Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2021/05/19 4:35 p.m.•55 views

CVE-2021-28662

An input validation flaw was found in Squid. This issue could allow a remote server to perform a denial of service against all clients using the proxy when delivering HTTP response messages. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue...

6.5CVSS0.2AI score0.71867EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/11 8:55 p.m.•55 views

CVE-2021-28677

A flaw was found in python-pillow. The readline used in EPS has to deal with any combination of \r and \n as line endings. It accidentally used a quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a denial-of-service of Pillow in...

7.5CVSS1AI score0.02293EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/04 11:4 p.m.•55 views

CVE-2020-8562

A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create...

3.5CVSS3AI score0.01082EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/30 10:8 p.m.•55 views

CVE-2021-21409

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

5.9CVSS6.5AI score0.04935EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/24 2:53 p.m.•55 views

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS2AI score0.4999EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/03/10 6:3 p.m.•55 views

CVE-2021-3426

A flaw was found in Python 3's pydoc. This flaw allows a local or adjacent attacker who discovers or can convince another local or adjacent user to start a pydoc server to access the server and then use it to disclose sensitive information belonging to the other user that they would not normally...

5.7CVSS0.4AI score0.01863EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/07 8:14 p.m.•55 views

CVE-2020-36184

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

8.8CVSS1.9AI score0.10379EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/01/07 7:42 p.m.•55 views

CVE-2020-36179

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

8.8CVSS1.9AI score0.20929EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/01/04 1:0 p.m.•55 views

CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

5.3CVSS5.8AI score0.00706EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/09/22 6:39 p.m.•55 views

CVE-2020-25596

A flaw was found in Xen. One of Xen's sanitization paths injects a GP fault and incorrectly delivers it twice to the guest. This flaw allows malicious or buggy user space to crash the guest kernel, resulting in a VM denial of service. Mitigation Running only x86 PVH/HVM guests avoids the...

5.5CVSS4.7AI score0.00512EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/09/07 10:19 a.m.•55 views

CVE-2020-3899

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code...

9.3CVSS3.5AI score0.04017EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/08/19 3:9 p.m.•55 views

CVE-2020-24394

A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support for example, ext4 with the "noacl" mount option. This flaw allows a local attacker with a user privilege to cause a kernel informati...

3.6CVSS0.4AI score0.00361EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/08/18 7:29 p.m.•55 views

CVE-2020-8911

A flaw was found in the AWS S3 Crypto SDK that allows users to encrypt files stored in S3 buckets with AES-CBC, without computing a MAC on the data. This allows for a padding oracle, enabling attackers with both write access to the target S3 bucket and the ability to observe the result of valid...

2.1CVSS4.3AI score0.00348EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2020/05/19 1:30 p.m.•55 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

3.3CVSS3AI score0.01793EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/05/06 8:10 p.m.•55 views

CVE-2020-12655

A flaw was discovered in the XFS source in the Linux kernel. This flaw allows an attacker with the ability to mount an XFS filesystem, to trigger a denial of service while attempting to sync a file located on an XFS v5 image with crafted metadata. Mitigation This flaw requires an attacker being...

5.5CVSS6AI score0.00461EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/05/06 5:40 p.m.•55 views

CVE-2020-11652

A flaw was found in salt. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Mitigation Mitigation for this issue is either not available or the currently available options d...

4CVSS7.8AI score0.86063EPSS
Exploits17References5
RedhatCVE
RedhatCVE
•added 2020/04/07 11:38 a.m.•55 views

CVE-2019-14284

A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy disk device file /dev/fd0 through to /dev/fdN can create a situation that causes the kernel to divide by zero. This requires two consecutive ioctl calls to be issued. The...

6.2CVSS0.6AI score0.00703EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/03 8:1 p.m.•55 views

CVE-2019-15290

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15098. Reason: This candidate is a duplicate of CVE-2019-15098. Notes: All CVE users should reference CVE-2019-15098 instead of this candidate...

4.9CVSS6.3AI score0.00721EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/29 2:10 a.m.•55 views

CVE-2019-16935

A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...

6.1CVSS2.7AI score0.04653EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/02/26 7:44 a.m.•55 views

CVE-2020-6418

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.78808EPSS
Exploits6References4
RedhatCVE
RedhatCVE
•added 2020/02/24 7:31 a.m.•55 views

CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service DoS. This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the...

6.5CVSS5.3AI score0.04758EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2020/01/24 4:0 p.m.•55 views

CVE-2018-10546

An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote attacker could use this vulnerability to hang the php process and consume resources...

7.5CVSS1.9AI score0.10433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2020/01/09 7:38 p.m.•55 views

CVE-2019-16254

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

5.3CVSS0.6AI score0.0576EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/12/18 6:6 p.m.•55 views

CVE-2019-19814

An out-of-bounds OOB memory access flaw was found in the Linux kernel's F2FS file system exploiting the NAND flash memory-based storage device. This flaw allows a local attacker to crash the system or leak internal kernel information. Mitigation Mitigation for this issue is either not available o...

