Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2023/12/08 8:57 a.m.•56 views

CVE-2023-6610

An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Mitigation To mitigate this issue, prevent module cifs from being loaded. Please see...

7.1CVSS6.6AI score0.0043EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/12/05 12:40 p.m.•56 views

CVE-2023-41835

A flaw was found in struts. When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in 'struts.multipart.saveDir', even if the request has been denied...

7.5CVSS6.8AI score0.06286EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/24 4:21 a.m.•56 views

CVE-2023-46671

A flaw was found in Kibana, where exposure of sensitive information in log files may occur. In some uncommon conditions, if error messages are returned, the log may contain account credentials for the kibanasystem 64 user, API Keys, and credentials of Kibana end-users...

4.8CVSS6.8AI score0.00656EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/11/09 10:44 p.m.•56 views

CVE-2023-46737

A flaw was found in the cosign package. A attacker with control of a compromised registry or with privileges to make requests to the cluster can create a specific request that will trigger an infinite loop condition, resulting in a denial of service. Mitigation Mitigation for this issue is either...

5.3CVSS4.5AI score0.0064EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/11/09 1:58 a.m.•56 views

CVE-2023-5720

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...

7.7CVSS6.7AI score0.00815EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/08 3:0 p.m.•56 views

CVE-2023-39198

A race condition was found in the QXL driver in the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by the qxlgemobjectcreatewithhandle, but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigge...

7.5CVSS7.2AI score0.0042EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/27 12:29 p.m.•56 views

CVE-2023-44483

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

6.5CVSS6.5AI score0.01212EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/05 4:54 p.m.•56 views

CVE-2023-4061

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system...

6.5CVSS6.4AI score0.00834EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/05 7:55 a.m.•56 views

CVE-2023-43787

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges...

7.8CVSS7.9AI score0.00427EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/10/03 6:24 p.m.•56 views

CVE-2023-4692

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a...

7.5CVSS6.4AI score0.00536EPSS
Exploits2References6
RedhatCVE
RedhatCVE
•added 2023/09/30 6:24 p.m.•56 views

CVE-2023-42114

An out-of-bounds read vulnerability was found in Exim within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to...

3.7CVSS5.9AI score0.28084EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/13 9:55 a.m.•56 views

CVE-2023-36796

A vulnerability was found in dotnet. This issue can lead to a stack-based out-of-bounds write when loading PDB type records in msdia140.dll used by Visual Studio. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securit...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/23 1:49 p.m.•56 views

CVE-2023-3955

A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes...

8.8CVSS6.9AI score0.03392EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/08 10:48 p.m.•56 views

CVE-2023-35947

A flaw was found in Gradle. When unpacking Tar archives, Gradle did not check that files could be written outside the unpack location. This issue could lead to important files being overwritten anywhere the Gradle process has write permissions. This flaw allows an attacker with control of an...

7CVSS6.5AI score0.00528EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/28 9:49 a.m.•56 views

CVE-2023-37920

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

9.1CVSS6.4AI score0.00468EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/30 7:17 a.m.•56 views

CVE-2023-32439

A vulnerability was found in webkitgtk. This issue occurs when processing maliciously crafted web content, which may lead to arbitrary code execution. Mitigation This vulnerability can be mitigated by setting the environment variable JSCuseDFGJIT=0, which will disable the data flow graph JIT tier...

8.8CVSS8.7AI score0.23788EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/06/14 5:48 a.m.•56 views

CVE-2023-24897

A flaw was found in dotnet. This issue can allow remote code execution through an out-of-bounds write when loading PDB type records in msdia140.dll used by Visual Studio...

7.8CVSS8.1AI score0.01184EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/05/29 4:40 a.m.•56 views

CVE-2023-2953

A vulnerability was found in OpenLDAP, in bermemallocx function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service...

7.1CVSS7.3AI score0.01947EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/05 6:19 p.m.•56 views

CVE-2022-40664

A flaw was found in Apache Shiro. An authentication bypass vulnerability occurs when forwarding or including via the RequestDispatcher...

9.8CVSS9.1AI score0.0221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/04/14 5:30 a.m.•56 views

CVE-2023-30630

A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo. Mitigation Do not configure sudoers file to allow running dmidecode with elevated privileges...

