Lucene search
K
RedhatcveMost viewed

206305 matches found

RedhatCVE
RedhatCVE
•added 2022/02/22 10:21 p.m.•54 views

CVE-2021-44568

A buffer over-read flaw was found in the test case reader in libsolv that created multiple out-of-bounds read symptoms. Depending on how client applications use libsolv, this flaw leads to a denial of service of the application if an attacker can supply crafted input to the test case reader...

6.5CVSS2.3AI score0.01767EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/14 3:26 p.m.•54 views

CVE-2022-0572

A heap-based buffer overflow flaw was found in vim's exretab function of indent.c file. This flaw occurs when repeatedly using ":retab." This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow. Mitigation Untrusted vim scripts with -s scriptin are not...

8.4CVSS3.8AI score0.26583EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/10 7:48 p.m.•54 views

CVE-2022-22764

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption, some of which could...

8.8CVSS3.2AI score0.00702EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/02/03 4:31 a.m.•54 views

CVE-2021-46661

MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE...

5.5CVSS3.7AI score0.00403EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/14 7:55 p.m.•54 views

CVE-2021-44532

It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host...

7.4CVSS3.4AI score0.10364EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•54 views

CVE-2022-22742

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...

7.5CVSS2.9AI score0.00796EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•54 views

CVE-2022-22740

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

8.8CVSS1.4AI score0.0096EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/01/11 5:24 p.m.•54 views

CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

7.8CVSS2.3AI score0.0072EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/12/27 5:55 p.m.•54 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

4.3CVSS3AI score0.00754EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/20 1:20 p.m.•54 views

CVE-2021-4135

A flaw memory leak in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsimmapallocelem being called. A local user could use this flaw to get unauthorized access to some data. Mitigation The default Red Hat Enterprise...

5.5CVSS2.1AI score0.00227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/10 2:57 p.m.•54 views

CVE-2021-4093

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...

8.8CVSS0.6AI score0.00419EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/11/25 8:18 p.m.•54 views

CVE-2021-4023

A flaw was found in the io-workqueue implementation in the Linux kernel. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to...

5.5CVSS5.9AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/16 6:45 p.m.•54 views

CVE-2021-42377

A flaw was found in BusyBox, where it did not properly sanitize while processing a crafted shell command, leading to a denial of service and possible code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

9.8CVSS8.8AI score0.03379EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/09 4:17 p.m.•54 views

CVE-2021-3941

In ImfChromaticities.cpp routine RGBtoXYZ, there are some division operations such as float Z = 1 - chroma.white.x - chroma.white.y Y / chroma.white.y; and chroma.green.y X + Z / d; but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition whi...

6.5CVSS6.6AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/05 6:58 p.m.•54 views

CVE-2021-32672

A flaw was found in redis. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer, potentially leading to an information disclosure...

5.3CVSS2.7AI score0.01702EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/30 8:49 p.m.•54 views

CVE-2021-41800

A flaw was found in MediaWiki, where Visiting Special:Contributions may result in a long query due to mishandled PoolCounter protection. This issue may cause resource exhaustion, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

5.3CVSS1.3AI score0.01735EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/30 3:2 p.m.•54 views

CVE-2021-39212

A flaw was found in ImageMagick in the Postscript File Handler component. An attacker could exploit this flaw which would, in some cases, lead to postscript files to be read and written to even when specifically excluded by a module policy in policy.xml. Mitigation Users are advised to use the...

4.4CVSS1AI score0.00328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/23 3:6 p.m.•54 views

CVE-2021-37972

A flaw was found in the libjpeg-turbo package, where it is susceptible to an out-of-bounds read on crafted input and malformed files. Proper bounds checking is not enforced when processing JPEG files. The highest threat from this vulnerability is system availability...

8.8CVSS0.9AI score0.01662EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/15 11:48 p.m.•54 views

CVE-2020-8561

A flaw was found in Kubernetes. This flaw allows an actor that controls the responses of the MutatingWebhookConfiguration or the ValidatingWebhookConfiguration requests to redirect kube-apiserver requests to the private network of the apiserver. If that user can view kube-apiserver logs when the...

4.1CVSS2.5AI score0.01953EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/06 5:22 p.m.•54 views

CVE-2021-39254

The ntfs3g package is susceptible to an input validation flaw. A crafted NTFS image with invalid values could trigger an improper check. This incorrect check causes an integer overflow which then leads to a heap overflow. The highest threat from this vulnerability is to confidentiality, integrity...

7.8CVSS2.6AI score0.00436EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/27 7:0 a.m.•54 views

CVE-2021-3743

An out-of-bounds OOB memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...

7.1CVSS0.9AI score0.0072EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2021/08/22 1:14 p.m.•54 views

CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. Mitigation This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the applications ClassPath. Hikari is not packaged as an RPM for Red Hat...

