Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2023/12/20 11:33 a.m.•53 views

CVE-2023-6856

The Mozilla Foundation Security Advisory describes this flaw as: The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape...

8.8CVSS8.2AI score0.20472EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/12/09 1:26 a.m.•53 views

CVE-2023-6394

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...

7.4CVSS7AI score0.00814EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/16 1:45 p.m.•53 views

CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

4.7CVSS4.6AI score0.00251EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/30 1:43 p.m.•53 views

CVE-2023-34059

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

7.4CVSS7.1AI score0.00402EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/09 7:54 a.m.•53 views

CVE-2023-39194

A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, potentially leadi...

3.2CVSS5.6AI score0.00417EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/09 8:49 p.m.•53 views

CVE-2023-39978

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service memory consumption in Magick::Draw...

3.3CVSS6.5AI score0.00312EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/08/08 10:18 p.m.•53 views

CVE-2023-35946

A flaw was found in Gradle that permits directory traversal in its evaluation of repository paths. This issue could allow a local attacker to overwrite a file in the dependency cache with malicious code. Mitigation Users unable to upgrade should use dependency verification to make this...

5.5CVSS6.5AI score0.00286EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/21 7:16 a.m.•53 views

CVE-2023-35141

A flaw was found in Jenkins and Jenkins Long-Term Support LTS, where it could allow a remote, authenticated attacker to bypass security restrictions caused by the inclusion of insufficiently escaped user-provided values in part of the URL. An attacker can send a POST request to an unexpected...

8CVSS6.6AI score0.0086EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/08 1:44 p.m.•53 views

CVE-2023-3164

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file...

5.5CVSS6.5AI score0.00317EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/12 12:23 p.m.•53 views

CVE-2023-2680

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750...

7.5CVSS7.9AI score0.0053EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/03/22 5:43 p.m.•53 views

CVE-2022-4744

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the registernetdevice function fails NETDEVREGISTER notifier. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To...

7.8CVSS7.3AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/20 8:43 a.m.•53 views

CVE-2022-48423

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur...

7CVSS7.7AI score0.00266EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/19 6:13 p.m.•53 views

CVE-2023-26607

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfsattrfind in fs/ntfs/attrib.c...

7.1CVSS6.8AI score0.00608EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/03/14 11:43 p.m.•53 views

CVE-2022-41723

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS7.4AI score0.04561EPSS
Exploits0References10
RedhatCVE
RedhatCVE
•added 2023/03/09 12:14 a.m.•53 views

CVE-2023-27530

A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than...

7.5CVSS7.3AI score0.0183EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/01 6:6 p.m.•53 views

CVE-2023-22995

A memory overflow flaw was found in the Linux kernel’s Dual Role SuperSpeed USB controller driver in how a user registers a new USB device, which fails. This flaw allows a local user to crash the system...

4.7CVSS7.1AI score0.00301EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/01 2:29 a.m.•53 views

CVE-2022-33891

A flaw was found in Apache Spark. This flaw allows a malicious user to impersonate another user and jeopardize the environment by executing shell commands...

8.8CVSS4.8AI score0.92984EPSS
Exploits12References4
RedhatCVE
RedhatCVE
•added 2023/02/17 12:0 p.m.•53 views

CVE-2023-0568

A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which...

7.5CVSS7.9AI score0.01242EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/02/15 7:32 a.m.•53 views

CVE-2023-24580

A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service...

7.5CVSS7.2AI score0.62575EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/07 11:26 a.m.•53 views

CVE-2023-23518

A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target system...

8.8CVSS8.7AI score0.00902EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/26 2:35 p.m.•53 views

CVE-2023-22795

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

7.5CVSS7.2AI score0.02278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 4:5 a.m.•53 views

CVE-2023-24422

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

8.8CVSS9.1AI score0.00585EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/23 7:35 a.m.•53 views

CVE-2023-0288

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189...

7.3CVSS7.6AI score0.00467EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/19 12:6 p.m.•53 views

CVE-2023-23605

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

8.8CVSS2.6AI score0.00702EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/01/19 12:6 p.m.•53 views

CVE-2023-23598

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...

