Lucene search
K
RedhatcveMost viewed

206305 matches found

RedhatCVE
RedhatCVE
•added 2024/04/26 6:4 a.m.•54 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

7.5CVSS7.3AI score0.012EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/04/09 5:51 p.m.•54 views

CVE-2024-23081

A null pointer exception vulnerability was found in Threeten Backport. If the other parameter is null in ChronoLocalDate, a NullPointerException is thrown. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...

7.5CVSS8.3AI score0.00284EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/02/06 3:32 p.m.•54 views

CVE-2024-1271

No description is available for this CVE...

7.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/28 9:52 a.m.•54 views

CVE-2023-52340

A flaw in the routing table size was found in the ICMPv6 handling of "Packet Too Big". The size of the routing table is regulated by periodic garbage collection. However, with "Packet Too Big Messages" it is possible to exceed the routing table size and garbage collector threshold. A user located...

6.5CVSS5.7AI score0.0094EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/01/24 12:25 p.m.•54 views

CVE-2024-23222

A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog. Mitigation Do not process or load untrusted web content...

8.8CVSS7.9AI score0.10593EPSS
Exploits6References5
RedhatCVE
RedhatCVE
•added 2024/01/17 9:13 a.m.•54 views

CVE-2024-20932

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modificati...

7.5CVSS7.2AI score0.00782EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/11/16 10:46 p.m.•54 views

CVE-2023-47641

Aiohttp is susceptible to an HTTP request smuggling vulnerability due to inadequate parsing of the HTTP Content-Length CL and Transfer-Encoding TE headers. This flaw allows an attacker to bypass proxy rules, poisoning sockets to other users, such as passing Authentication Headers. Additionally, i...

3.4CVSS6.3AI score0.00827EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/11/07 2:32 a.m.•54 views

CVE-2023-47233

A use-after-free issue was found in the brcm80211 component in the Linux kernel, which may be triggered by a physical attacker while disconnecting a device. Mitigation To mitigate this issue, prevent module brcmfmac from being loaded. Please see https://access.redhat.com/solutions/41278 for how t...

4.3CVSS5.7AI score0.00315EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/04 10:31 p.m.•54 views

CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...

7.2CVSS7.3AI score0.01112EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/30 9:12 p.m.•54 views

CVE-2023-39615

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

6.5CVSS6.5AI score0.00667EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/08/23 7:15 p.m.•54 views

CVE-2020-19726

A heap-based buffer overflow was found in binutils in the bfdgetl32 function, relating to the auxiliary symbol data. This flaw allows an attacker to read or write to system memory or cause a denial of service...

8.8CVSS8.6AI score0.00664EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/07/28 9:49 a.m.•54 views

CVE-2023-37920

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

9.1CVSS6.4AI score0.00468EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/21 7:30 a.m.•54 views

CVE-2023-29406

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacke...

6.5CVSS6.5AI score0.0125EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/20 5:14 a.m.•54 views

CVE-2023-32030

A vulnerability was found in dotnet that can cause a denial of service...

7.5CVSS6.7AI score0.0222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/19 7:10 a.m.•54 views

CVE-2023-2804

A heap-based buffer overflow issue was found in libjpeg-turbo in the h2v2mergedupsampleinternal function in the jdmrgext.c file. This issue can only be used with 12-bit data precision for which the range of the sample data type exceeds the valid sample range. This could allow an attacker to craft...

6.5CVSS7.2AI score0.012EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/04/26 8:21 a.m.•54 views

CVE-2021-41803

A flaw was found in HashiCorp Consul, where it is vulnerable to a denial of service caused by improper input validation for the node or segment names. By sending a specially-crafted request, a remote, authenticated attacker can cause a denial of service. Mitigation Mitigation for this issue is...

7.1CVSS6.4AI score0.00846EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/11 4:58 p.m.•54 views

CVE-2023-28260

A vulnerability was found in dotNet. A runtime DLL may be loaded from an unexpected location, resulting in remote code execution...

7.8CVSS7.9AI score0.01531EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/08 11:55 a.m.•54 views

CVE-2022-28131

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.3CVSS7.7AI score0.01875EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/30 9:14 a.m.•54 views

CVE-2023-23004

A NULL pointer dereference flaw was found in the Linux kernel's Mali-DP Device Driver. This flaw allows a local user to crash the system...

5.5CVSS6AI score0.0029EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/27 6:13 p.m.•54 views

CVE-2023-23913

A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks...

7.5CVSS5.5AI score0.00632EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/23 3:29 p.m.•54 views

CVE-2023-25012

A use-after-free flaw was found in the Linux kernel. This issue may be triggered in the bigbensetled function when plugging in a malicious USB device that advertises itself as a bigben device. This flaw allows a local user with physical access to cause a denial of service...

4.6CVSS5.5AI score0.00813EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/02/22 4:59 a.m.•54 views

CVE-2022-23713

A Cross-site-scripting XSS vulnerability was found in the Vega Charts Kibana integration. This issue could allow arbitrary JavaScript to be executed in a victim’s browser...

6.1CVSS2.9AI score0.00777EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/30 1:5 p.m.•54 views

CVE-2022-39324

A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the "Open original dashboard" button...

6.7CVSS1.2AI score0.02179EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 7:5 p.m.•54 views

CVE-2023-22482

A flaw was found in ArgoCD. GitOps is vulnerable to an improper authorization bug where the API may accept invalid tokens. ID providers include an audience claim in signed tokens, which may be used to restrict which services can accept the token. ArgoCD doesn't properly validate the audience clai...

