Lucene search
K
RedhatcveMost viewed

206305 matches found

RedhatCVE
RedhatCVE
•added 2022/12/14 4:5 p.m.•52 views

CVE-2022-46875

The Mozilla Foundation Security Advisory describes this flaw as: The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected...

6.1CVSS2.7AI score0.00634EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/12/14 11:4 a.m.•52 views

CVE-2022-41089

.NET Framework Remote Code Execution Vulnerability...

8.8CVSS8.2AI score0.0113EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/09 12:26 p.m.•52 views

CVE-2022-23824

A flaw was found in hw. The AMD CPUs can be attacked similar to the previously known Spectre Variant 2 CVE-2017-5715. This issue affects AMD CPUs where the OS relies on IBPB to flush the return address predictor. As a result, an unprivileged attacker could use this flaw to cross the syscall and...

6.5CVSS6.1AI score0.74041EPSS
Exploits9References5
RedhatCVE
RedhatCVE
•added 2022/11/03 9:26 p.m.•52 views

CVE-2022-3854

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...

5CVSS6.4AI score0.00564EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/26 2:53 p.m.•52 views

CVE-2022-3697

A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs...

5.7CVSS2.8AI score0.00712EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/14 6:29 a.m.•52 views

CVE-2022-39283

A vulnerability was found in FreeRDP where all clients using the /video command line switch might read uninitialized data, decode it as audio/video and display the result, leading to information disclosure. Mitigation Workaround: Do not use the /video switch...

7.5CVSS7.4AI score0.00985EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/13 5:1 p.m.•52 views

CVE-2022-42722

A flaw was found in P2P-Device in wifi in ieee80211rxhdecrypt in net/mac80211/rx.c in the Linux kernel, leading to a denial of service. Mitigation To mitigate this issue, prevent module mac80211 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel...

5.5CVSS6.5AI score0.00555EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/29 2:49 p.m.•52 views

CVE-2022-1923

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using bzip decompression. This vulnerability can result in application crash, memory corruption, and code execution...

7.8CVSS7.6AI score0.00409EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/26 12:19 p.m.•52 views

CVE-2022-3278

A NULL pointer dereference vulnerability was found in Vim's evalnextnonblank function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that cause...

5.5CVSS3.2AI score0.0082EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/26 6:19 a.m.•52 views

CVE-2022-38752

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...

6.5CVSS6.7AI score0.02015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/21 2:19 p.m.•52 views

CVE-2022-40958

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that by injecting a cookie with certain special characters, an attacker on a shared subdomain, which is not a secure context, could set and overwrite cookies from a secure context, leading to session fixatio...

6.1CVSS4.1AI score0.01104EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/14 1:14 p.m.•52 views

CVE-2022-37734

A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation...

7.5CVSS4.3AI score0.02121EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/09/01 9:54 a.m.•52 views

CVE-2022-3033

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...

7.5CVSS0.9AI score0.00768EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/08/30 6:6 a.m.•52 views

CVE-2022-30689

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3...

5.3CVSS1.8AI score0.01102EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/19 5:39 a.m.•52 views

CVE-2022-36884

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

5.3CVSS3AI score0.00853EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/19 4:38 a.m.•52 views

CVE-2022-30945

A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded...

8.5CVSS1.2AI score0.01244EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/15 7:35 a.m.•52 views

CVE-2022-32323

A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash...

7.3CVSS4.6AI score0.00759EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/06 11:27 p.m.•52 views

CVE-2022-28948

A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert or deserialize invalid input data, potentially impacting system stability and reliability...

7.5CVSS7.3AI score0.035EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/25 2:33 p.m.•52 views

CVE-2022-1871

No description is available for this CVE...

1.3AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/25 2:31 p.m.•52 views

CVE-2022-1860

No description is available for this CVE...

1.3AI score0.00676EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/25 2:30 p.m.•52 views

CVE-2022-1856

No description is available for this CVE...

1.3AI score0.00498EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/25 2:30 p.m.•52 views

CVE-2022-1855

No description is available for this CVE...

1.3AI score0.0077EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:23 a.m.•52 views

CVE-2022-1640

No description is available for this CVE...

1.3AI score0.00735EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:15 a.m.•52 views

CVE-2018-17937

gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs...

8.8CVSS7.3AI score0.02656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/18 10:42 p.m.•52 views

CVE-2022-1343

A flaw was found in OpenSSL's Online Certificate Status Protocol OCSP response functionality in the signer certificate verification routines. This flaw could result in a linked application falsely believing that an x.509 Digital Certificate is either "good" or "unknown" when revoked and requires...

5.3CVSS2.6AI score0.01174EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/14 11:41 a.m.•52 views

CVE-2020-7238

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling. Mitigation Use HTTP/2 instead clear boundaries between requests Disable reuse of backend connections eg. http-reuse never in HAProxy or whatever equivalent LB settings...

