Lucene search
K
RedhatcveMost viewed

206360 matches found

RedhatCVE
RedhatCVE
•added 2022/04/07 9:54 a.m.•53 views

CVE-2022-24795

A flaw was found in the YAJL library in the way it reallocates a memory buffer to store more data. A very large input causes the value used to calculate the buffer size to overflow, resulting in a heap-based buffer overflow. Mitigation Avoid passing large inputs to the YAJL library...

7.5CVSS2.9AI score0.03472EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/31 8:43 p.m.•53 views

CVE-2021-33096

A denial-of-service flaw was found due to improper isolation of shared resources in the network on chip for the IntelR 82599 Ethernet Controllers and Adapters. This may allow an authenticated user to potentially create a denial of service via local access. Mitigation Mitigation for this issue is...

5.5CVSS2AI score0.00277EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/22 5:41 p.m.•53 views

CVE-2022-24730

A flaw was found in ArgoCD. This flaw allows an attacker with read-only repository access to leak files from the repo server that the attacker should not have access to. An attacker can send a crafted request to retrieve file contents. This issue results in the disclosure of sensitive information...

7.7CVSS3.5AI score0.0086EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/15 8:8 a.m.•53 views

CVE-2022-0907

A NULL pointer dereference flaw was found in Libtiff. This flaw allows an attacker with a crafted TIFF file to cause a crash that leads to a denial of service...

5.5CVSS5.8AI score0.0127EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/25 3:18 p.m.•53 views

CVE-2022-26125

frrouting is vulnerable to a flaw that can cause buffer overflow through due to incorrect checks on the input packet length when processing type-length-value packets. There is high impact to availability due to the fact that the process up-time can be made unreliable...

7.8CVSS3.9AI score0.01007EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/25 6:48 a.m.•53 views

CVE-2022-0554

A flaw was found in vim that causes an out-of-range pointer offset vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

8.4CVSS3.8AI score0.01607EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/23 2:36 a.m.•53 views

CVE-2022-21655

A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry...

7.5CVSS1.6AI score0.01127EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/17 3:47 p.m.•53 views

CVE-2022-25174

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.5AI score0.01421EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/15 5:47 p.m.•53 views

CVE-2021-45346

A memory leak flaw was found in the SQLite Project via maliciously crafted SQL Queries made via editing the Database File. This flaw allows a malicious user to obtain sensitive information due to a possible query to a record and leaking subsequent bytes of memory that extend beyond the record...

4.3CVSS2.7AI score0.01614EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/02 3:33 p.m.•53 views

CVE-2022-0480

A flaw was found in the filelockinit in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface POSIX file locks. Mitigation Mitigation for this issue is either not available or the currentl...

5.5CVSS0.8AI score0.00272EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/02/01 5:12 p.m.•53 views

CVE-2022-0392

A flaw was found in vim. The vulnerability occurs due to illegal memory access with bracketed paste in Ex mode and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s script...

7.8CVSS5.6AI score0.01514EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/24 8:36 p.m.•53 views

CVE-2022-0261

A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. Mitigation Untrusted vim scripts...

7.8CVSS2.2AI score0.01687EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/24 6:29 p.m.•53 views

CVE-2021-34403

NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service...

7.8CVSS4.7AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/24 4:37 p.m.•53 views

CVE-2022-22822

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality a...

9.8CVSS2.1AI score0.04829EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/18 10:31 p.m.•53 views

CVE-2022-21341

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS4.7AI score0.03765EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/18 5:53 p.m.•53 views

CVE-2022-23219

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clntcreate in the sunrpc's clntgen.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in...

9.8CVSS3.3AI score0.04211EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2021/12/22 7:26 p.m.•53 views

CVE-2021-33430

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In very...

7.5CVSS5.2AI score0.01074EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/22 2:7 p.m.•53 views

CVE-2021-4157

An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication of files with NFS. A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system...

8CVSS0.7AI score0.01584EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/08 2:49 a.m.•53 views

CVE-2021-43536

The Mozilla Foundation Security Advisory describes this flaw as: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL...

7.5CVSS7.8AI score0.0167EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/24 2:8 p.m.•53 views

CVE-2021-3982

Linux distributions using CAPSYSNICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAPSYSNICE is currently implemented and eventually load code to increase its process scheduler priority leading to possib...

5.5CVSS5.9AI score0.00285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/21 3:34 p.m.•53 views

CVE-2021-42779

A heap use after free issue was found in Opensc before version 0.22.0 in scfilevalid...

5.3CVSS0.9AI score0.02051EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/18 11:13 a.m.•53 views

CVE-2021-20322

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

7.4CVSS1.4AI score0.06846EPSS
Exploits1References7
RedhatCVE
RedhatCVE
•added 2021/09/23 4:26 p.m.•53 views

CVE-2021-20317

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while runnin...

4.9CVSS2.3AI score0.0037EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/21 7:10 p.m.•53 views

CVE-2021-32280

The transfig package is susceptible to a NULL pointer dereference on crafted input. While translating fig code, patterns which include incomplete closed splines lead to this software flaw. The highest threat from this vulnerability is availability...

