Lucene search
K
RedhatcveMost viewed

206514 matches found

RedhatCVE
RedhatCVE
•added 2017/09/01 4:48 p.m.•54 views

CVE-2017-14106

A divide-by-zero vulnerability was found in the tcpselectwindow function in the Linux kernel. This can result in a kernel panic causing a local denial of service...

5.5CVSS2.8AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/07/20 12:48 p.m.•54 views

CVE-2017-10684

In ncurses 6.0, there is a stack-based buffer overflow in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

9.8CVSS7.5AI score0.04876EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/07/20 8:49 a.m.•54 views

CVE-2017-7541

Kernel memory corruption due to a buffer overflow was found in brcmfcfg80211mgmttx function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211CMDFRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace...

7.8CVSS3.4AI score0.00547EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/06/19 3:18 p.m.•54 views

CVE-2017-1000366

A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...

7.8CVSS1.4AI score0.05186EPSS
Exploits17References2
RedhatCVE
RedhatCVE
•added 2016/10/10 8:17 a.m.•54 views

CVE-2016-5425

It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

7.8CVSS1.7AI score0.03782EPSS
Exploits8References2
RedhatCVE
RedhatCVE
•added 2025/12/04 12:11 a.m.•53 views

CVE-2025-50361

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v1228, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash...

5.1CVSS6.7AI score0.0018EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2025/04/12 5:5 a.m.•53 views

CVE-2025-3102

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secretkey' value in the 'autheticateuser' function in all versions up to, and including, 1.0.78. Th...

8.1CVSS7.4AI score0.76126EPSS
Exploits8References1
RedhatCVE
RedhatCVE
•added 2025/03/17 12:17 a.m.•53 views

CVE-2025-30066

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code...

8.6CVSS7AI score0.41008EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2025/03/14 7:56 p.m.•53 views

CVE-2025-2078

The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

4.8CVSS5.7AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/08/09 10:19 a.m.•53 views

CVE-2024-42257

In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostrpad for svolumename As with the other strings in struct ext4superblock, svolumename is not NUL terminated. The other strings were marked in commit 072ebb3bffe6 "ext4: add nonstring annotations to ext4.h". Using...

5.5CVSS7.2AI score0.00202EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/08/07 4:17 p.m.•53 views

CVE-2024-42005

A flaw was found in Django. The QuerySet.values and QuerySet.valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed arg. Mitigation Mitigation for this issue is either not available or the currently available options...

7.3CVSS9.4AI score0.01227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/06/17 10:51 p.m.•53 views

CVE-2024-24790

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

6.7CVSS9.6AI score0.01952EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/05/23 11:54 p.m.•53 views

CVE-2024-4947

A type confusion vulnerability was found in the Chromium web browser. This flaw allows an unauthenticated, remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Mitigation Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an...

8.8CVSS8.7AI score0.15111EPSS
Exploits2References5
RedhatCVE
RedhatCVE
•added 2024/05/01 5:22 p.m.•53 views

CVE-2024-26945

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix nrcpus nriaa case If nrcpus nriaa, the calculated cpusperiaa will be 0, which causes a divide-by-0 in rebalancewqtable. Make sure cpusperiaa is 1 in that case, and also in the nriaa == 0 case, even though...

5.5CVSS7.1AI score0.00238EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/01 2:52 p.m.•53 views

CVE-2024-27099

A double free vulnerability was found in python-uamqp-azure affecting the embedded azure-uamqp-c library at the link.c file. If some uncommon conditions are met, an authenticated user may cause remote code execution...

6CVSS7.3AI score0.01418EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/03/13 12:12 p.m.•53 views

CVE-2024-21392

A vulnerability was found in dotnet. The YARP HTTP/2 WebSocket support in .NET Core can cause a denial of service DoS. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and...

7.5CVSS7.1AI score0.03065EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/29 3:32 p.m.•53 views

CVE-2024-26607

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: 53.271356 sii902xgetedid+0x34/0x70 sii902x 53.276066 sii902xbridgegetedid+0x14/0x20 sii90...

4.4CVSS6.5AI score0.00232EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/20 4:26 p.m.•53 views

CVE-2024-1481

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. Mitigation Mitigation for this issue is either not available or the...

5.3CVSS5.3AI score0.0111EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/01/15 3:25 p.m.•53 views

CVE-2024-0562

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

7.8CVSS7.3AI score0.00254EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/20 11:33 a.m.•53 views

CVE-2023-6856

The Mozilla Foundation Security Advisory describes this flaw as: The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape...

8.8CVSS8.2AI score0.20472EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/12/09 1:26 a.m.•53 views

CVE-2023-6394

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...

7.4CVSS7AI score0.00814EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/16 1:45 p.m.•53 views

CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

4.7CVSS4.6AI score0.00251EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/09 7:54 a.m.•53 views

CVE-2023-39194

A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, potentially leadi...

