Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
added 2023/09/28 11:54 a.m.51 views

CVE-2023-43646

A vulnerability was found in the get-func-name package in the chai module. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

7.5CVSS6.8AI score0.01114EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/09/28 9:52 a.m.51 views

CVE-2023-42756

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSETCMDADD and IPSETCMDSWAP can lead to a kernel panic due to the invocation of ipsetput on a wrong set. This issue may allow a local user to crash the system. Mitigation Mitigation for this issue is either...

4.4CVSS5.9AI score0.00275EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/09/28 6:54 a.m.51 views

CVE-2023-43114

An issue was discovered in Qt on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFontFromData, then it can cause the application to crash because of missing length checks...

5.5CVSS5.5AI score0.00249EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/09/13 1:54 p.m.51 views

CVE-2022-48566

A constant-time-defeating optimization issue was found in python. This issue occurs when sending a specially crafted request, which could allow an attacker to obtain sensitive information. Mitigation As per upstream, either make the accumulator variable result a volatile unsigned char instead of...

5.9CVSS6.3AI score0.01148EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/08/23 8:15 p.m.51 views

CVE-2022-48064

An excessive memory consumption vulnerability was identified in GNU Binutils, specifically in the function bfddwarf2findnearestlinewithalt at dwarf2.c. An attacker could exploit this by providing a crafted ELF file, potentially leading to a denial of service attack through excessive memory usage...

5.5CVSS5.2AI score0.0059EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/08/08 5:51 p.m.51 views

CVE-2023-35391

A vulnerability was found in dotnet. This issue exists in .NET 6.0 and .NET 7.0 when using the redis backplane in SignalIR, which may result in information disclosure...

7.1CVSS6.7AI score0.01937EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/08/08 11:19 a.m.51 views

CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabili...

7.3CVSS6.7AI score0.00239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/08/05 3:48 p.m.51 views

CVE-2023-38697

A flaw was found in the protocol-http1 rubygem package. The protocol-http1 provides a low-level implementation of the HTTP/1 protocol. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially resulting in HTTP request smuggling and firewall bypassing...

5.3CVSS6.3AI score0.00637EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/06/30 6:17 a.m.51 views

CVE-2023-36191

A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service DoS attack...

5.5CVSS6.7AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/06/21 10:47 p.m.51 views

CVE-2023-2828

A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...

7.5CVSS7.2AI score0.03776EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/04/19 9:32 a.m.51 views

CVE-2023-21968

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS4.7AI score0.01036EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/04/17 7:30 a.m.51 views

CVE-2023-29383

A flaw was found in Shadow, where it is possible to inject control characters into fields provided to the SUID program change fingerchfn. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the...

5.5CVSS4.4AI score0.00428EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/04/08 3:59 p.m.51 views

CVE-2023-29017

A flaw was found in vm2 where the component was not properly handling asynchronous errors. This flaw allows a remote, unauthenticated attacker to escape the restrictions of the sandbox and execute code on the host. Mitigation Mitigation for this issue is either not available or the currently...

9.8CVSS9AI score0.63186EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/04/04 8:43 p.m.51 views

CVE-2023-24537

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

7.5CVSS8.3AI score0.01412EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/03/22 5:43 p.m.51 views

CVE-2022-4744

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the registernetdevice function fails NETDEVREGISTER notifier. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To...

7.8CVSS7.3AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/03/21 7:43 a.m.51 views

CVE-2022-30539

A flaw was found in how. Use-after-free in the BIOS firmware for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access. Mitigation Please contact the hardware vendor for more updates...

7.5CVSS6.6AI score0.00211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/03/19 6:13 p.m.51 views

CVE-2023-26607

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfsattrfind in fs/ntfs/attrib.c...

7.1CVSS6.8AI score0.00608EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/03/14 7:43 p.m.51 views

CVE-2022-45787

A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...

5.5CVSS5.4AI score0.00271EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/03/13 8:43 a.m.51 views

CVE-2023-27900

A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

7.5CVSS7.4AI score0.46836EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/03/06 8:59 a.m.51 views

CVE-2023-1194

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

8.1CVSS6.2AI score0.01077EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/03/03 5:30 p.m.51 views

CVE-2022-28321

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pamaccess.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a...

9.8CVSS2.8AI score0.01218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/02/21 3:59 p.m.51 views

CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

7.5CVSS7.1AI score0.02209EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/01/31 6:5 a.m.51 views

CVE-2023-0512

A divide-by-zero flaw was found in Vim's adjustskipcol function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service...

