Lucene search
K
RedhatcveMost viewed

206586 matches found

RedhatCVE
RedhatCVE
•added 2022/06/29 12:36 p.m.•54 views

CVE-2022-34470

The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash...

9.8CVSS1.5AI score0.01064EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/06/06 11:27 p.m.•54 views

CVE-2022-28948

A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert or deserialize invalid input data, potentially impacting system stability and reliability...

7.5CVSS7.3AI score0.035EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/25 2:33 p.m.•54 views

CVE-2022-1875

No description is available for this CVE...

1.3AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/25 2:33 p.m.•54 views

CVE-2022-1874

No description is available for this CVE...

1.3AI score0.00765EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/25 2:30 p.m.•54 views

CVE-2022-1856

No description is available for this CVE...

1.3AI score0.00498EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/20 11:56 p.m.•54 views

CVE-2021-34340

Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCRDECR in decompiler.c file that causes a direct segmentation fault and leads to denial of service...

6.5CVSS3.6AI score0.00883EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2022/05/14 11:32 a.m.•54 views

CVE-2020-11619

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, we...

8.1CVSS2.2AI score0.03607EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/05 2:26 p.m.•54 views

CVE-2022-29824

A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-bounds write. Mitigation Avoid passing large inputs to the libxml2 library...

7.4CVSS3.4AI score0.0363EPSS
Exploits5References3
RedhatCVE
RedhatCVE
•added 2022/04/18 7:55 p.m.•54 views

CVE-2022-28109

A flaw was found in the WebDriver endpoint of Selenium Grid suite. A malicious web server can be reached via Cross-Site Request Forgery CSRF and DNS-rebinding attacks. This issue could allow an attacker to execute arbitrary code on the machine...

8.8CVSS5.2AI score0.01044EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/18 6:57 a.m.•54 views

CVE-2022-1381

A global heap buffer overflow vulnerability was found in vim's skiprange function of the src/exdocmd.c file. This flaw occurs because vim uses an invalid pointer with "V:" in Ex mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer...

7.8CVSS3.6AI score0.03104EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/07 9:54 a.m.•54 views

CVE-2022-24795

A flaw was found in the YAJL library in the way it reallocates a memory buffer to store more data. A very large input causes the value used to calculate the buffer size to overflow, resulting in a heap-based buffer overflow. Mitigation Avoid passing large inputs to the YAJL library...

7.5CVSS2.9AI score0.03472EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/04 11:50 a.m.•54 views

CVE-2022-24790

A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity...

9.1CVSS0.4AI score0.0214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/31 8:43 p.m.•54 views

CVE-2021-33096

A denial-of-service flaw was found due to improper isolation of shared resources in the network on chip for the IntelR 82599 Ethernet Controllers and Adapters. This may allow an authenticated user to potentially create a denial of service via local access. Mitigation Mitigation for this issue is...

5.5CVSS2AI score0.00277EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/28 7:47 p.m.•54 views

CVE-2022-24778

A flaw was found in the imgcrypt library when checking the keys of an authorized user to access an encrypted image on systems where layers are not available and cannot run on the host architecture. This flaw allows an attacker to run an image without providing the previously decrypted keys...

7.5CVSS4.2AI score0.02676EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/03/22 5:32 a.m.•54 views

CVE-2021-40662

A Cross-Site Request Forgery CSRF in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL...

8.8CVSS7.2AI score0.01079EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/15 8:8 a.m.•54 views

CVE-2022-0907

A NULL pointer dereference flaw was found in Libtiff. This flaw allows an attacker with a crafted TIFF file to cause a crash that leads to a denial of service...

5.5CVSS5.8AI score0.0127EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/17 5:1 p.m.•54 views

CVE-2022-25184

A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromis...

6.5CVSS4.4AI score0.00876EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/17 3:47 p.m.•54 views

CVE-2022-25174

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.5AI score0.01443EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/24 6:29 p.m.•54 views

CVE-2021-34403

NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service...

7.8CVSS4.7AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/24 4:37 p.m.•54 views

CVE-2022-22822

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality a...

9.8CVSS2.1AI score0.04829EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/18 10:31 p.m.•54 views

CVE-2022-21341

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS4.7AI score0.03765EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/18 5:53 p.m.•54 views

CVE-2022-23219

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clntcreate in the sunrpc's clntgen.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in...

