Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2020/01/24 4:0 p.m.•55 views

CVE-2018-10546

An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote attacker could use this vulnerability to hang the php process and consume resources...

7.5CVSS1.9AI score0.10433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2020/01/18 9:23 a.m.•55 views

CVE-2018-10549

An out-of-bounds read has been found in PHP when function exifiifaddvalue handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash...

8.8CVSS1.7AI score0.07159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2019/11/21 12:37 p.m.•55 views

CVE-2019-19056

A flaw was found in the way the mwifiex PCIE driver in the Linux kernel handled resource cleanup on a DMA mapping error. This flaw allows an attacker able to trigger the DMA mapping error to crash the system. Mitigation In order to mitigate this issue it is possible to prevent the affected code...

4.7CVSS1.3AI score0.00387EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/11/21 11:38 a.m.•55 views

CVE-2019-19046

A memory leak problem was found in ipmibmcregister in drivers/char/ipmi/ipmimsghandler.c in Intelligent Platform Management Interface IPMI which is used for incoming and outgoing message routing purpose. This flaw may allow an attacker with minimal privilege to cause a denial of service by...

6.8CVSS1.6AI score0.02745EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/10/10 4:24 a.m.•55 views

CVE-2017-9075

The sctpv6createacceptsk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this fl...

7.8CVSS3.8AI score0.01372EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2019/07/18 6:51 a.m.•55 views

CVE-2019-13631

A flaw was found in the Linux kernel's implementation of GTCO tablet/digitizer's version of the parsehidreportdescriptor in drivers. An attacker with local access could use this flaw to create a specially crafted USB device inserted into the host to corrupt memory, trigger an out-of-bounds write...

6.8CVSS2.9AI score0.00817EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/05/14 12:8 p.m.•55 views

CVE-2018-18088

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c...

6.5CVSS2.6AI score0.02107EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2019/01/22 9:50 p.m.•55 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS0.7AI score0.19994EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2018/04/09 8:20 p.m.•56 views

CVE-2018-9251

The xzdecomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035...

5.3CVSS5.3AI score0.03199EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2017/06/29 1:19 p.m.•55 views

CVE-2017-8797

It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service...

8.6CVSS7AI score0.08665EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/05/17 3:9 p.m.•55 views

CVE-2017-8890

The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memor...

7.8CVSS4.4AI score0.01372EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2017/03/31 9:48 a.m.•55 views

CVE-2017-7272

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead ...

7.4CVSS1.1AI score0.03514EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2016/12/15 8:20 p.m.•55 views

CVE-2016-6480

A race condition flaw was found in the ioctlsendfib function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service out-of-bounds access or system crash by changing a certain size value...

5.1CVSS2.9AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/07/06 3:21 a.m.•55 views

CVE-2016-4438

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...

9.8CVSS9.3AI score0.17171EPSS
Exploits2References2
RedhatCVE
RedhatCVE
•added 2025/10/25 12:42 a.m.•54 views

CVE-2025-46185

An Insecure Permission vulnerability in pgcodekeeper 10.12.0 allows a local attacker to obtain sensitive information via the plaintext storage of passwords and usernames...

6.2CVSS6.3AI score0.00126EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/10/07 6:9 a.m.•54 views

CVE-2025-11321

A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results in authorization bypass. Th...

5.3CVSS6.7AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/08/12 10:29 a.m.•54 views

CVE-2023-31315

A flaw was found in hw. Improper validation in a model-specific register MSR could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution. Mitigation Mitigation for this issue is either not availab...

7.5CVSS7.4AI score0.00622EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/07/23 9:24 p.m.•54 views

CVE-2024-4076

A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server. Mitigation Mitigation for this issue is either not available or the currently available...

7.5CVSS7.2AI score0.02111EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/05/29 9:49 a.m.•54 views

CVE-2024-36107

A sensitive information disclosure vulnerability was found in MinIO. Headers can be used to determine if an object exists or not on the server on a specific bucket and gain access to sensitive information. Mitigation Mitigation for this issue is either not available or the currently available...

5.3CVSS5.2AI score0.00549EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/28 6:22 p.m.•54 views

CVE-2023-52424

A flaw was found in the IEEE 802.11 standard. This vulnerability possibly allows an adversary to trick a victim into connecting to an unintended or untrusted network because the SSID is not always used to derive the pairwise master key or session keys and because there is not a protected exchange...

7.4CVSS6.6AI score0.00716EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/23 1:30 p.m.•54 views

CVE-2021-47282

In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: Fix out-of-bounds access with more than 4 slaves Commit 571e31fa60b3 "spi: bcm2835: Cache CS register value for -preparemessage" limited the number of slaves to 3 at compile-time. The limitation was necessitated by ...

5.5CVSS6.6AI score0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/14 11:56 p.m.•54 views

CVE-2024-32004

A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code. Mitigation Exercise caution when cloning repositori...

8.1CVSS7.4AI score0.01271EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/29 4:20 p.m.•54 views

CVE-2022-48655

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations i...

7.8CVSS7.2AI score0.00737EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/26 6:4 a.m.•54 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

7.5CVSS7.3AI score0.012EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/04/09 5:51 p.m.•54 views

CVE-2024-23081

A null pointer exception vulnerability was found in Threeten Backport. If the other parameter is null in ChronoLocalDate, a NullPointerException is thrown. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...

