Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2017/12/12 4:20 p.m.•53 views

CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

9.1CVSS2.4AI score0.78675EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2017/10/16 9:50 a.m.•53 views

CVE-2017-13078

A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way...

8.1CVSS1.9AI score0.0207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2017/07/20 8:49 a.m.•53 views

CVE-2017-7541

Kernel memory corruption due to a buffer overflow was found in brcmfcfg80211mgmttx function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211CMDFRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace...

7.8CVSS3.4AI score0.00547EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/07/18 8:21 p.m.•53 views

CVE-2017-10087

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

9.6CVSS1.8AI score0.02555EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/04/11 8:48 a.m.•53 views

CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

5.5CVSS3AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/08/18 9:3 p.m.•53 views

CVE-2016-6828

A use-after-free vulnerability was found in tcpxmitretransmitqueue and other tcp functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection...

5.5CVSS3.1AI score0.01181EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2016/07/20 7:48 a.m.•53 views

CVE-2016-3610

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598...

9.6CVSS7.4AI score0.0669EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2016/06/07 11:48 a.m.•53 views

CVE-2016-5239

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick...

7.5CVSS4.5AI score0.03162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2015/10/30 10:23 a.m.•53 views

CVE-2008-4109

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...

9.3CVSS8.1AI score0.44963EPSS
Exploits7References2
RedhatCVE
RedhatCVE
•added 2015/10/30 9:25 a.m.•53 views

CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

7.5CVSS8.4AI score0.03486EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/02/03 3:18 p.m.•52 views

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS5.9AI score0.00215EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/05/22 7:37 p.m.•52 views

CVE-2021-29934

An issue was discovered in PartialReader in the uuod crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation...

7.5CVSS6.7AI score0.009EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/05/11 4:10 p.m.•52 views

CVE-2024-13961

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU...

7.8CVSS7.8AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/03 11:8 a.m.•52 views

CVE-2025-27007

Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through = 1.0.82...

9.8CVSS7.4AI score0.5088EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2024/08/07 4:17 p.m.•52 views

CVE-2024-42005

A flaw was found in Django. The QuerySet.values and QuerySet.valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed arg. Mitigation Mitigation for this issue is either not available or the currently available options...

7.3CVSS9.4AI score0.01227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/06/17 10:51 p.m.•52 views

CVE-2024-24790

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

6.7CVSS9.6AI score0.01952EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/06/05 5:34 p.m.•52 views

CVE-2024-5629

A flaw was found in the bson module contained in the python-pymongo package. A malformed BSON file may trigger an exception, leading to a denial of service and eventually sensitive memory data exposure...

4.7CVSS4.5AI score0.00663EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/03/04 5:26 p.m.•52 views

CVE-2024-23307

Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM md, raid, raid5 modules allows Forced Integer Overflow...

4.4CVSS7.2AI score0.0059EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/02/06 12:0 a.m.•52 views

CVE-2023-52426

A flaw was found in Expat libexpat. If XMLDTD is undefined at compile time, a recursive XML Entity Expansion condition can be triggered. This issue may lead to a condition where data is expanded exponentially, which will quickly consume system resources and cause a denial of service. Mitigation...

5.5CVSS5.3AI score0.00373EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/27 7:45 a.m.•52 views

CVE-2023-46118

A flaw was found in the rabbitmq-server. An authenticated user with sufficient credentials can publish very large messages over the HTTP API and cause the target node to be terminated by an "out-of-memory killer" like mechanism...

4.9CVSS6.2AI score0.01077EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/16 4:49 p.m.•52 views

CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

7.5CVSS6.9AI score0.01107EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/28 9:52 a.m.•52 views

CVE-2023-42756

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSETCMDADD and IPSETCMDSWAP can lead to a kernel panic due to the invocation of ipsetput on a wrong set. This issue may allow a local user to crash the system. Mitigation Mitigation for this issue is either...

4.4CVSS5.9AI score0.00275EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/08/08 5:51 p.m.•52 views

CVE-2023-35391

A vulnerability was found in dotnet. This issue exists in .NET 6.0 and .NET 7.0 when using the redis backplane in SignalIR, which may result in information disclosure...

7.1CVSS6.7AI score0.01937EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/07 5:49 a.m.•52 views

CVE-2023-3978

A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...

6.1CVSS6.4AI score0.00843EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/07/17 5:11 p.m.•52 views

CVE-2023-37946

A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain...

8.8CVSS6.9AI score0.00717EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/30 6:17 a.m.•52 views

CVE-2023-36191

A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service DoS attack...

5.5CVSS6.7AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/04 10:21 a.m.•52 views

CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw allows a privileged local user to cause a system crash or other undefined behaviors...

6.7CVSS6.4AI score0.00245EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/04/11 7:0 p.m.•52 views

CVE-2023-1990

A use-after-free flaw was found in ndlcremove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This issue could allow an attacker to crash the system due to a race problem...

