Lucene search
K
RedhatcveMost viewed

206341 matches found

RedhatCVE
RedhatCVE
•added 2023/03/14 11:43 p.m.•52 views

CVE-2022-41723

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS7.4AI score0.04561EPSS
Exploits0References10
RedhatCVE
RedhatCVE
•added 2023/02/09 4:56 a.m.•53 views

CVE-2023-25165

A flaw was found in the helm package. The 'getHostByName' is a Helm template function introduced in Helm v3 and can accept a hostname and return an IP address for that hostname. To get the IP address, the function performs a DNS lookup. The DNS lookup happens when used with 'helm...

4.3CVSS4.9AI score0.00762EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/16 5:5 p.m.•52 views

CVE-2023-0054

An out-of-bounds write flaw was found in Vim, in the dostringsub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vimregsub function when a specially crafted input is processed. This flaw allows an attacker who can...

7.8CVSS7.3AI score0.00469EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/12/14 11:4 a.m.•52 views

CVE-2022-41089

.NET Framework Remote Code Execution Vulnerability...

8.8CVSS8.2AI score0.0113EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/09 12:26 p.m.•52 views

CVE-2022-23824

A flaw was found in hw. The AMD CPUs can be attacked similar to the previously known Spectre Variant 2 CVE-2017-5715. This issue affects AMD CPUs where the OS relies on IBPB to flush the return address predictor. As a result, an unprivileged attacker could use this flaw to cross the syscall and...

6.5CVSS6.1AI score0.74041EPSS
Exploits9References5
RedhatCVE
RedhatCVE
•added 2022/10/19 1:17 p.m.•52 views

CVE-2022-42927

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a same-origin policy violation that could have allowed the theft of cross-origin URL entries, leaking the result of a redirect via performance.getEntries...

7.5CVSS3AI score0.00414EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/10/13 5:1 p.m.•52 views

CVE-2022-42722

A flaw was found in P2P-Device in wifi in ieee80211rxhdecrypt in net/mac80211/rx.c in the Linux kernel, leading to a denial of service. Mitigation To mitigate this issue, prevent module mac80211 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel...

5.5CVSS6.5AI score0.00555EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/26 12:19 p.m.•52 views

CVE-2022-3278

A NULL pointer dereference vulnerability was found in Vim's evalnextnonblank function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that cause...

5.5CVSS3.2AI score0.0082EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/08/30 6:6 a.m.•52 views

CVE-2022-30689

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3...

5.3CVSS1.8AI score0.01102EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/23 2:36 p.m.•52 views

CVE-2021-38561

A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of...

7.5CVSS4.3AI score0.01356EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/07 5:19 p.m.•52 views

CVE-2022-28737

A flaw was found in shim during the handling of EFI executables. A crafted EFI image can lead to an overflow in shim. This flaw allows an attacker to perform an out-of-bounds write in memory. A successful attack can lead to data integrity, confidentiality issues, and arbitrary code execution...

7.8CVSS4.3AI score0.00332EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/07 2:27 a.m.•52 views

CVE-2022-1942

An out-of-bounds write vulnerability was found in Vim's vimregsubboth function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an attacker to trick a user into opening a specially crafted file,...

7.8CVSS3.2AI score0.01559EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/05/21 12:15 a.m.•52 views

CVE-2018-17937

gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs...

8.8CVSS7.3AI score0.02656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/03 9:34 p.m.•52 views

CVE-2022-0839

A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...

9.8CVSS4.4AI score0.02921EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/03 7:0 a.m.•52 views

CVE-2022-26491

A flaw was found in Pidgin. This issue allows the performance of a man-in-the-middle attack MITM against a client via DNS spoofing if the XMPP connections are not using the Domain Name System Security Extensions DNSSEC...

6.4CVSS2.8AI score0.02419EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/02 12:58 p.m.•52 views

CVE-2022-25844

A flaw was found in the Angular package. The angular package is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value...

7.5CVSS2.6AI score0.04658EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/25 1:22 p.m.•52 views

CVE-2019-25059

Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839...

7.8CVSS1.5AI score0.01756EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/14 10:38 p.m.•52 views

CVE-2022-27449

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemfunc.cc:148, affecting availability...

7.5CVSS4.2AI score0.02211EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/13 11:53 a.m.•52 views

CVE-2022-27382

A flaw was found in MariaDB. A segmentation fault via the component, Itemfield::usedtables/updatedependmapfororder, impacts availability...

7.5CVSS4.3AI score0.01546EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/13 11:53 a.m.•52 views

CVE-2022-27381

A flaw was found in MariaDB. The component, Field::setdefault, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

7.5CVSS7.5AI score0.02159EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/11 12:50 p.m.•52 views

CVE-2022-28346

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

9.8CVSS3.5AI score0.18516EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2022/04/08 12:38 p.m.•52 views

CVE-2022-1278

A flaw was found in WildFly. This flaw allows an attacker to see deployment names, endpoints, and any other data the trace payload may contain...

7.5CVSS3.3AI score0.00722EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/06 2:50 p.m.•52 views

CVE-2022-24713

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those tunable mitigations already provide sane defaults to preven...