7.1CVSS7.3AI score0.00523EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/04/13 1:31 p.m.•56 views

CVE-2023-26554

An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS5.5AI score0.00645EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/13 1:0 p.m.•56 views

CVE-2023-26551

An out-of-bounds write flaw was found in the ntp package. A remote attacker can trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS5.5AI score0.0067EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/04 8:43 p.m.•56 views

CVE-2023-24534

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS8.2AI score0.01888EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/30 9:22 a.m.•56 views

CVE-2023-25809

A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service. Mitigation Condition 1: Unshare the cgroup namespace docker|podman|nerdctl run...

6.3CVSS6.3AI score0.00327EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/03/19 2:12 p.m.•56 views

CVE-2023-28120

A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed. Mitigation Avoid calling bytesplice on a SafeBuffer htmlsafe string with untrusted user input...

6.1CVSS2.5AI score0.00907EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/07 3:59 p.m.•56 views

CVE-2023-0461

A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context struct tlscontext on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To mitigate this issue,...

7.8CVSS7.6AI score0.00652EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/21 6:29 a.m.•56 views

CVE-2022-48337

A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file...

7.3CVSS9.1AI score0.01603EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/17 11:57 a.m.•56 views

CVE-2023-23915

A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...

4.2CVSS7.6AI score0.00861EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 1:35 p.m.•56 views

CVE-2022-23813

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...

5.3CVSS6.1AI score0.00504EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/24 5:36 a.m.•56 views

CVE-2022-48279

A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity C language codebase...

7.5CVSS0.8AI score0.01169EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/01/06 6:4 a.m.•56 views

CVE-2022-45143

A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values...

7.5CVSS3.3AI score0.02505EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/05 10:1 a.m.•56 views

CVE-2022-47520

An out-of-bounds read flaw was found in the Linux kernel’s Atmel WILC1000 802.11 SoC driver. This flaw allows a local to crash or potentially escalate their privileges on the system...

7.1CVSS4.1AI score0.00307EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/30 5:35 a.m.•56 views

CVE-2022-46692

A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...

5.5CVSS6.7AI score0.00197EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/29 9:56 p.m.•56 views

CVE-2022-46146

A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is used to limit side channel attacks that could tell an attacker if a user is present in the file or not. Prometheus...

7.5CVSS8.3AI score0.01166EPSS
Exploits1References7
RedhatCVE
RedhatCVE
•added 2022/11/26 10:25 p.m.•56 views

CVE-2022-4145

A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation...

4.3CVSS6.9AI score0.00601EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/15 12:25 p.m.•56 views

CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4.3CVSS5.5AI score0.00911EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/08 7:56 a.m.•56 views

CVE-2022-43548

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...

7.5CVSS5.5AI score0.14024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/19 12:17 p.m.•56 views

CVE-2022-41852

A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack...

9.8CVSS4.7AI score
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/10/07 5:26 a.m.•56 views

CVE-2022-2880

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

7.5CVSS7.4AI score0.01094EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/09/21 10:49 a.m.•56 views

CVE-2022-32891

A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing...

6.1CVSS1AI score0.00705EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/14 2:44 p.m.•56 views

CVE-2022-37703

An information leak vulnerability was found in Amanda in the calcsize SUID binary. This flaw allows an attacker to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an arbitrary path...

2.3CVSS3.5AI score0.00703EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/19 5:15 a.m.•56 views

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

7.5CVSS1.9AI score0.01221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/19 5:15 a.m.•56 views

CVE-2022-34173

In Jenkins 2.340 through 2.355 both inclusive the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

6.1CVSS0.7AI score0.01351EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/19 4:38 a.m.•56 views

CVE-2022-30946

A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...

4.3CVSS1.7AI score0.00572EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/16 11:38 p.m.•56 views

CVE-2022-2867

A flaw was found in libtiff's tiffcrop utility that has a uint32t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parametersto cause a crash or, in some...

5.5CVSS4.7AI score0.003EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/11 8:38 a.m.•56 views

CVE-2022-2764

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...

4.2CVSS1.9AI score0.00787EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/11 5:16 a.m.•56 views

CVE-2022-37416

Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2mcfullxfully8x8...

6.5CVSS2AI score0.00792EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/08/02 1:40 p.m.•56 views

CVE-2022-29154

A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker wh...

7.4CVSS2.5AI score0.0165EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/18 6:12 p.m.•56 views

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.3CVSS3.5AI score0.0069EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/11 3:46 p.m.•56 views

CVE-2022-32081

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc...

7.5CVSS2.1AI score0.0193EPSS
Exploits1References3
Total number of security vulnerabilities5000