5.1CVSS5.7AI score0.0023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/08 3:59 p.m.•52 views

CVE-2023-29017

A flaw was found in vm2 where the component was not properly handling asynchronous errors. This flaw allows a remote, unauthenticated attacker to escape the restrictions of the sandbox and execute code on the host. Mitigation Mitigation for this issue is either not available or the currently...

9.8CVSS9AI score0.63186EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/03/21 4:13 p.m.•52 views

CVE-2022-40540

A flaw was found in the Linux kernel. Memory corruption occurs to the buffer copy without checking the input size while loading firmware in qcommdtreadmetadata in drivers/soc/qcom/mdtloader.c...

7.8CVSS7.6AI score0.00166EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/06 8:59 a.m.•52 views

CVE-2023-1194

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

8.1CVSS6.2AI score0.01077EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/09 4:56 a.m.•53 views

CVE-2023-25165

A flaw was found in the helm package. The 'getHostByName' is a Helm template function introduced in Helm v3 and can accept a hostname and return an IP address for that hostname. To get the IP address, the function performs a DNS lookup. The DNS lookup happens when used with 'helm...

4.3CVSS4.9AI score0.00762EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/30 1:35 p.m.•52 views

CVE-2022-23552

A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-site scripting, where an attacker with an Editor role can add...

7.5CVSS1.7AI score0.02179EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/16 5:5 p.m.•52 views

CVE-2023-0054

An out-of-bounds write flaw was found in Vim, in the dostringsub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vimregsub function when a specially crafted input is processed. This flaw allows an attacker who can...

7.8CVSS7.3AI score0.00469EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/12/14 11:4 a.m.•52 views

CVE-2022-41089

.NET Framework Remote Code Execution Vulnerability...

8.8CVSS8.2AI score0.0113EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/11 4:55 a.m.•52 views

CVE-2022-3755

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

6.5CVSS6.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/09 12:26 p.m.•52 views

CVE-2022-23824

A flaw was found in hw. The AMD CPUs can be attacked similar to the previously known Spectre Variant 2 CVE-2017-5715. This issue affects AMD CPUs where the OS relies on IBPB to flush the return address predictor. As a result, an unprivileged attacker could use this flaw to cross the syscall and...

6.5CVSS6.1AI score0.74041EPSS
Exploits9References5
RedhatCVE
RedhatCVE
•added 2022/10/19 1:17 p.m.•52 views

CVE-2022-42927

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a same-origin policy violation that could have allowed the theft of cross-origin URL entries, leaking the result of a redirect via performance.getEntries...

7.5CVSS3AI score0.00414EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/10/13 5:1 p.m.•52 views

CVE-2022-42722

A flaw was found in P2P-Device in wifi in ieee80211rxhdecrypt in net/mac80211/rx.c in the Linux kernel, leading to a denial of service. Mitigation To mitigate this issue, prevent module mac80211 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel...

5.5CVSS6.5AI score0.00555EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/08/30 6:6 a.m.•52 views

CVE-2022-30689

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3...

5.3CVSS1.8AI score0.01102EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/15 4:7 a.m.•52 views

CVE-2022-31097

A Cross-site scripting XSS vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin. Mitigation Disable Unified alerting. https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/unifiedalerting...

7.3CVSS6.8AI score0.68603EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/23 2:36 p.m.•52 views

CVE-2021-38561

A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of...

7.5CVSS4.3AI score0.01356EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/07 5:19 p.m.•52 views

CVE-2022-28737

A flaw was found in shim during the handling of EFI executables. A crafted EFI image can lead to an overflow in shim. This flaw allows an attacker to perform an out-of-bounds write in memory. A successful attack can lead to data integrity, confidentiality issues, and arbitrary code execution...

7.8CVSS4.3AI score0.00332EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/07 2:27 a.m.•52 views

CVE-2022-1942

An out-of-bounds write vulnerability was found in Vim's vimregsubboth function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an attacker to trick a user into opening a specially crafted file,...

7.8CVSS3.2AI score0.01559EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/05/21 12:15 a.m.•52 views

CVE-2018-17937

gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs...

8.8CVSS7.3AI score0.02656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/03 7:0 a.m.•52 views

CVE-2022-26491

A flaw was found in Pidgin. This issue allows the performance of a man-in-the-middle attack MITM against a client via DNS spoofing if the XMPP connections are not using the Domain Name System Security Extensions DNSSEC...

6.4CVSS2.8AI score0.02419EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/02 12:58 p.m.•52 views

CVE-2022-25844

A flaw was found in the Angular package. The angular package is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value...

7.5CVSS2.6AI score0.04658EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/25 1:22 p.m.•52 views

CVE-2019-25059

Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839...

7.8CVSS1.5AI score0.01756EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/14 10:38 p.m.•52 views

CVE-2022-27449

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemfunc.cc:148, affecting availability...

7.5CVSS4.2AI score0.02211EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/13 11:53 a.m.•52 views

CVE-2022-27382

A flaw was found in MariaDB. A segmentation fault via the component, Itemfield::usedtables/updatedependmapfororder, impacts availability...

7.5CVSS4.3AI score0.01546EPSS
Exploits1References3
Total number of security vulnerabilities5000