Lucene search
K
RedhatcveMost viewed

206360 matches found

RedhatCVE
RedhatCVE
•added 2024/07/17 10:12 p.m.•55 views

CVE-2024-41009

An out-of-bounds memory access flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/06/14 6:12 a.m.•55 views

CVE-2024-35325

A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yamleventdelete function in the /src/libyaml/src/api.c. file, leading to a double-free problem. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red H...

6.5CVSS6.3AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/08 10:51 a.m.•55 views

CVE-2024-25743

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

7.1CVSS5.9AI score0.00247EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/02/28 4:5 p.m.•55 views

CVE-2024-21742

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...

5.6CVSS6.5AI score0.01082EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/01 2:31 p.m.•55 views

CVE-2024-23653

A vulnerability was found in the Moby Builder Toolkit, specifically in the Interactive Containers API, where entitlement checks are not adequately validated, caused by a missing privilege check in a GRPC endpoint when called using a custom syntax format. This flaw allows the currently running...

7CVSS9.4AI score0.02983EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2024/02/01 2:31 p.m.•55 views

CVE-2024-23651

A race condition issue was found in the Moby Builder Toolkit, stemming from a time-of-check/time-of-use TOCTOU vulnerability during cache volume mounting at container build time. Concurrent execution of two malicious build steps, sharing the same cache mounts with subpaths, may result in files fr...

7.5CVSS8.4AI score0.00791EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2024/01/17 9:13 a.m.•55 views

CVE-2024-20932

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modificati...

7.5CVSS7.2AI score0.00775EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/17 3:33 a.m.•55 views

CVE-2023-45232

A security loophole involving an infinite loop was identified in EDK2, the open-source reference implementation of the UEFI specification. This weakness enables an unauthorized attacker to exploit system availability by sending a specifically crafted Destination Options IPv6 header. Mitigation...

7.5CVSS7.8AI score0.02084EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/11/27 12:0 p.m.•55 views

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

7.8CVSS7.8AI score0.00414EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/11/10 10:44 a.m.•55 views

CVE-2023-5870

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

2.2CVSS5.4AI score0.02555EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/07 2:37 p.m.•55 views

CVE-2023-46728

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial ...

7.5CVSS7.7AI score0.05955EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/07 2:32 a.m.•55 views

CVE-2023-47233

A use-after-free issue was found in the brcm80211 component in the Linux kernel, which may be triggered by a physical attacker while disconnecting a device. Mitigation To mitigate this issue, prevent module brcmfmac from being loaded. Please see https://access.redhat.com/solutions/41278 for how t...

4.3CVSS5.7AI score0.00315EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/12 2:54 p.m.•55 views

CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

6.5CVSS6.8AI score0.01508EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/23 7:15 p.m.•55 views

CVE-2020-19726

A heap-based buffer overflow was found in binutils in the bfdgetl32 function, relating to the auxiliary symbol data. This flaw allows an attacker to read or write to system memory or cause a denial of service...

8.8CVSS8.6AI score0.00664EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/08 6:19 p.m.•55 views

CVE-2023-20588

A division-by-zero error was found in hw on some AMD processors. This flaw can potentially return speculative data, resulting in loss of confidentiality. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteri...

6CVSS6.6AI score0.12405EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/28 8:47 a.m.•55 views

CVE-2023-26965

A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a...

5.5CVSS6.8AI score0.00376EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/06/22 6:17 a.m.•55 views

CVE-2023-2829

A vulnerability was found in BIND. This security flaw occurs when a named instance is configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled; remote termination can occur using a zone with a malformed...

7.5CVSS7.3AI score0.00868EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/20 5:14 a.m.•55 views

CVE-2023-32030

A vulnerability was found in dotnet that can cause a denial of service...

7.5CVSS6.7AI score0.0222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/30 9:14 a.m.•55 views

CVE-2023-23004

A NULL pointer dereference flaw was found in the Linux kernel's Mali-DP Device Driver. This flaw allows a local user to crash the system...

5.5CVSS6AI score0.0029EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/27 8:43 p.m.•55 views

CVE-2022-37865

A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access...

9.1CVSS8.7AI score0.01819EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/27 6:13 p.m.•55 views

CVE-2023-23913

A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks...

7.5CVSS5.5AI score0.00632EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/22 4:59 a.m.•55 views

CVE-2022-23713

A Cross-site-scripting XSS vulnerability was found in the Vega Charts Kibana integration. This issue could allow arbitrary JavaScript to be executed in a victim’s browser...

6.1CVSS2.9AI score0.00777EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/30 1:5 p.m.•55 views

CVE-2022-39324

A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the "Open original dashboard" button...