4.3CVSS1.6AI score0.00949EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/17 6:35 p.m.•53 views

CVE-2020-21535

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to the usage of fgets. This leads to a denial of service, impacting availability of the program...

5.5CVSS4.3AI score0.00862EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/15 8:13 p.m.•53 views

CVE-2021-3796

A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.2CVSS5AI score0.01626EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/13 6:54 p.m.•53 views

CVE-2020-19144

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in TIFFmemcpy' funtion in the component 'tifunix.c'...

7.5CVSS5.4AI score0.01594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/02 6:6 p.m.•53 views

CVE-2021-33938

A flaw was found in libsolv. A buffer overflow vulnerability in the prunetorecommend function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS4.4AI score0.01422EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/22 1:30 p.m.•53 views

CVE-2020-2162

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability...

5.4CVSS2.1AI score0.01159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/19 7:3 p.m.•53 views

CVE-2021-23425

A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing. The highest threat from this vulnerability is to system availability...

5.3CVSS4AI score0.01927EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/18 5:12 p.m.•53 views

CVE-2021-0003

A flaw was found in the Linux kernel. This flaw allows a local, authenticated user to enable information disclosure due to an improper conditions check in some IntelR Ethernet Controllers 800 series Linux drivers. The highest threat from this vulnerability is to confidentiality...

5.5CVSS2.9AI score0.00319EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/16 12:55 p.m.•53 views

CVE-2021-3701

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate use...

6.6CVSS3AI score0.00264EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/16 12:54 p.m.•53 views

CVE-2021-3702

A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's privatedatadir the next time ansible-runner made use of the privatedatadir...

6.3CVSS2.4AI score0.00188EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 7:25 p.m.•53 views

CVE-2021-3700

A use-after-free vulnerability was found in usbredir in the usbredirparserserialize function in usbredirparser/usbredirparser.c . This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination...

6.4CVSS4.6AI score0.00309EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 6:57 p.m.•53 views

CVE-2020-21675

A stack-based buffer overflow in the genptktext component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ptk format...

5.5CVSS4.5AI score0.01059EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/11 6:20 p.m.•53 views

CVE-2021-38205

A flaw was found in the Linux kernel that allows attackers to defeat an ASLR protection mechanism because it prints a kernel pointer i.e., the real IOMEM pointer. The highest threat from this vulnerability is to confidentiality. Mitigation Mitigation for this issue is either not available or the...

3.3CVSS1.6AI score0.00328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/08 2:41 a.m.•53 views

CVE-2020-14297

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

4CVSS3.5AI score0.01203EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/02 3:50 p.m.•53 views

CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...

4.3CVSS2.5AI score0.04794EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/07/28 1:54 p.m.•53 views

CVE-2021-30795

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution...

9.3CVSS2.9AI score0.02164EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•53 views

CVE-2021-30761

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this...

8.8CVSS7.4AI score0.10591EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/07/18 12:13 a.m.•53 views

CVE-2019-12086

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

7.5CVSS1.5AI score0.21949EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2021/07/08 10:51 a.m.•53 views

CVE-2021-35197

An improper authorization vulnerability was found in mediawiki. Mediawiki bots may have unintended API access even when a sitewide block has been applied. An attacker can use this vulnerability to potentially utilize a bot to access the mediawiki API and conduct actions like purge pages...

7.5CVSS4AI score0.01943EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/06/11 9:48 a.m.•53 views

CVE-2021-32399

A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...

7CVSS1.3AI score0.00691EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/06/01 2:19 p.m.•53 views

CVE-2021-28091

An XML Signature Wrapping XSW vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability...

8.8CVSS3.5AI score0.01325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/24 4:42 a.m.•53 views

CVE-2020-15254

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

9.8CVSS2.2AI score0.02743EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/19 12:25 a.m.•53 views

CVE-2021-22904

A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible DoS vulnerability was found in the Token Authentication logic in Action Controller...

7.5CVSS1.7AI score0.04808EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/04/29 11:59 p.m.•53 views

CVE-2021-31879

A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password...

6.5CVSS0.2AI score0.01104EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/05 8:58 p.m.•53 views

CVE-2020-28502

An arbitrary code injection vulnerability was found in nodejs-xmlhttprequest. For this vulnerability to occur, the connection must be initialized during the function call XMLHttpRequest.open to send requests synchronously using the parameter async=False. If the subsequent calls to xhr.send...

8.1CVSS3.2AI score0.04646EPSS
Exploits2References5
RedhatCVE
RedhatCVE
•added 2021/03/05 7:4 p.m.•53 views

CVE-2021-27364

A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability. Mitigation The LIBISCSI module will be...

7.1CVSS7.1AI score0.00957EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/02/15 8:5 p.m.•53 views

CVE-2021-23336

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

5.9CVSS2.8AI score0.35963EPSS
Exploits1References4
Total number of security vulnerabilities5000