7.8CVSS6.7AI score0.0049EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/01/30 1:35 p.m.51 views

CVE-2022-23552

A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-site scripting, where an attacker with an Editor role can add...

7.5CVSS1.7AI score0.02179EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/12/14 11:35 a.m.51 views

CVE-2022-4492

A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step that should at least be performed by default in HTTPS and in http/2...

7.5CVSS7.4AI score0.00596EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/11/11 4:55 a.m.51 views

CVE-2022-3755

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

6.5CVSS6.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/10/19 7:17 p.m.51 views

CVE-2022-40303

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

7.5CVSS3.9AI score0.22791EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2022/10/19 1:17 p.m.51 views

CVE-2022-42927

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a same-origin policy violation that could have allowed the theft of cross-origin URL entries, leaking the result of a redirect via performance.getEntries...

7.5CVSS3AI score0.00414EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/10/19 9:47 a.m.51 views

CVE-2022-21628

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

5.3CVSS0.9AI score0.02038EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/10/13 2:30 p.m.51 views

CVE-2022-38096

A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmwcmddxdefinequery. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causi...

5.5CVSS6.7AI score0.0059EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/08/19 4:38 a.m.51 views

CVE-2022-30953

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

6.5CVSS3.2AI score0.00633EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/08/15 7:37 p.m.51 views

CVE-2022-2568

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges...

7.2CVSS4.6AI score0.00769EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/07/27 3:55 p.m.51 views

CVE-2022-32745

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault...

5.4CVSS3.6AI score0.00904EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/06/29 1:5 p.m.51 views

CVE-2022-2206

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2...

7.8CVSS1.6AI score0.013EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/06/23 2:36 p.m.51 views

CVE-2021-38561

A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of...

7.5CVSS4.3AI score0.01356EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/06/21 9:1 a.m.51 views

CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

5.5CVSS4.3AI score0.02495EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/06/14 2:59 p.m.51 views

CVE-2022-1976

A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. Mitigati...

7.8CVSS1.2AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/06/07 5:19 p.m.51 views

CVE-2022-28737

A flaw was found in shim during the handling of EFI executables. A crafted EFI image can lead to an overflow in shim. This flaw allows an attacker to perform an out-of-bounds write in memory. A successful attack can lead to data integrity, confidentiality issues, and arbitrary code execution...

7.8CVSS4.3AI score0.00332EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/06/07 2:29 a.m.52 views

CVE-2022-30321

A flaw was found in go-getter. Several vulnerabilities were identified in the way go-getter processes HTTP responses, response headers, and password-protected ZIP files. This flaw allows an attacker to bypass certain configuration settings and may lead to a denial of service. Mitigation The fix...

8.6CVSS2AI score0.03054EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/06/07 2:27 a.m.51 views

CVE-2022-1942

An out-of-bounds write vulnerability was found in Vim's vimregsubboth function in the src/regexp.c file. The flaw can open a command-line window from a substitute expression when a text or buffer is locked. This flaw allows an attacker to trick a user into opening a specially crafted file,...

7.8CVSS3.2AI score0.01559EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/06/01 7:22 a.m.51 views

CVE-2022-1852

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86emulateinsn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. Mitigation This flaw can be mitigated by preventing...

5.5CVSS2.1AI score0.00302EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/30 7:22 p.m.52 views

CVE-2022-1678

A flaw was found in the Linux kernel. An incorrect update of the sock reference in TCP pacing can lead to a memory leak, wasting memory on the system. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteri...

7.5CVSS1.2AI score0.02913EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/05/23 9:19 a.m.51 views

CVE-2022-1802

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...

8.8CVSS3.9AI score0.26709EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/21 12:16 a.m.51 views

CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

7.5CVSS3.7AI score0.02115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/05/14 11:41 a.m.51 views

CVE-2020-10749

A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, t...

6CVSS2.7AI score0.02428EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/05/07 2:12 p.m.51 views

CVE-2021-44716

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

7.5CVSS3AI score0.03958EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/06 6:0 p.m.51 views

CVE-2022-21427

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS2AI score0.01939EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/05/06 4:55 p.m.51 views

CVE-2022-21462

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/14 10:38 p.m.51 views

CVE-2022-27449

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemfunc.cc:148, affecting availability...

7.5CVSS4.2AI score0.02211EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/04/13 11:53 a.m.51 views

CVE-2022-27382

A flaw was found in MariaDB. A segmentation fault via the component, Itemfield::usedtables/updatedependmapfororder, impacts availability...

7.5CVSS4.3AI score0.01546EPSS
Exploits1References3
Total number of security vulnerabilities5000