6.7CVSS1.2AI score0.02179EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/24 5:6 a.m.•55 views

CVE-2022-47024

A NULL pointer dereference issue was found in Vim's guix11createblankmouse function in guix11.c. This flaw allows attackers to cause a denial of service and other unspecified impacts...

7.8CVSS6.9AI score0.0026EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/16 1:4 p.m.•55 views

CVE-2022-41717

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

5.3CVSS6.5AI score0.05623EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2022/12/23 5:35 p.m.•55 views

CVE-2022-47940

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2write...

8.1CVSS2.3AI score0.01393EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2022/12/08 4:40 a.m.•55 views

CVE-2022-3633

A memory leak flaw was found in the Linux kernel’s j1939 socket functionality. This flaw allows a local user to crash the system...

3.3CVSS2.3AI score0.00299EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/05 6:13 p.m.•55 views

CVE-2022-3628

A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. Mitigation To mitigate this issue, prevent the brcmfmac module from...

6.8CVSS7.5AI score0.00503EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/10/26 2:23 p.m.•55 views

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

5.9CVSS3.3AI score0.0369EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/20 6:47 a.m.•55 views

CVE-2022-43403

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS4.5AI score0.01428EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/21 5:18 a.m.•55 views

CVE-2022-35957

A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username or email in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with thi...

6.6CVSS6.9AI score0.01302EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/19 2:16 a.m.•55 views

CVE-2022-2466

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

5.3CVSS0.6AI score0.01497EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/07/15 10:32 a.m.•55 views

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion...

7.5CVSS1.7AI score0.01615EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/07/11 7:17 p.m.•55 views

CVE-2021-39715

In showregs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

4.4CVSS4.2AI score0.0013EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/11 3:50 p.m.•55 views

CVE-2022-32091

MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...

7.5CVSS2.1AI score0.02082EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/06/29 1:36 p.m.•55 views

CVE-2022-34494

A double free flaw was found in the Linux kernel Remote Processor Messaging rpmsg framework. This flaw could allow a local user to crash the system...

5.5CVSS2.3AI score0.00281EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/17 4:29 p.m.•55 views

CVE-2022-1665

A flaw was found in the Linux kernel, where a set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture were signed with Red Hat's production secure boot keys. This issue allows kernel versions targeted for testing to eventually boot in PowerPC environments with...

8.2CVSS2.4AI score0.00265EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/08 4:9 p.m.•55 views

CVE-2022-31212

A stack-based buffer over-read flaw was found in the dbus-broker package. Dbus-Broker depends on c-uitl/c-shquote to parse the DBus service's Exec line, and if a malicious Exec line is supplied, this can lead to a crash or other undefined behaviors...

7.5CVSS2.9AI score0.01749EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2022/06/07 2:28 a.m.•55 views

CVE-2022-1708

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

7.8CVSS1.8AI score0.02827EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/06/06 10:57 p.m.•55 views

CVE-2022-30126

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...

5.5CVSS4.2AI score0.02495EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/26 12:29 p.m.•55 views

CVE-2022-26691

An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution. Mitigation Red Hat has...

7.2CVSS2.7AI score0.00579EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/05/21 12:19 a.m.•55 views

CVE-2022-1382

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system...

7.1CVSS2.2AI score0.00681EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:0 a.m.•55 views

CVE-2021-37961

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.4AI score0.01222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/07 2:19 p.m.•55 views

CVE-2021-27292

A regular expression denial of service ReDoS vulnerability was found in the npm library ua-parser-js. If a supplied user agent matches the Noble string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces...

7.5CVSS3.1AI score0.03366EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/04/26 5:33 a.m.•55 views

CVE-2022-27455

A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mywildcmp8bitimpl at /strings/ctype-simple.c, affecting availability...

7.5CVSS3.1AI score0.01564EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/22 4:53 a.m.•55 views

CVE-2022-1420

A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a...

6.8CVSS2.4AI score0.01418EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/20 2:57 p.m.•55 views

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

8.8CVSS1.5AI score0.01557EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/14 10:38 p.m.•55 views

CVE-2022-27456

A flaw was found in the MariaDB Server. It contains a use-after-free in the component, VDec::VDec at /sql/sqltype.cc, affecting availability...

7.5CVSS3AI score0.02125EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/15 7:48 a.m.•55 views

CVE-2022-0908

A flaw was found in LibTIFF where a NULL source pointer passed as an argument to the memcpy function within the TIFFFetchNormalTag in tifdirread.c. This flaw allows an attacker with a crafted TIFF file to cause a crash that leads to a denial of service...

7.7CVSS5.9AI score0.0125EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/11 6:41 p.m.•55 views

CVE-2022-0886

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. Mitigation The given exploit needs...

1AI score
Exploits2References2
Total number of security vulnerabilities5000