3.2CVSS5.6AI score0.00417EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/28 9:52 a.m.•53 views

CVE-2023-42756

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSETCMDADD and IPSETCMDSWAP can lead to a kernel panic due to the invocation of ipsetput on a wrong set. This issue may allow a local user to crash the system. Mitigation Mitigation for this issue is either...

4.4CVSS5.9AI score0.00275EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/08/09 8:49 p.m.•53 views

CVE-2023-39978

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service memory consumption in Magick::Draw...

3.3CVSS6.5AI score0.00312EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/08/08 10:18 p.m.•53 views

CVE-2023-35946

A flaw was found in Gradle that permits directory traversal in its evaluation of repository paths. This issue could allow a local attacker to overwrite a file in the dependency cache with malicious code. Mitigation Users unable to upgrade should use dependency verification to make this...

5.5CVSS6.5AI score0.00286EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/21 7:16 a.m.•53 views

CVE-2023-35141

A flaw was found in Jenkins and Jenkins Long-Term Support LTS, where it could allow a remote, authenticated attacker to bypass security restrictions caused by the inclusion of insufficiently escaped user-provided values in part of the URL. An attacker can send a POST request to an unexpected...

8CVSS6.6AI score0.0086EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/08 1:44 p.m.•53 views

CVE-2023-3164

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file...

5.5CVSS6.5AI score0.00317EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/12 12:23 p.m.•53 views

CVE-2023-2680

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750...

7.5CVSS7.9AI score0.0053EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/03/22 5:43 p.m.•53 views

CVE-2022-4744

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the registernetdevice function fails NETDEVREGISTER notifier. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To...

7.8CVSS7.3AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/20 8:43 a.m.•53 views

CVE-2022-48423

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur...

7CVSS7.7AI score0.00266EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/19 6:13 p.m.•53 views

CVE-2023-26607

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfsattrfind in fs/ntfs/attrib.c...

7.1CVSS6.8AI score0.00608EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/03/14 11:43 p.m.•53 views

CVE-2022-41723

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS7.4AI score0.04561EPSS
Exploits0References10
RedhatCVE
RedhatCVE
•added 2023/03/09 12:14 a.m.•53 views

CVE-2023-27530

A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than...

7.5CVSS7.3AI score0.0183EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/01 6:6 p.m.•53 views

CVE-2023-22995

A memory overflow flaw was found in the Linux kernel’s Dual Role SuperSpeed USB controller driver in how a user registers a new USB device, which fails. This flaw allows a local user to crash the system...

4.7CVSS7.1AI score0.00301EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/01 2:29 a.m.•53 views

CVE-2022-33891

A flaw was found in Apache Spark. This flaw allows a malicious user to impersonate another user and jeopardize the environment by executing shell commands...

8.8CVSS4.8AI score0.92984EPSS
Exploits12References4
RedhatCVE
RedhatCVE
•added 2023/02/17 12:0 p.m.•53 views

CVE-2023-0568

A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which...

7.5CVSS7.9AI score0.01242EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/02/07 11:26 a.m.•53 views

CVE-2023-23518

A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target system...

8.8CVSS8.7AI score0.00902EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/26 2:35 p.m.•53 views

CVE-2023-22795

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

7.5CVSS7.2AI score0.02278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/23 7:35 a.m.•53 views

CVE-2023-0288

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189...

7.3CVSS7.6AI score0.00467EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/19 12:6 p.m.•53 views

CVE-2023-23598

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...

7.5CVSS2.3AI score0.00641EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/12/26 1:4 p.m.•53 views

CVE-2022-4742

A flaw was found in the json-pointer package. The affected versions of this package are vulnerable to prototype pollution vulnerability...

9.8CVSS4.7AI score0.01005EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/26 12:34 p.m.•53 views

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...

7.5CVSS7.8AI score0.01589EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/12/21 9:36 a.m.•53 views

CVE-2022-43552

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

5.9CVSS6.7AI score0.02511EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/12/20 5:5 p.m.•53 views

CVE-2022-38398

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...

5.3CVSS3.5AI score0.02017EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2022/12/14 4:5 p.m.•53 views

CVE-2022-46875

The Mozilla Foundation Security Advisory describes this flaw as: The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected...

6.1CVSS2.7AI score0.00634EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/12/14 11:4 a.m.•53 views

CVE-2022-41089

.NET Framework Remote Code Execution Vulnerability...

8.8CVSS8.2AI score0.0113EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/03 9:26 p.m.•53 views

CVE-2022-3854

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...

5CVSS6.4AI score0.00564EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/26 2:53 p.m.•53 views

CVE-2022-3697

A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs...

5.7CVSS2.8AI score0.00712EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/20 1:59 a.m.•53 views

CVE-2022-2832

A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/glbackend.cc that may lead to loss of confidentiality and integrity...

5.1CVSS3AI score0.01454EPSS
Exploits1References3
Total number of security vulnerabilities5000