Lucene search
K
RedhatcveMost viewed

206311 matches found

RedhatCVE
RedhatCVE
•added 2019/10/08 11:31 p.m.•52 views

CVE-2019-14813

A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...

9.8CVSS1.2AI score0.92499EPSS
Exploits4References2
RedhatCVE
RedhatCVE
•added 2019/10/07 2:19 p.m.•52 views

CVE-2017-10089

Vulnerability in the Java SE component of Oracle Java SE subcomponent: ImageIO. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

9.6CVSS2.8AI score0.02415EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2019/09/30 7:52 p.m.•52 views

CVE-2019-10212

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files. Mitigation Use Elytron instead of legacy Security subsystem...

9.8CVSS2.6AI score0.019EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/09/10 2:21 p.m.•52 views

CVE-2019-15926

An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6klwmipstreamtimeouteventrx and ath6klwmicaceventrx in the file drivers/net/wireless/ath/ath6kl/wmi.c...

9.4CVSS2.7AI score0.05189EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2018/10/30 4:49 p.m.•52 views

CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

5.9CVSS3.9AI score0.12154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2018/07/16 11:20 p.m.•52 views

CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

6.1CVSS1.6AI score0.04009EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2018/06/25 2:19 a.m.•52 views

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

9.8CVSS7.4AI score0.07046EPSS
Exploits2References2
RedhatCVE
RedhatCVE
•added 2018/06/07 5:50 a.m.•52 views

CVE-2016-1000338

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

7.5CVSS4.5AI score0.01845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2018/01/26 5:49 p.m.•52 views

CVE-2017-1000505

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...

6.5CVSS2.6AI score0.01013EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2017/12/12 4:20 p.m.•52 views

CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

9.1CVSS2.4AI score0.78675EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2017/10/16 9:50 a.m.•52 views

CVE-2017-13078

A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way...

8.1CVSS1.9AI score0.0207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2017/05/19 8:26 a.m.•52 views

CVE-2017-9050

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839...

7.5CVSS1.8AI score0.07347EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2017/04/11 8:48 a.m.•52 views

CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

5.5CVSS3AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/04/05 8:17 a.m.•52 views

CVE-2017-2671

A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system...

7.8CVSS2.5AI score0.01463EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2016/10/18 8:17 p.m.•52 views

CVE-2016-5573

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS0.4AI score0.03255EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/05/13 8:22 p.m.•51 views

CVE-2026-40370

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.00555EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/01/09 8:50 a.m.•51 views

CVE-2021-31457

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.02778EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/23 12:36 a.m.•51 views

CVE-2022-33961

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...

4.8CVSS5.6AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/03 11:8 a.m.•51 views

CVE-2025-27007

Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through = 1.0.82...

9.8CVSS7.4AI score0.5088EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2025/04/30 8:38 a.m.•51 views

CVE-2025-31650

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak. Mitigation...

7.5CVSS7.6AI score0.66933EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2024/09/05 7:14 a.m.•51 views

CVE-2024-45491

An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

7.5CVSS6.9AI score0.0113EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/08/29 2:27 p.m.•51 views

CVE-2023-49582

A flaw was found in the Apache Portable Runtime APR library. This issue allows local users to read named shared memory segments due to incorrect permissions, potentially revealing sensitive application data...

5.5CVSS5.1AI score0.00332EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/08/19 8:39 p.m.•51 views

CVE-2024-7592

A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...

4.8CVSS7.6AI score0.02303EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2024/07/01 9:49 p.m.•51 views

CVE-2024-38473

A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication. Mitigation Mitigation for this issue is either not available or the currently available optio...

5.3CVSS8AI score0.35447EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/06/28 5:8 a.m.•51 views

CVE-2024-5642

A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...

2.7CVSS6.5AI score0.00744EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/06/17 10:51 p.m.•51 views

CVE-2024-24790

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

6.7CVSS9.6AI score0.01952EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/06/05 5:34 p.m.•51 views

CVE-2024-5629

A flaw was found in the bson module contained in the python-pymongo package. A malformed BSON file may trigger an exception, leading to a denial of service and eventually sensitive memory data exposure...

4.7CVSS4.5AI score0.00663EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/05/29 12:25 p.m.•51 views

CVE-2023-52881

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

5.9CVSS6.3AI score0.00227EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/05/27 10:32 a.m.•51 views

CVE-2021-47533

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit 9ec03d7f1ed3 "drm/vc4: kms: Wait on previous FIFO users before a commit" introduced a wait on the previous commit done on a given HVS FIFO. However, we never cleare...

4.5CVSS6.6AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/15 10:24 p.m.•51 views

CVE-2024-4854

A flaw was found in the MONGO and ZigBee TLV dissectors of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an infinite loop, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently...

