Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2023/04/19 9:31 a.m.•54 views

CVE-2023-21939

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable...

5.3CVSS5.2AI score0.02474EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/04/11 4:58 p.m.•54 views

CVE-2023-28260

A vulnerability was found in dotNet. A runtime DLL may be loaded from an unexpected location, resulting in remote code execution...

7.8CVSS7.9AI score0.01531EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/08 11:55 a.m.•54 views

CVE-2022-28131

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.3CVSS7.7AI score0.01875EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/06 6:59 a.m.•54 views

CVE-2023-26604

A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some Sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to ...

7.1CVSS7.4AI score0.01051EPSS
Exploits4References6
RedhatCVE
RedhatCVE
•added 2023/02/23 3:29 p.m.•54 views

CVE-2023-25012

A use-after-free flaw was found in the Linux kernel. This issue may be triggered in the bigbensetled function when plugging in a malicious USB device that advertises itself as a bigben device. This flaw allows a local user with physical access to cause a denial of service...

4.6CVSS5.5AI score0.00813EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/01/25 7:5 p.m.•54 views

CVE-2023-22482

A flaw was found in ArgoCD. GitOps is vulnerable to an improper authorization bug where the API may accept invalid tokens. ID providers include an audience claim in signed tokens, which may be used to restrict which services can accept the token. ArgoCD doesn't properly validate the audience clai...

8.8CVSS8.6AI score0.00879EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 12:5 p.m.•54 views

CVE-2021-26346

A flaw was found in hw. Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash, resulting in a potential denial of service. Mitigation Please contact AMD for more updates on this...

4.1CVSS2.6AI score0.00212EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/23 6:5 p.m.•54 views

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

8.1CVSS9.9AI score0.99753EPSS
Exploits15References4
RedhatCVE
RedhatCVE
•added 2022/12/05 8:1 p.m.•54 views

CVE-2022-3564

A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. Mitigati...

7.1CVSS6.9AI score0.0129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/03 7:55 p.m.•54 views

CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

7.1CVSS3.5AI score0.00271EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/25 5:44 a.m.•54 views

CVE-2022-34037

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service DoS via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an...

7.5CVSS7.2AI score0.00972EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/07/14 12:14 p.m.•54 views

CVE-2022-32532

A flaw was sound in Apache Shiro's RegexRequestMatcher, which can be misconfigured and bypassed on some servlet containers. Applications using RegExPatternMatcher with '.' in the regular expression are vulnerable to an authorization bypass...

9.8CVSS3.6AI score0.25431EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/07 8:15 p.m.•54 views

CVE-2022-33980

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

7.5CVSS6.8AI score0.42646EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2022/06/21 6:59 a.m.•54 views

CVE-2022-33981

A use-after-free flaw was found in drivers/block/floppy.c in floppy drive in the Linux Kernel. This issue could allow a local attacker to crash the system due to a race problem between rawcmdioctl and seekinterrupt, which can lead to a kernel information leak...

3.3CVSS5.5AI score0.00545EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/06/06 11:27 p.m.•54 views

CVE-2022-28948

A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert or deserialize invalid input data, potentially impacting system stability and reliability...

7.5CVSS7.3AI score0.035EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/20 11:56 p.m.•54 views

CVE-2021-34340

Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCRDECR in decompiler.c file that causes a direct segmentation fault and leads to denial of service...

6.5CVSS3.6AI score0.00883EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2022/05/14 11:32 a.m.•54 views

CVE-2020-11619

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, we...

8.1CVSS2.2AI score0.03607EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/05 2:26 p.m.•54 views

CVE-2022-29824

A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-bounds write. Mitigation Avoid passing large inputs to the libxml2 library...

7.4CVSS3.4AI score0.0363EPSS
Exploits5References3
RedhatCVE
RedhatCVE
•added 2022/04/18 7:55 p.m.•54 views

CVE-2022-28109

A flaw was found in the WebDriver endpoint of Selenium Grid suite. A malicious web server can be reached via Cross-Site Request Forgery CSRF and DNS-rebinding attacks. This issue could allow an attacker to execute arbitrary code on the machine...

8.8CVSS5.2AI score0.01044EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/18 6:57 a.m.•54 views

CVE-2022-1381

A global heap buffer overflow vulnerability was found in vim's skiprange function of the src/exdocmd.c file. This flaw occurs because vim uses an invalid pointer with "V:" in Ex mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer...

7.8CVSS3.6AI score0.03104EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/07 9:54 a.m.•54 views

CVE-2022-24795

A flaw was found in the YAJL library in the way it reallocates a memory buffer to store more data. A very large input causes the value used to calculate the buffer size to overflow, resulting in a heap-based buffer overflow. Mitigation Avoid passing large inputs to the YAJL library...

7.5CVSS2.9AI score0.03472EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/04 11:50 a.m.•54 views

CVE-2022-24790

A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity...

