Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2022/11/15 12:25 p.m.•55 views

CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4.3CVSS5.5AI score0.00911EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/20 6:47 a.m.•55 views

CVE-2022-43403

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS4.5AI score0.01428EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/19 12:17 p.m.•55 views

CVE-2022-41852

A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack...

9.8CVSS4.7AI score
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/08/19 5:15 a.m.•55 views

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

7.5CVSS1.9AI score0.01221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/19 4:38 a.m.•55 views

CVE-2022-30946

A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...

4.3CVSS1.7AI score0.00572EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/16 11:38 p.m.•55 views

CVE-2022-2867

A flaw was found in libtiff's tiffcrop utility that has a uint32t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parametersto cause a crash or, in some...

5.5CVSS4.7AI score0.003EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/11 5:16 a.m.•55 views

CVE-2022-37416

Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2mcfullxfully8x8...

6.5CVSS2AI score0.00792EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/08/02 1:40 p.m.•55 views

CVE-2022-29154

A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker wh...

7.4CVSS2.5AI score0.0165EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/19 2:16 a.m.•55 views

CVE-2022-2466

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

5.3CVSS0.6AI score0.01497EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/07/18 6:12 p.m.•55 views

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.3CVSS3.5AI score0.0069EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/15 10:32 a.m.•55 views

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion...

7.5CVSS1.7AI score0.01615EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/07/11 7:17 p.m.•55 views

CVE-2021-39715

In showregs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

4.4CVSS4.2AI score0.0013EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/11 3:50 p.m.•55 views

CVE-2022-32091

MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...

7.5CVSS2.1AI score0.02082EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/07/11 3:46 p.m.•55 views

CVE-2022-32081

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc...

7.5CVSS2.1AI score0.0193EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/07/04 2:36 p.m.•55 views

CVE-2022-34265

A flaw was found in Django. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value...

9.8CVSS1.6AI score0.73274EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2022/06/17 4:29 p.m.•55 views

CVE-2022-1665

A flaw was found in the Linux kernel, where a set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture were signed with Red Hat's production secure boot keys. This issue allows kernel versions targeted for testing to eventually boot in PowerPC environments with...

8.2CVSS2.4AI score0.00265EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/09 10:57 p.m.•55 views

CVE-2022-29224

A flaw was found in Envoy. This flaw allows an attacker who controls an upstream host and also controls service discovery of that host via DNS, the EDS API, etc. to crash Envoy by forcing the removal of the host from service discovery and then failing the gRPC health check request. This issue...

5.9CVSS1.6AI score0.00948EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/08 4:9 p.m.•55 views

CVE-2022-31212

A stack-based buffer over-read flaw was found in the dbus-broker package. Dbus-Broker depends on c-uitl/c-shquote to parse the DBus service's Exec line, and if a malicious Exec line is supplied, this can lead to a crash or other undefined behaviors...

7.5CVSS2.9AI score0.01749EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2022/06/07 2:30 a.m.•55 views

CVE-2022-30785

A vulnerability was found in NTFS-3G. A file handle created in fuselibopendir and later used in fuselibreaddir allows out-of-bounds read/write operations...

7.2CVSS1.5AI score0.00392EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/07 2:29 a.m.•55 views

CVE-2022-26717

A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a use-after-free vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...

8.8CVSS5.7AI score0.01424EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/07 2:28 a.m.•55 views

CVE-2022-1708

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

7.8CVSS1.8AI score0.02827EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/21 12:19 a.m.•55 views

CVE-2022-1382

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system...

7.1CVSS2.2AI score0.00681EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:9 a.m.•55 views

CVE-2022-22935

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master...

4.3CVSS4.5AI score0.01586EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/20 10:39 p.m.•55 views

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

9.8CVSS3.1AI score0.15586EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2022/05/11 8:1 a.m.•55 views

CVE-2022-27780

A vulnerability was found in curl. This issue occurs because the curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the hostname part of a URL, making it a different URL using the wrong hostname when it is later retrieved. This flaw allows a malicious actor to...

7.5CVSS2.9AI score0.02187EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/04/26 5:33 a.m.•55 views

CVE-2022-27455

A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mywildcmp8bitimpl at /strings/ctype-simple.c, affecting availability...