7.5CVSS8.3AI score0.00284EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/03/20 6:1 p.m.•54 views

CVE-2024-1394

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.6AI score0.01533EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2024/03/18 7:28 p.m.•54 views

CVE-2024-21652

A bypass of brute force protection flaw was found in Argo CD. Since login attempts are stored only in memory, every time the server restarts, that number is lost and unlimited login attempts can be made. It is possible to bypass brute force protections by chaining this issue with a denial of...

5.4CVSS9.2AI score0.01176EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/03/06 3:33 a.m.•54 views

CVE-2024-24785

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

6.5CVSS7.1AI score0.00795EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2024/02/19 8:50 p.m.•54 views

CVE-2024-25710

A loop with an unreachable exit condition Infinite Loop vulnerability was found in Apache Common Compress. This issue can lead to a denial of service. Mitigation No mitigation is currently available for this vulnerability...

8.1CVSS7.8AI score0.00441EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/02/06 3:32 p.m.•54 views

CVE-2024-1271

No description is available for this CVE...

7.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/28 9:52 a.m.•54 views

CVE-2023-52340

A flaw in the routing table size was found in the ICMPv6 handling of "Packet Too Big". The size of the routing table is regulated by periodic garbage collection. However, with "Packet Too Big Messages" it is possible to exceed the routing table size and garbage collector threshold. A user located...

6.5CVSS5.7AI score0.0094EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/01/24 12:25 p.m.•54 views

CVE-2024-23222

A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog. Mitigation Do not process or load untrusted web content...

8.8CVSS7.9AI score0.10593EPSS
Exploits6References5
RedhatCVE
RedhatCVE
•added 2024/01/17 9:12 a.m.•54 views

CVE-2024-20918

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.1AI score0.00911EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/11/16 10:46 p.m.•54 views

CVE-2023-47641

Aiohttp is susceptible to an HTTP request smuggling vulnerability due to inadequate parsing of the HTTP Content-Length CL and Transfer-Encoding TE headers. This flaw allows an attacker to bypass proxy rules, poisoning sockets to other users, such as passing Authentication Headers. Additionally, i...

3.4CVSS6.3AI score0.00827EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/10/11 6:43 a.m.•54 views

CVE-2023-43641

A flaw was found in libcue, which is consumed by the tracker-miners application. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious web page, allowing remote code execution...

8.8CVSS6.8AI score0.1657EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/10/09 9:51 a.m.•54 views

CVE-2023-39195

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: CVE-2023-39195 was found to be a duplicate of CVE-2023-42755. Please see https://access.redhat.com/security/cve/CVE-2023-42755 for more information...

6.2AI score0.004EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/10/04 10:31 p.m.•54 views

CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...

7.2CVSS7.3AI score0.01112EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/03 6:24 p.m.•54 views

CVE-2023-4693

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

5.3CVSS5.7AI score0.00536EPSS
Exploits2References6
RedhatCVE
RedhatCVE
•added 2023/09/21 7:54 p.m.•54 views

CVE-2023-5115

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path...

6.3CVSS7AI score0.00859EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/02 3:35 p.m.•55 views

CVE-2020-27418

A use-after-free vulnerability was found in the vgaconinvertregion in drivers/video/console/vgacon.c in the low-level VGA-based console driver in the Linux kernel. This flaw allows a local privileged attacker to crash the system due to a missing sanity check, causing a denial of service. Mitigati...

4.4CVSS5AI score0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/30 9:12 p.m.•54 views

CVE-2023-39615

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

6.5CVSS6.5AI score0.00667EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/08/28 7:45 p.m.•54 views

CVE-2023-4569

A memory leak flaw was found in nftsetcatchallflush in net/netfilter/nftablesapi.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak. Mitigation Mitigation for this issue is to skip loading the affected...

5.5CVSS5.6AI score0.00282EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/23 9:22 p.m.•54 views

CVE-2022-44840

A heap-based buffer overflow vulnerability was found in binutils in the findsectioninset function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity...

7.8CVSS7.7AI score0.00461EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/08 5:51 p.m.•54 views

CVE-2023-38180

An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. Mitigation If your application is running behind a reverse proxy, or We...

7.5CVSS7.3AI score0.15519EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2023/07/21 7:30 a.m.•54 views

CVE-2023-29406

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacke...

6.5CVSS6.5AI score0.0125EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/19 10:52 a.m.•54 views

CVE-2023-29824

A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a use-after-free bug in the PyFindObjects function. By sending a specially crafted request, an attacker can cause a denial of service condition...

7CVSS8.5AI score0.0111EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/07/12 9:36 a.m.•54 views

CVE-2022-24834

A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote co...

7CVSS8.8AI score0.4292EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/07/05 3:17 p.m.•54 views

CVE-2023-30581

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

7.5CVSS7.6AI score0.0105EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/19 7:10 a.m.•54 views

CVE-2023-2804

A heap-based buffer overflow issue was found in libjpeg-turbo in the h2v2mergedupsampleinternal function in the jdmrgext.c file. This issue can only be used with 12-bit data precision for which the range of the sample data type exceeds the valid sample range. This could allow an attacker to craft...

6.5CVSS7.2AI score0.012EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/04/26 8:21 a.m.•54 views

CVE-2021-41803

A flaw was found in HashiCorp Consul, where it is vulnerable to a denial of service caused by improper input validation for the node or segment names. By sending a specially-crafted request, a remote, authenticated attacker can cause a denial of service. Mitigation Mitigation for this issue is...

7.1CVSS6.4AI score0.00846EPSS
Exploits0References4
Total number of security vulnerabilities5000