7.5CVSS3.9AI score0.1446EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/24 7:5 p.m.•52 views

CVE-2022-1048

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges ...

7CVSS0.6AI score0.00236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/15 10:15 p.m.•52 views

CVE-2021-44269

A heap out-of-bounds read flaw was found in WavPacks' WavpackPackSamples function of src/packutils.c and only affects the command-line program of WavPack not libwavpack. This flaw allows an attacker to exploit this flaw for a website that uses the WavPack command-line program on user-provided...

5.5CVSS3AI score0.01155EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/11 6:14 p.m.•52 views

CVE-2022-26336

A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files Microsoft Outlook and Microsoft Exchange Server. If an application uses poi-scratchpad to parse TNEF files and the application allows...

5.5CVSS3.7AI score0.0152EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/09 12:44 p.m.•52 views

CVE-2022-26384

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

9.6CVSS2.2AI score0.00931EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/03/04 5:51 p.m.•52 views

CVE-2022-21716

An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived function. This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory and crash the server...

7.5CVSS3.6AI score0.03608EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/21 7:30 a.m.•52 views

CVE-2021-45081

A flaw was found in cobbler. The vulnerability occurs due to unsafe protocol usage and leads to cleartext transmission. This flaw allows an attacker to interact and see sensitive cleartext transmissions...

5.9CVSS4.5AI score0.00897EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/20 2:42 p.m.•52 views

CVE-2022-0500

A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. Mitigation The default Red Hat...

7.8CVSS1.7AI score0.00346EPSS
Exploits0References10
RedhatCVE
RedhatCVE
•added 2022/02/17 3:20 p.m.•52 views

CVE-2022-25175

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

8.8CVSS5.2AI score0.01382EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/03 5:15 a.m.•52 views

CVE-2021-46662

MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...

5.5CVSS4AI score0.00391EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/03 4:4 p.m.•52 views

CVE-2021-4197

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...

7.8CVSS2.8AI score0.00541EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/22 2:7 p.m.•52 views

CVE-2021-4157

An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication of files with NFS. A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system...

8CVSS0.7AI score0.01584EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/14 6:18 p.m.•52 views

CVE-2021-43818

There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can...

8.8CVSS0.5AI score0.02456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/04 4:52 p.m.•52 views

CVE-2021-21696

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

9.8CVSS9.2AI score0.0232EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/20 6:44 p.m.•52 views

CVE-2021-35638

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.8CVSS1.8AI score0.01945EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/15 8:13 p.m.•52 views

CVE-2021-3796

A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.2CVSS5AI score0.01626EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/06 5:22 p.m.•52 views

CVE-2021-39191

A open redirect flaw was found in modauthopenidc where it does not sanitize targetlinkuri paramater properly. This issue could be used by a remote attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially...

6.1CVSS4.1AI score0.0175EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/03 1:39 p.m.•52 views

CVE-2021-23438

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

9.8CVSS2.5AI score0.01723EPSS
Exploits2References5
RedhatCVE
RedhatCVE
•added 2021/09/02 6:6 p.m.•52 views

CVE-2021-33938

A flaw was found in libsolv. A buffer overflow vulnerability in the prunetorecommend function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS4.4AI score0.01422EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/16 12:54 p.m.•52 views

CVE-2021-3702

A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's privatedatadir the next time ansible-runner made use of the privatedatadir...

6.3CVSS2.4AI score0.00188EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 7:25 p.m.•52 views

CVE-2021-3700

A use-after-free vulnerability was found in usbredir in the usbredirparserserialize function in usbredirparser/usbredirparser.c . This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination...

6.4CVSS4.6AI score0.00309EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 6:20 p.m.•52 views

CVE-2020-21680

A stack-based buffer overflow in the putarrow component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pict2e format...

5.5CVSS4.6AI score0.00683EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/11 6:20 p.m.•52 views

CVE-2021-38205

A flaw was found in the Linux kernel that allows attackers to defeat an ASLR protection mechanism because it prints a kernel pointer i.e., the real IOMEM pointer. The highest threat from this vulnerability is to confidentiality. Mitigation Mitigation for this issue is either not available or the...

3.3CVSS1.6AI score0.00328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 5:20 p.m.•52 views

CVE-2021-38203

A flaw was found in the btrfs filesystem in the Linux kernel that allows attackers to cause a denial of service via processes that trigger allocation of new system chunks when there is a shortage of free space in the system spaceinfo. The highest threat from this vulnerability is to system...

5.5CVSS1.2AI score0.00365EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/28 1:54 p.m.•52 views

CVE-2021-30795

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution...

9.3CVSS2.9AI score0.02164EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•52 views

CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

8.1CVSS2.9AI score0.01068EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•52 views

CVE-2021-30661

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by a use-after-free in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a specially...

8.8CVSS8.1AI score0.04528EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/08 10:51 a.m.•52 views

CVE-2021-35197

An improper authorization vulnerability was found in mediawiki. Mediawiki bots may have unintended API access even when a sitewide block has been applied. An attacker can use this vulnerability to potentially utilize a bot to access the mediawiki API and conduct actions like purge pages...

7.5CVSS4AI score0.01943EPSS
Exploits1References3
Total number of security vulnerabilities5000