7.5CVSS3.1AI score0.01564EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/20 2:57 p.m.•55 views

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

8.8CVSS1.5AI score0.01557EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/15 7:48 a.m.•55 views

CVE-2022-0908

A flaw was found in LibTIFF where a NULL source pointer passed as an argument to the memcpy function within the TIFFFetchNormalTag in tifdirread.c. This flaw allows an attacker with a crafted TIFF file to cause a crash that leads to a denial of service...

7.7CVSS5.9AI score0.0125EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/11 6:41 p.m.•55 views

CVE-2022-0886

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. Mitigation The given exploit needs...

1AI score
Exploits2References2
RedhatCVE
RedhatCVE
•added 2022/02/23 12:17 p.m.•55 views

CVE-2022-0639

An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add an at symbol @ while submitting a URL. This issue enables the bypass of validation or block-listing restrictions...

6.5CVSS3.3AI score0.01535EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/17 4:52 p.m.•55 views

CVE-2022-25183

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...

8.8CVSS4AI score0.01513EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/17 4:38 p.m.•55 views

CVE-2022-25176

A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on...

6.5CVSS3.2AI score0.01715EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/03 5:53 p.m.•55 views

CVE-2022-0485

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

4.8CVSS1AI score0.00788EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/01/20 6:11 p.m.•55 views

CVE-2022-0322

A flaw was found in the sctpmakestrresetreq function in net/sctp/smmakechunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUGON issue, leading to a denial of service DOS. Mitigation...

5.5CVSS0.8AI score0.00292EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/23 5:21 p.m.•55 views

CVE-2021-45095

A memory leak flaw in the Linux kernel's PhoNet Phone Network protocol functionality was found in the way user gets memory allocation fail inside function pepsockaccept for the failure branch. A local user could use this flaw to starve the resources causing a denial of service...

5.5CVSS1.3AI score0.00338EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/16 10:58 a.m.•55 views

CVE-2021-23177

An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw...

7.8CVSS3.2AI score0.00367EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/22 5:14 p.m.•55 views

CVE-2021-42771

A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest threat from...

7.8CVSS4.4AI score0.00716EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/06 6:4 p.m.•55 views

CVE-2021-39259

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.2AI score0.00418EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/31 6:49 p.m.•55 views

CVE-2021-23434

Prototype pollution has been discovered in object-path NodeJS library. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'...

9.8CVSS2AI score0.01902EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2021/08/27 1:3 p.m.•55 views

CVE-2021-3698

A flaw was found in Cockpit in the way it handles the certificate verification performed by the System Security Services Daemon SSSD. This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the certificate status. The...

7.5CVSS2.5AI score0.0065EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/18 5:35 p.m.•55 views

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

7.5CVSS1.1AI score0.06873EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/11 7:26 p.m.•55 views

CVE-2021-38209

A flaw was found in the Linux kernel. Observation of changes in any net namespace is possible due to these changes being leaked into all other net namespaces. The highest threat from this vulnerability is to data confidentiality...

3.3CVSS2.1AI score0.00283EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 10:56 p.m.•55 views

CVE-2021-34485

.NET Core and Visual Studio Information Disclosure Vulnerability...

5.5CVSS1.4AI score0.01265EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/08/10 9:21 p.m.•55 views

CVE-2021-38199

A flaw was found in the hanging of mounts in the Linux kernel's NFS4 subsystem where remote servers are unreachable for the client during migration of data from one server to another during trunking detection. This flaw allows a remote NFS4 server if the client is connected to starve the resource...

6.5CVSS0.6AI score0.01245EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/14 6:28 p.m.•55 views

CVE-2021-20298

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability...

7.5CVSS2.9AI score0.01224EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/07 9:53 p.m.•55 views

CVE-2021-31810

Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...

5.8CVSS1.1AI score0.0305EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/06 3:17 p.m.•55 views

CVE-2021-3570

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiali...

8.8CVSS2AI score0.02955EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/22 3:59 p.m.•55 views

CVE-2021-0606

A flaw was found in the Linux kernel. The function drmsyncobjhandletofd first calls drmsyncobjfind which increments the refcount of the object on success. In all of the drmsyncobjhandletofd error paths, the refcount is decremented, but in the success path the refcount should remain at +1 as the...

6.7CVSS2.9AI score0.00156EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/15 1:47 p.m.•55 views

CVE-2021-3593

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6input function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or...

3.8CVSS1.5AI score0.00326EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/07 9:17 p.m.•55 views

CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager...

5.5CVSS1.6AI score0.00244EPSS
Exploits1References3
Total number of security vulnerabilities5000