9.8CVSS0.5AI score0.10676EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/18 9:48 a.m.•54 views

CVE-2021-38165

A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. These credentials were included in the Server Name Indication SNI TLS extension data and sent unencrypted during the TLS connection handshake. This could lead to exposure of authentication...

5.3CVSS2.6AI score0.04455EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 6:20 p.m.•54 views

CVE-2020-21682

A global buffer overflow in the setfill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ge format...

5.5CVSS4.6AI score0.00853EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/11 6:20 p.m.•54 views

CVE-2020-21683

A global buffer overflow in the shadeortintnameafterdeclarecolor in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pstricks format...

5.5CVSS4.7AI score0.00782EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•54 views

CVE-2021-1826

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting...

8.1CVSS2AI score0.01061EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/01 5:22 p.m.•54 views

CVE-2021-29463

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

5.5CVSS4.3AI score0.01119EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/15 12:23 p.m.•54 views

CVE-2021-3601

A flaw was found in the way OpenSSL will accept a certificate with explicitly set Basic Constraints to CA:FALSE as a valid CA if it is present in the trusted bundle. This flaw allows an attacker with access to a private key, of which the corresponding certificate is in the trust bundle, to use th...

1.6AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/20 8:14 p.m.•54 views

CVE-2021-3561

An Out of Bounds flaw was found in fig2dev utility within transfig. An attacker could use this flaw and provide a crafted input to readobjects probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availabilit...

7.1CVSS1.9AI score0.01178EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/19 12:27 a.m.•54 views

CVE-2021-29956

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will...

4.3CVSS3.6AI score0.0081EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/13 5:59 p.m.•54 views

CVE-2020-36328

A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecodeInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS3.1AI score0.02662EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/06 6:36 p.m.•54 views

CVE-2021-31829

A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all syste...

6.2CVSS2.3AI score0.00306EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/27 7:36 p.m.•54 views

CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application...

8.6CVSS8.2AI score0.0828EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/30 2:27 p.m.•54 views

CVE-2021-29265

A flaw was found in the Linux kernel. The usbip driver allows attackers to cause a denial of service GPF because the stub-up sequence has race conditions during an update of the local and shared status. The highest threat from this vulnerability is to system availability...

4.7CVSS6AI score0.00258EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/17 8:48 p.m.•54 views

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

9.8CVSS0.5AI score0.84362EPSS
Exploits10References3
RedhatCVE
RedhatCVE
•added 2020/12/04 6:53 a.m.•54 views

CVE-2020-27822

A flaw was found in Wildfly. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability...

7.1CVSS3.2AI score0.01109EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/12/03 11:12 a.m.•54 views

CVE-2020-28948

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

7.8CVSS3.8AI score0.47493EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2020/12/01 5:29 p.m.•54 views

CVE-2020-29374

An issue was discovered in the Linux kernel related to mm/gup.c and mm/hugememory.c. The getuserpages aka gup implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended read access. Mitigation Mitigation for...

3.3CVSS0.8AI score0.00399EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/11/03 11:1 a.m.•54 views

CVE-2020-25661

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on...

8.8CVSS1.6AI score0.07693EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2020/10/08 12:34 p.m.•54 views

CVE-2020-25645

A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this...

7.5CVSS7.3AI score0.02404EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/09/18 9:30 a.m.•54 views

CVE-2020-25633

A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this...

5.3CVSS3.4AI score0.01211EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/07 10:19 a.m.•54 views

CVE-2020-3902

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site...

4.3CVSS2.1AI score0.01124EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/07/06 7:50 p.m.•54 views

CVE-2020-14314

A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability...

2.1CVSS6.3AI score0.00356EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2020/06/18 3:55 p.m.•54 views

CVE-2019-17566

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

5CVSS4.1AI score0.1074EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/05/07 12:40 p.m.•54 views

CVE-2020-12657

A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. This flaw allows a local user able to groom system memory to cause kernel memory corruption and possible privilege escalation by abusing a race condition in the IO scheduler. Mitigation The default io scheduler for Red...

4.6CVSS0.8AI score0.00711EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/09 12:21 p.m.•54 views

CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

9.8CVSS1.8AI score0.04293EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2020/04/09 10:6 a.m.•54 views

CVE-2018-12207

A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor,...

6.5CVSS0.4AI score0.00915EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/02 7:58 p.m.•54 views

CVE-2019-8980

A kernel memory leak was found in the kernelreadfile function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service DoS...

7.8CVSS2.7AI score0.05845EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/29 7:57 a.m.•54 views

CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

7.5CVSS2.6AI score0.06677EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/03/28 8:0 p.m.•54 views

CVE-2019-11044

A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths...

7.5CVSS1.7AI score0.05363EPSS
Exploits4References3
Total number of security vulnerabilities5000