7.5CVSS2.3AI score0.00641EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/12/26 1:4 p.m.•53 views

CVE-2022-4742

A flaw was found in the json-pointer package. The affected versions of this package are vulnerable to prototype pollution vulnerability...

9.8CVSS4.7AI score0.01005EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/26 12:34 p.m.•53 views

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...

7.5CVSS7.8AI score0.01589EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/12/21 9:36 a.m.•53 views

CVE-2022-43552

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

5.9CVSS6.7AI score0.02511EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/12/20 5:5 p.m.•53 views

CVE-2022-38398

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...

5.3CVSS3.5AI score0.02017EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2022/12/14 4:5 p.m.•53 views

CVE-2022-46875

The Mozilla Foundation Security Advisory describes this flaw as: The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected...

6.1CVSS2.7AI score0.00634EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/11/03 9:26 p.m.•53 views

CVE-2022-3854

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...

5CVSS6.4AI score0.00564EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/26 2:53 p.m.•53 views

CVE-2022-3697

A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs...

5.7CVSS2.8AI score0.00712EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/24 8:18 p.m.•53 views

CVE-2022-41974

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

7.8CVSS7.6AI score0.00658EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2022/10/20 1:59 a.m.•53 views

CVE-2022-2832

A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/glbackend.cc that may lead to loss of confidentiality and integrity...

5.1CVSS3AI score0.01454EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/10/19 2:47 p.m.•53 views

CVE-2022-25897

A flaw was found in the Eclipse Milo SDK Server. This flaw allows an attacker to consume the application memory, leading to a denial of service by sending specific requests...

7.5CVSS3.4AI score0.00981EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/14 6:29 a.m.•53 views

CVE-2022-39283

A vulnerability was found in FreeRDP where all clients using the /video command line switch might read uninitialized data, decode it as audio/video and display the result, leading to information disclosure. Mitigation Workaround: Do not use the /video switch...

7.5CVSS7.4AI score0.00985EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/13 1:29 p.m.•53 views

CVE-2022-41674

A buffer overflow flaw was found in the u8 overflow in cfg80211updatenotlistednontrans in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows an attacker to crash the system or leak internal kernel information. Mitigation Mitigation for this issue is either not available...

7.3CVSS8AI score0.03763EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/29 2:49 p.m.•53 views

CVE-2022-1923

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using bzip decompression. This vulnerability can result in application crash, memory corruption, and code execution...

7.8CVSS7.6AI score0.00409EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/26 6:19 a.m.•53 views

CVE-2022-38752

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...

6.5CVSS6.7AI score0.02091EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/23 2:18 p.m.•53 views

CVE-2022-3234

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483...

7.8CVSS2.7AI score0.00501EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/09/21 3:49 p.m.•53 views

CVE-2022-3260

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks...

6.5CVSS3.4AI score0.00432EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/09/21 2:19 p.m.•53 views

CVE-2022-40958

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that by injecting a cookie with certain special characters, an attacker on a shared subdomain, which is not a secure context, could set and overwrite cookies from a secure context, leading to session fixatio...

6.1CVSS4.1AI score0.01104EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/14 1:14 p.m.•53 views

CVE-2022-37734

A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation...

7.5CVSS4.3AI score0.02121EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/09/01 9:54 a.m.•53 views

CVE-2022-3033

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...

7.5CVSS0.9AI score0.00768EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/08/19 5:39 a.m.•53 views

CVE-2022-36884

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

5.3CVSS3AI score0.00853EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/19 4:38 a.m.•53 views

CVE-2022-30945

A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded...

8.5CVSS1.2AI score0.01244EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/09 3:36 p.m.•53 views

CVE-2022-2047

A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario...

2.7CVSS0.5AI score0.01173EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/09 9:36 a.m.•53 views

CVE-2022-30698

A flaw was found in Unbound, which is vulnerable to a novel type of "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates...

6.5CVSS1AI score0.00868EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/04 11:40 a.m.•53 views

CVE-2022-21569

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS2.4AI score0.01169EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/15 7:35 a.m.•53 views

CVE-2022-32323

A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash...

7.3CVSS4.6AI score0.00759EPSS
Exploits0References3
Total number of security vulnerabilities5000