9.1CVSS0.4AI score0.0214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/31 8:48 p.m.•54 views

CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS4.5AI score0.00645EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/28 7:47 p.m.•54 views

CVE-2022-24778

A flaw was found in the imgcrypt library when checking the keys of an authorized user to access an encrypted image on systems where layers are not available and cannot run on the host architecture. This flaw allows an attacker to run an image without providing the previously decrypted keys...

7.5CVSS4.2AI score0.02676EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/03/22 5:32 a.m.•54 views

CVE-2021-40662

A Cross-Site Request Forgery CSRF in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL...

8.8CVSS7.2AI score0.01079EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/15 8:8 a.m.•54 views

CVE-2022-0907

A NULL pointer dereference flaw was found in Libtiff. This flaw allows an attacker with a crafted TIFF file to cause a crash that leads to a denial of service...

5.5CVSS5.8AI score0.0127EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/25 6:48 a.m.•54 views

CVE-2022-0554

A flaw was found in vim that causes an out-of-range pointer offset vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

8.4CVSS3.8AI score0.01607EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/17 5:1 p.m.•54 views

CVE-2022-25184

A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromis...

6.5CVSS4.4AI score0.00862EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/17 3:47 p.m.•54 views

CVE-2022-25174

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.5AI score0.01421EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/18 10:31 p.m.•54 views

CVE-2022-21341

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS4.7AI score0.03765EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/18 5:53 p.m.•54 views

CVE-2022-23219

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clntcreate in the sunrpc's clntgen.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in...

9.8CVSS3.3AI score0.04211EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•54 views

CVE-2022-22742

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...

7.5CVSS2.9AI score0.00796EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/12 11:23 p.m.•54 views

CVE-2022-22740

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

8.8CVSS1.4AI score0.0096EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2021/12/27 5:55 p.m.•54 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

4.3CVSS3AI score0.00754EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/20 1:20 p.m.•54 views

CVE-2021-4135

A flaw memory leak in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsimmapallocelem being called. A local user could use this flaw to get unauthorized access to some data. Mitigation The default Red Hat Enterprise...

5.5CVSS2.1AI score0.00227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/10 2:57 p.m.•54 views

CVE-2021-4093

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...

8.8CVSS0.6AI score0.00419EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/12/08 2:49 a.m.•54 views

CVE-2021-43536

The Mozilla Foundation Security Advisory describes this flaw as: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL...

7.5CVSS7.8AI score0.0167EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/25 8:18 p.m.•54 views

CVE-2021-4023

A flaw was found in the io-workqueue implementation in the Linux kernel. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to...

5.5CVSS5.9AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/24 2:8 p.m.•54 views

CVE-2021-3982

Linux distributions using CAPSYSNICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAPSYSNICE is currently implemented and eventually load code to increase its process scheduler priority leading to possib...

5.5CVSS5.9AI score0.00285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/30 8:49 p.m.•54 views

CVE-2021-41800

A flaw was found in MediaWiki, where Visiting Special:Contributions may result in a long query due to mishandled PoolCounter protection. This issue may cause resource exhaustion, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

5.3CVSS1.3AI score0.01735EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/21 7:10 p.m.•54 views

CVE-2021-32280

The transfig package is susceptible to a NULL pointer dereference on crafted input. While translating fig code, patterns which include incomplete closed splines lead to this software flaw. The highest threat from this vulnerability is availability...

4.3CVSS1.6AI score0.00949EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/13 6:54 p.m.•54 views

CVE-2020-19144

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in TIFFmemcpy' funtion in the component 'tifunix.c'...

7.5CVSS5.4AI score0.01594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/22 1:14 p.m.•54 views

CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. Mitigation This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the applications ClassPath. Hikari is not packaged as an RPM for Red Hat...

9.8CVSS0.5AI score0.10676EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/18 9:48 a.m.•54 views

CVE-2021-38165

A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. These credentials were included in the Server Name Indication SNI TLS extension data and sent unencrypted during the TLS connection handshake. This could lead to exposure of authentication...

5.3CVSS2.6AI score0.04455EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/16 12:55 p.m.•54 views

CVE-2021-3701

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate use...

6.6CVSS3AI score0.00264EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 6:57 p.m.•54 views

CVE-2020-21675

A stack-based buffer overflow in the genptktext component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ptk format...

5.5CVSS4.5AI score0.01059EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/11 6:20 p.m.•54 views

CVE-2020-21682

A global buffer overflow in the setfill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ge format...

5.5CVSS4.6AI score0.00853EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/08 2:41 a.m.•54 views

CVE-2020-14297

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

4CVSS3.5AI score0.01203EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/02 3:50 p.m.•54 views

CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...

4.3CVSS2.5AI score0.04794EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•54 views

CVE-2021-1826

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting...

8.1CVSS2AI score0.01061EPSS
Exploits0References4
Total number of security vulnerabilities5000