6.5CVSS6.1AI score0.00811EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/07 6:54 a.m.•51 views

CVE-2024-34064

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.3AI score0.00979EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/03 9:29 p.m.•51 views

CVE-2023-44431

A flaw was found within the handling of the AVRCP protocol in BlueZ. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a...

7.1CVSS7.1AI score0.01563EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/04/12 7:49 p.m.•51 views

CVE-2024-2397

A flaw was found in tcpdump. Trying to print content from a maliciously crafted .pcap file may lead to an infinite loop, resulting in a denial of service. This issue is considered low severity; for a successful attack to happen, a user must open a crafted file, and it will only crash a single...

5.5CVSS6.1AI score0.00289EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/04/04 1:1 a.m.•51 views

CVE-2024-26752

A vulnerability was found in the l2tpip6sendmsg function in the Linux kernel. An incorrect length calculation due to operator precedence issues can cause packet corruption and lead to communication issues...

5.5CVSS7.2AI score0.00252EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/27 3:50 a.m.•51 views

CVE-2023-42843

A flaw was found in WebKit that may allow a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. By tricking a victim into visiting a specially crafted website, the attacker could perform address bar spoofing...

5.4CVSS6.6AI score0.0086EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/19 8:50 p.m.•51 views

CVE-2024-26308

An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error. Mitigation No mitigation is currently available for this vulnerability...

5.5CVSS6.4AI score0.00898EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/02/06 12:0 a.m.•51 views

CVE-2023-52426

A flaw was found in Expat libexpat. If XMLDTD is undefined at compile time, a recursive XML Entity Expansion condition can be triggered. This issue may lead to a condition where data is expanded exponentially, which will quickly consume system resources and cause a denial of service. Mitigation...

5.5CVSS5.3AI score0.00373EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/31 7:26 p.m.•51 views

CVE-2024-1085

A double-free flaw was found in how the Linux kernel's NetFilter system marks whether a catch-all element is enabled. A local user could use this flaw to crash the system. Mitigation 1. This flaw can be mitigated by preventing the affected netfilter nftables kernel module from being loaded. For...

6.6CVSS7.3AI score0.00282EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/01/25 8:27 p.m.•51 views

CVE-2024-0874

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching...

5.3CVSS7AI score0.0076EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/01/22 9:1 a.m.•51 views

CVE-2023-4969

A flaw was found in AMD. This issue occurs when different users or processes execute independent GPU kernels. A compromised AMD GPU kernel could potentially read local memory values from another kernel, which may include private information. Mitigation AMD recommends updating to the latest driver...

6.5CVSS6AI score0.01175EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2024/01/16 5:10 p.m.•51 views

CVE-2024-0607

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nftbyteordereval function, where the code iterates through a loop and writes to the dst array. On each iteration, 8 bytes are written, but dst is an array of u32, so each element only has space for 4 bytes. That...

6.6CVSS6.6AI score0.00241EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/08 10:34 p.m.•51 views

CVE-2024-21647

A flaw was found in Puma rubygem. Versions prior 6.4.2 are susceptible to a HTTP smuggling attack when parsing chunked transfer encoding bodies on HTTP messages, which don't limit the size of the message chunk extensions. This issue may lead to uncontrolled resource consumption, possibly resultin...

7.5CVSS6.8AI score0.00958EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/02 9:14 a.m.•51 views

CVE-2023-6693

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables...

4.9CVSS7.1AI score0.0033EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/12 6:27 a.m.•51 views

CVE-2023-6710

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.7AI score0.02242EPSS
Exploits5References3
RedhatCVE
RedhatCVE
•added 2023/11/21 4:19 a.m.•51 views

CVE-2023-5752

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

3.3CVSS3.8AI score0.00476EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/16 1:34 a.m.•51 views

CVE-2023-44442

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process. Mitigation Mitigation for this...

7.8CVSS6.8AI score0.61427EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/27 7:45 a.m.•51 views

CVE-2023-46118

A flaw was found in the rabbitmq-server. An authenticated user with sufficient credentials can publish very large messages over the HTTP API and cause the target node to be terminated by an "out-of-memory killer" like mechanism...

4.9CVSS6.2AI score0.01077EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/27 6:27 a.m.•51 views

CVE-2023-46234

A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment. Mitigation No current mitigation is yet available for this flaw...

7.5CVSS6.5AI score0.00508EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/19 1:47 p.m.•51 views

CVE-2023-22084

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

4.9CVSS5.6AI score0.01782EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/18 12:59 a.m.•51 views

CVE-2023-45863

An out-of-bounds memory write flaw was found in the load/unload module in the Linux kernel's kobject functionality, potentially triggering a race condition in the kobjectgetpath function. This issue may allow a local user to crash the system or potentially escalate their privileges on the system...

6.4CVSS7AI score0.00284EPSS
Exploits0References3
Total number of security vulnerabilities5000