01044EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/10 10:57 a.m.•57 views

CVE-2021-3781

A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...

9.9CVSS3.1AI score0.83913EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/06 6:5 p.m.•57 views

CVE-2021-39261

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.2AI score0.00452EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/06 6:4 p.m.•57 views

CVE-2021-39263

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.2AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/18 4:32 p.m.•57 views

CVE-2021-38554

A flaw was found in the vault package. The Vault UI web application may fail to completely clear a client-side data cache on user logout. As a result, an authenticated user sharing a browser to access Vault may have been able to view the previous authenticated user’s cached secrets, even if they...

5.3CVSS3.1AI score0.00911EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/18 7:5 a.m.•57 views

CVE-2021-3716

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...

3.5CVSS0.9AI score0.00573EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/08/10 6:34 p.m.•57 views

CVE-2021-34334

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of...

5.5CVSS5.7AI score0.01104EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•57 views

CVE-2021-30663

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by an integer overflow in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a speciall...

8.8CVSS7.9AI score0.0369EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/07/11 7:51 a.m.•57 views

CVE-2016-6816

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

7.1CVSS1.6AI score0.39633EPSS
Exploits6References2
RedhatCVE
RedhatCVE
•added 2021/06/28 6:33 p.m.•57 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper...

5.4CVSS3.7AI score0.01437EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/03/25 2:58 p.m.•57 views

CVE-2021-3449

A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...

5.9CVSS2AI score0.62906EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2021/02/24 7:4 p.m.•57 views

CVE-2021-27645

The nameserver caching daemon nscd in the GNU C Library aka glibc or libc6, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system...

2.5CVSS2.7AI score0.00374EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/11 1:34 a.m.•57 views

CVE-2021-27135

A flaw was found in xterm. A specially crafted sequence of combining characters causes an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Mitigation This vulnerability can be...

9.8CVSS2.2AI score0.07541EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/12/08 7:34 p.m.•57 views

CVE-2020-17530

A flaw was found in the Apache Struts frameworks. When forced, some of the tag's attributes perform a double evaluation if a developer applies forced OGNL evaluation by using the %... syntax. Using a forced OGNL evaluation on untrusted user input allows an attacker to perform remote code executio...

9.8CVSS1.6AI score0.95922EPSS
Exploits11References3
RedhatCVE
RedhatCVE
•added 2020/11/10 2:59 a.m.•57 views

CVE-2020-14351

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integri...

7.8CVSS7.3AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/07 10:19 a.m.•57 views

CVE-2020-3899

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code...

9.3CVSS3.5AI score0.04017EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/09/07 5:48 a.m.•57 views

CVE-2020-14386

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation If the CAPNETRAW capability disabled by...

7.8CVSS1.1AI score0.01308EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2020/08/11 8:13 p.m.•57 views

CVE-2020-11985

A flaw was found in the modremoteip module shipped with the httpd package. This flaw allows an attacker to spoof the IP address, resulting in the bypass of a modrewrite rule. The highest threat from this vulnerability is to integrity...

4.3CVSS1.5AI score0.05884EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/05/07 4:39 a.m.•57 views

CVE-2018-19985

A flaw was found in the Linux kernel in the function hsoprobe which reads ifnum value from the USB device as an u8 and uses it without a length check to index an array, resulting in an OOB memory read in hsoprobe or hsogetconfigdata. An attacker with a forged USB device and physical access to a...

4.6CVSS2.9AI score0.00961EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/04/09 10:52 a.m.•57 views

CVE-2019-10744

A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

9.1CVSS2.6AI score0.05006EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2020/04/08 9:5 p.m.•57 views

CVE-2018-13406

The Linux kernel was found vulnerable to an integer overflow in the drivers/video/fbdev/uvesafb.c:uvesafbsetcmap function. The vulnerability could result in local attackers being able to crash the kernel or potentially elevate privileges...

7.8CVSS5.7AI score0.00531EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/04/08 9:2 p.m.•57 views

CVE-2017-18640

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

9.3CVSS3AI score0.26723EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/04/08 5:15 p.m.•57 views

CVE-2016-7097

It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAPFSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in ...

4.4CVSS3.1AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2020/04/04 11:14 p.m.•57 views

CVE-2019-12818

An issue was discovered in the Linux kernel before 4.20.15. The nfcllcpbuildtlv function in net/nfc/llcpcommands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfcllcpbuildgb in net/nfc/llcpcore...

7.5CVSS3.4AI score0.05482EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/04 5:25 p.m.•57 views

CVE-2019-9020

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebuf in...

9.8CVSS1.8AI score0.10059EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2020/04/02 8:13 p.m.•57 views

CVE-2020-2574

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

5.9CVSS2AI score0.03485EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/02 8:59 a.m.•57 views

CVE-2018-18955

A flaw was found in the Linux kernel where mapwrite in kernel/usernamespace.c allows privilege escalation as it mishandles nested user namespaces with more than 5 UID or GID ranges. An unprivileged user with CAPSYSADMIN in an affected user namespace can bypass access controls on resources outside...

7.8CVSS3.8AI score0.07611EPSS
Exploits24References2
Total number of security vulnerabilities5000