9.3CVSS0.5AI score0.03297EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2019/11/28 5:47 p.m.•55 views

CVE-2019-2958

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

5.9CVSS6.3AI score0.02638EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/11/21 12:37 p.m.•55 views

CVE-2019-19056

A flaw was found in the way the mwifiex PCIE driver in the Linux kernel handled resource cleanup on a DMA mapping error. This flaw allows an attacker able to trigger the DMA mapping error to crash the system. Mitigation In order to mitigate this issue it is possible to prevent the affected code...

4.7CVSS1.3AI score0.00387EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/10/16 6:44 a.m.•55 views

CVE-2019-13272

A flaw was found in the way PTRACETRACEME functionality was handled in the Linux kernel. The kernel's implementation of ptrace can inadvertently grant elevated permissions to an attacker who can then abuse the relationship between the tracer and the process being traced. This flaw could allow a...

7.8CVSS7.3AI score0.52199EPSS
Exploits21References2
RedhatCVE
RedhatCVE
•added 2019/10/10 3:20 a.m.•55 views

CVE-2018-2814

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.3CVSS1.9AI score0.03746EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2019/10/08 8:30 p.m.•55 views

CVE-2019-16994

A flaw was found in the way the sitinitnet function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the R...

4.7CVSS1.7AI score0.00454EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2019/10/07 3:5 a.m.•55 views

CVE-2017-12613

An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak...

7.4CVSS2.6AI score0.01749EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2019/05/14 12:8 p.m.•55 views

CVE-2018-18088

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c...

6.5CVSS2.6AI score0.02107EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2019/01/22 9:50 p.m.•55 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS0.7AI score0.19994EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2018/04/09 8:20 p.m.•56 views

CVE-2018-9251

The xzdecomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035...

5.3CVSS5.3AI score0.03199EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2017/05/29 12:48 p.m.•55 views

CVE-2017-1000363

A vulnerability was found in the Linux kernel's lpsetup function where it doesn't apply any bounds checking when passing "lp=none". This can result into overflow of the parportnr array. An attacker with control over kernel command line can overwrite kernel code and data with fixed 0xff values...

7.8CVSS4AI score0.00639EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2016/12/20 8:47 a.m.•55 views

CVE-2016-10012

It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...

7.8CVSS4.4AI score0.01281EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2016/07/06 3:21 a.m.•55 views

CVE-2016-4438

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...

9.8CVSS9.3AI score0.17171EPSS
Exploits2References2
RedhatCVE
RedhatCVE
•added 2025/10/07 6:9 a.m.•54 views

CVE-2025-11321

A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results in authorization bypass. Th...

5.3CVSS6.7AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/02/05 11:10 p.m.•54 views

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

10CVSS7.5AI score0.33795EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2024/08/12 10:29 a.m.•54 views

CVE-2023-31315

A flaw was found in hw. Improper validation in a model-specific register MSR could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution. Mitigation Mitigation for this issue is either not availab...

7.5CVSS7.4AI score0.00622EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/07/17 10:12 p.m.•54 views

CVE-2024-41009

An out-of-bounds memory access flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/06/14 6:12 a.m.•54 views

CVE-2024-35325

A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yamleventdelete function in the /src/libyaml/src/api.c. file, leading to a double-free problem. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red H...

6.5CVSS6.3AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/28 6:22 p.m.•54 views

CVE-2023-52424

A flaw was found in the IEEE 802.11 standard. This vulnerability possibly allows an adversary to trick a victim into connecting to an unintended or untrusted network because the SSID is not always used to derive the pairwise master key or session keys and because there is not a protected exchange...

7.4CVSS6.6AI score0.00716EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/23 1:30 p.m.•54 views

CVE-2021-47282

In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: Fix out-of-bounds access with more than 4 slaves Commit 571e31fa60b3 "spi: bcm2835: Cache CS register value for -preparemessage" limited the number of slaves to 3 at compile-time. The limitation was necessitated by ...

5.5CVSS6.6AI score0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/03 6:54 p.m.•54 views

CVE-2022-48687

An out-of-bounds read flaw was found when setting HMAC data in net/ipv6/seg6.c in the Linux kernel. This issue may lead to a crash...

5.5CVSS5.9AI score0.00242EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/29 4:20 p.m.•54 views

CVE-2022-48655

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations i...

7.8CVSS7.2AI score0.00737EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/26 6:4 a.m.•54 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

7.5CVSS7.3AI score0.012EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/04/09 5:51 p.m.•54 views

CVE-2024-23081

A null pointer exception vulnerability was found in Threeten Backport. If the other parameter is null in ChronoLocalDate, a NullPointerException is thrown. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...

7.5CVSS8.3AI score0.00284EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/02/28 4:5 p.m.•54 views

CVE-2024-21742

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...

5.6CVSS6.5AI score0.01082EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/06 3:32 p.m.•54 views

CVE-2024-1271

No description is available for this CVE...

7.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/01 2:31 p.m.•54 views

CVE-2024-23653

A vulnerability was found in the Moby Builder Toolkit, specifically in the Interactive Containers API, where entitlement checks are not adequately validated, caused by a missing privilege check in a GRPC endpoint when called using a custom syntax format. This flaw allows the currently running...

7CVSS9.4AI score0.02983EPSS
Exploits0References7
Total number of security vulnerabilities5000