7.5CVSS1.1AI score0.08415EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/05/14 11:32 a.m.•52 views

CVE-2020-11619

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, we...

8.1CVSS2.2AI score0.03607EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/11 8:1 a.m.•52 views

CVE-2022-27778

A vulnerability was found in curl. The issue occurs when removing the wrong file when "--no-clobber" is used together with "--remove-on-error." This flaw leads to removing files by mistake or by a malicious actor. Mitigation Do not use "--no-clobber" with "--remove-on-error"...

8.1CVSS7.6AI score0.03453EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/06 12:39 p.m.•52 views

CVE-2022-30294

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this candidate...

7.5CVSS8AI score0.02158EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/05/03 9:34 p.m.•52 views

CVE-2022-0839

A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...

9.8CVSS4.4AI score0.02921EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/03 7:0 a.m.•52 views

CVE-2022-26491

A flaw was found in Pidgin. This issue allows the performance of a man-in-the-middle attack MITM against a client via DNS spoofing if the XMPP connections are not using the Domain Name System Security Extensions DNSSEC...

6.4CVSS2.8AI score0.02419EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/02 12:58 p.m.•52 views

CVE-2022-25844

A flaw was found in the Angular package. The angular package is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value...

7.5CVSS2.6AI score0.04658EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/25 1:22 p.m.•52 views

CVE-2019-25059

Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839...

7.8CVSS1.5AI score0.01756EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/21 10:58 p.m.•52 views

CVE-2022-24675

A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...

7.5CVSS4AI score0.05335EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/04/13 11:53 a.m.•52 views

CVE-2022-27381

A flaw was found in MariaDB. The component, Field::setdefault, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

7.5CVSS7.5AI score0.02159EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/11 12:50 p.m.•52 views

CVE-2022-28346

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

9.8CVSS3.5AI score0.18516EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2022/03/24 7:5 p.m.•52 views

CVE-2022-1048

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges ...

7CVSS0.6AI score0.00236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/22 5:41 p.m.•52 views

CVE-2022-24730

A flaw was found in ArgoCD. This flaw allows an attacker with read-only repository access to leak files from the repo server that the attacker should not have access to. An attacker can send a crafted request to retrieve file contents. This issue results in the disclosure of sensitive information...

7.7CVSS3.5AI score0.0086EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/11 6:14 p.m.•52 views

CVE-2022-26336

A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files Microsoft Outlook and Microsoft Exchange Server. If an application uses poi-scratchpad to parse TNEF files and the application allows...

5.5CVSS3.7AI score0.0152EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/04 5:51 p.m.•52 views

CVE-2022-21716

An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived function. This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory and crash the server...

7.5CVSS3.6AI score0.03608EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/23 2:36 a.m.•52 views

CVE-2022-21655

A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry...

7.5CVSS1.6AI score0.01127EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/21 7:30 a.m.•52 views

CVE-2021-45081

A flaw was found in cobbler. The vulnerability occurs due to unsafe protocol usage and leads to cleartext transmission. This flaw allows an attacker to interact and see sensitive cleartext transmissions...

5.9CVSS4.5AI score0.00897EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/20 2:42 p.m.•52 views

CVE-2022-0500

A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. Mitigation The default Red Hat...

7.8CVSS1.7AI score0.00346EPSS
Exploits0References10
RedhatCVE
RedhatCVE
•added 2022/02/15 5:47 p.m.•52 views

CVE-2021-45346

A memory leak flaw was found in the SQLite Project via maliciously crafted SQL Queries made via editing the Database File. This flaw allows a malicious user to obtain sensitive information due to a possible query to a record and leaking subsequent bytes of memory that extend beyond the record...

4.3CVSS2.7AI score0.01614EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/03 5:15 a.m.•52 views

CVE-2021-46662

MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...

5.5CVSS4AI score0.00391EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/24 8:36 p.m.•52 views

CVE-2022-0261

A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. Mitigation Untrusted vim scripts...

7.8CVSS2.2AI score0.01687EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/24 4:37 p.m.•52 views

CVE-2022-22822

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality a...

9.8CVSS2.1AI score0.04829EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/22 7:26 p.m.•52 views

CVE-2021-33430

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In very...

7.5CVSS5.2AI score0.01074EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/10/21 3:34 p.m.•52 views

CVE-2021-42779

A heap use after free issue was found in Opensc before version 0.22.0 in scfilevalid...

5.3CVSS0.9AI score0.01938EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/23 4:26 p.m.•52 views

CVE-2021-20317

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while runnin...

4.9CVSS2.3AI score0.0037EPSS
Exploits0References4
Total number of security vulnerabilities5000