8.8CVSS8.6AI score0.00879EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/24 5:6 a.m.•54 views

CVE-2022-47024

A NULL pointer dereference issue was found in Vim's guix11createblankmouse function in guix11.c. This flaw allows attackers to cause a denial of service and other unspecified impacts...

7.8CVSS6.9AI score0.0026EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/23 6:5 p.m.•54 views

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

8.1CVSS9.9AI score0.99753EPSS
Exploits15References4
RedhatCVE
RedhatCVE
•added 2022/12/23 5:35 p.m.•54 views

CVE-2022-47940

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2write...

8.1CVSS2.3AI score0.01393EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2022/12/08 4:40 a.m.•54 views

CVE-2022-3633

A memory leak flaw was found in the Linux kernel’s j1939 socket functionality. This flaw allows a local user to crash the system...

3.3CVSS2.3AI score0.00297EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/05 8:1 p.m.•54 views

CVE-2022-3564

A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. Mitigati...

7.1CVSS6.9AI score0.0129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/05 6:13 p.m.•54 views

CVE-2022-3628

A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. Mitigation To mitigate this issue, prevent the brcmfmac module from...

6.8CVSS7.5AI score0.00503EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/10/26 2:23 p.m.•54 views

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

5.9CVSS3.3AI score0.0369EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/21 5:18 a.m.•54 views

CVE-2022-35957

A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username or email in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with thi...

6.6CVSS6.9AI score0.01302EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/14 12:14 p.m.•54 views

CVE-2022-32532

A flaw was sound in Apache Shiro's RegexRequestMatcher, which can be misconfigured and bypassed on some servlet containers. Applications using RegExPatternMatcher with '.' in the regular expression are vulnerable to an authorization bypass...

9.8CVSS3.6AI score0.25431EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/29 1:36 p.m.•54 views

CVE-2022-34494

A double free flaw was found in the Linux kernel Remote Processor Messaging rpmsg framework. This flaw could allow a local user to crash the system...

5.5CVSS2.3AI score0.00281EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/06 10:57 p.m.•54 views

CVE-2022-30126

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...

5.5CVSS4.2AI score0.02495EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/31 2:53 p.m.•54 views

CVE-2022-31740

The Mozilla Foundation Security Advisory describes this flaw as: On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash...

8.8CVSS3AI score0.00651EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/05/26 12:29 p.m.•54 views

CVE-2022-26691

An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution. Mitigation Red Hat has...

7.2CVSS2.7AI score0.00579EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/05/21 12:0 a.m.•54 views

CVE-2021-37961

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.4AI score0.01222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/20 11:56 p.m.•54 views

CVE-2021-34340

Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCRDECR in decompiler.c file that causes a direct segmentation fault and leads to denial of service...

6.5CVSS3.6AI score0.00883EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2022/05/07 2:19 p.m.•54 views

CVE-2021-27292

A regular expression denial of service ReDoS vulnerability was found in the npm library ua-parser-js. If a supplied user agent matches the Noble string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces...

7.5CVSS3.1AI score0.03366EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/05 2:26 p.m.•54 views

CVE-2022-29824

A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-bounds write. Mitigation Avoid passing large inputs to the libxml2 library...

7.4CVSS3.4AI score0.0363EPSS
Exploits5References3
RedhatCVE
RedhatCVE
•added 2022/04/22 4:53 a.m.•54 views

CVE-2022-1420

A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a...

6.8CVSS2.4AI score0.01418EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/18 7:55 p.m.•54 views

CVE-2022-28109

A flaw was found in the WebDriver endpoint of Selenium Grid suite. A malicious web server can be reached via Cross-Site Request Forgery CSRF and DNS-rebinding attacks. This issue could allow an attacker to execute arbitrary code on the machine...

8.8CVSS5.2AI score0.01044EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/18 6:57 a.m.•54 views

CVE-2022-1381

A global heap buffer overflow vulnerability was found in vim's skiprange function of the src/exdocmd.c file. This flaw occurs because vim uses an invalid pointer with "V:" in Ex mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer...

7.8CVSS3.6AI score0.03104EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/14 10:38 p.m.•54 views

CVE-2022-27456

A flaw was found in the MariaDB Server. It contains a use-after-free in the component, VDec::VDec at /sql/sqltype.cc, affecting availability...

7.5CVSS3AI score0.02125EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/31 8:48 p.m.•54 views

CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS4.5AI score0.00645EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/28 7:47 p.m.•54 views

CVE-2022-24778

A flaw was found in the imgcrypt library when checking the keys of an authorized user to access an encrypted image on systems where layers are not available and cannot run on the host architecture. This flaw allows an attacker to run an image without providing the previously decrypted keys...

7.5CVSS4.2AI score0.02676EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/03/22 5:32 a.m.•54 views

CVE-2021-40662

A Cross-Site Request Forgery CSRF in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL...

8.8CVSS7.2AI score0.01079EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/02 10:53 a.m.•54 views

CVE-2022-25375

An information disclosure vulnerability was found in the Linux kernel. The RNDIS USB gadget lacks validation of the size of the RNDISMSGSET command. This flaw allows a local attacker to dump contents of kernel memory space via a packet filter update mechanism and potentially extract sensitive...

5.5CVSS3.5AI score0.01054EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/25 3:18 p.m.•54 views

CVE-2022-26129

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parsehellosubtlv, parseihusubtlv, and parseupdatesubtlv in babeld/message.c...

8.1CVSS3.1AI score0.01014EPSS
Exploits1References3
Total number of security vulnerabilities5000