9.8CVSS3.3AI score0.04211EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2021/12/27 5:55 p.m.•54 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

4.3CVSS3AI score0.00754EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/22 2:7 p.m.•54 views

CVE-2021-4157

An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication of files with NFS. A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system...

8CVSS0.7AI score0.01584EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/20 1:20 p.m.•54 views

CVE-2021-4135

A flaw memory leak in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsimmapallocelem being called. A local user could use this flaw to get unauthorized access to some data. Mitigation The default Red Hat Enterprise...

5.5CVSS2.1AI score0.00233EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/10 2:57 p.m.•54 views

CVE-2021-4093

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...

8.8CVSS0.6AI score0.00419EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/12/08 2:49 a.m.•54 views

CVE-2021-43536

The Mozilla Foundation Security Advisory describes this flaw as: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL...

7.5CVSS7.8AI score0.0167EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/25 8:18 p.m.•54 views

CVE-2021-4023

A flaw was found in the io-workqueue implementation in the Linux kernel. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/24 2:8 p.m.•54 views

CVE-2021-3982

Linux distributions using CAPSYSNICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAPSYSNICE is currently implemented and eventually load code to increase its process scheduler priority leading to possib...

5.5CVSS5.9AI score0.00285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/21 7:10 p.m.•54 views

CVE-2021-32280

The transfig package is susceptible to a NULL pointer dereference on crafted input. While translating fig code, patterns which include incomplete closed splines lead to this software flaw. The highest threat from this vulnerability is availability...

4.3CVSS1.6AI score0.00949EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/22 1:30 p.m.•54 views

CVE-2020-2162

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability...

5.4CVSS2.1AI score0.01159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/22 1:14 p.m.•54 views

CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. Mitigation This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the applications ClassPath. Hikari is not packaged as an RPM for Red Hat...

9.8CVSS0.5AI score0.10676EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/18 9:48 a.m.•54 views

CVE-2021-38165

A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. These credentials were included in the Server Name Indication SNI TLS extension data and sent unencrypted during the TLS connection handshake. This could lead to exposure of authentication...

5.3CVSS2.6AI score0.04455EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 6:57 p.m.•54 views

CVE-2020-21675

A stack-based buffer overflow in the genptktext component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ptk format...

5.5CVSS4.5AI score0.01059EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/11 6:20 p.m.•54 views

CVE-2020-21682

A global buffer overflow in the setfill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ge format...

5.5CVSS4.6AI score0.00853EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/08 2:41 a.m.•54 views

CVE-2020-14297

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

4CVSS3.5AI score0.01203EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/02 3:50 p.m.•54 views

CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...

4.3CVSS2.5AI score0.04794EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•54 views

CVE-2021-30761

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this...

8.8CVSS7.4AI score0.10591EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•54 views

CVE-2021-1826

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting...

8.1CVSS2AI score0.01061EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/24 4:42 a.m.•54 views

CVE-2020-15254

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

9.8CVSS2.2AI score0.02776EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/19 12:27 a.m.•54 views

CVE-2021-29956

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will...

4.3CVSS3.6AI score0.0081EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/04/27 7:36 p.m.•54 views

CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application...

8.6CVSS8.2AI score0.0828EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/12 3:29 p.m.•54 views

CVE-2021-20235

There's a flaw in the zeromq server in src/decoderallocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer...

8.1CVSS3.7AI score0.43862EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/12/09 5:44 p.m.•54 views

CVE-2020-8284

A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...

4.3CVSS6.4AI score0.03851EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/12/01 5:29 p.m.•54 views

CVE-2020-29374

An issue was discovered in the Linux kernel related to mm/gup.c and mm/hugememory.c. The getuserpages aka gup implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended read access. Mitigation Mitigation for...

3.3CVSS0.8AI score0.00399EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/10/08 12:34 p.m.•54 views

CVE-2020-25645

A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this...

7.5CVSS7.3AI score0.02433EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/07/14 6:14 p.m.•54 views

CVE-2020-1147

It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core...

6.8CVSS5.8AI score0.94243EPSS
Exploits10References3
RedhatCVE
RedhatCVE
•added 2020/06/18 3:55 p.m.•54 views

CVE-2019-17566

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

5CVSS4.1AI score0.1074EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/06/06 1:56 a.m.•54 views

CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Mitigation To mitigate this flaw, developers should not allow untrusted regular...

7.5CVSS4.3AI score0.04879EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/09 12:21 p.m.•54 views

CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

9.8CVSS1.8AI score0.04293EPSS
Exploits1References2
Total number of security vulnerabilities5000