Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
added 2023/12/12 6:27 a.m.51 views

CVE-2023-6710

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.7AI score0.02242EPSS
Exploits5References3
RedhatCVE
RedhatCVE
added 2023/12/05 12:40 p.m.51 views

CVE-2023-49093

A flaw was found in HTMLUnit. Fetching external resources may be possible for XSLT processors with the Feature for Secure Processing disabled FSP, allowing code injection and arbitrary code execution. HTMLUnit is vulnerable to this type of attack by default...

8.8CVSS7.7AI score0.02378EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/11/21 4:19 a.m.51 views

CVE-2023-5752

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

3.3CVSS3.8AI score0.00476EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/11/17 10:20 p.m.51 views

CVE-2023-26364

A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment. Mitigation No mitigation is yet available for this...

5.3CVSS5.4AI score0.00985EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/11/16 1:34 a.m.51 views

CVE-2023-44442

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process. Mitigation Mitigation for this...

7.8CVSS6.8AI score0.61427EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/10/27 6:27 a.m.51 views

CVE-2023-46234

A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment. Mitigation No current mitigation is yet available for this flaw...

7.5CVSS6.5AI score0.00508EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/10/23 2:1 p.m.51 views

CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS6.5AI score0.00465EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/10/19 1:47 p.m.51 views

CVE-2023-22084

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

4.9CVSS5.6AI score0.01782EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/10/18 12:59 a.m.51 views

CVE-2023-45863

An out-of-bounds memory write flaw was found in the load/unload module in the Linux kernel's kobject functionality, potentially triggering a race condition in the kobjectgetpath function. This issue may allow a local user to crash the system or potentially escalate their privileges on the system...

6.4CVSS7AI score0.00284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/10/09 7:54 a.m.51 views

CVE-2023-39193

A flaw was found in the Netfilter subsystem in the Linux kernel. The sctpmtcheck did not validate the flagcount field. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Mitigation This flaw can be mitigated by...

6.1CVSS6.8AI score0.00415EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/09/28 11:54 a.m.51 views

CVE-2023-43646

A vulnerability was found in the get-func-name package in the chai module. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

7.5CVSS6.8AI score0.01114EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/09/28 9:52 a.m.51 views

CVE-2023-42756

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSETCMDADD and IPSETCMDSWAP can lead to a kernel panic due to the invocation of ipsetput on a wrong set. This issue may allow a local user to crash the system. Mitigation Mitigation for this issue is either...

4.4CVSS5.9AI score0.00275EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/09/28 6:54 a.m.51 views

CVE-2023-43114

An issue was discovered in Qt on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFontFromData, then it can cause the application to crash because of missing length checks...

5.5CVSS5.5AI score0.00249EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/09/13 1:54 p.m.51 views

CVE-2022-48566

A constant-time-defeating optimization issue was found in python. This issue occurs when sending a specially crafted request, which could allow an attacker to obtain sensitive information. Mitigation As per upstream, either make the accumulator variable result a volatile unsigned char instead of...

5.9CVSS6.3AI score0.01148EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/08/23 8:15 p.m.51 views

CVE-2022-48064

An excessive memory consumption vulnerability was identified in GNU Binutils, specifically in the function bfddwarf2findnearestlinewithalt at dwarf2.c. An attacker could exploit this by providing a crafted ELF file, potentially leading to a denial of service attack through excessive memory usage...

5.5CVSS5.2AI score0.0059EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/08/08 11:19 a.m.51 views

CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabili...

7.3CVSS6.7AI score0.00239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/08/05 3:48 p.m.51 views

CVE-2023-38697

A flaw was found in the protocol-http1 rubygem package. The protocol-http1 provides a low-level implementation of the HTTP/1 protocol. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially resulting in HTTP request smuggling and firewall bypassing...

5.3CVSS6.3AI score0.00637EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/06/21 10:47 p.m.51 views

CVE-2023-2828

A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...

7.5CVSS7.2AI score0.03776EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/04/19 9:32 a.m.51 views

CVE-2023-21968

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS4.7AI score0.01036EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/04/17 7:30 a.m.51 views

CVE-2023-29383

A flaw was found in Shadow, where it is possible to inject control characters into fields provided to the SUID program change fingerchfn. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the...

5.5CVSS4.4AI score0.00428EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/04/04 8:43 p.m.51 views

CVE-2023-24537

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

7.5CVSS8.3AI score0.01412EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/03/21 7:43 a.m.51 views

CVE-2022-30539

A flaw was found in how. Use-after-free in the BIOS firmware for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access. Mitigation Please contact the hardware vendor for more updates...

7.5CVSS6.6AI score0.00211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/03/14 7:43 p.m.51 views

CVE-2022-45787

A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...

5.5CVSS5.4AI score0.00271EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/03/13 8:43 a.m.51 views

CVE-2023-27900

A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

7.5CVSS7.4AI score0.46836EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/03/03 5:30 p.m.51 views

CVE-2022-28321

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pamaccess.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a...

9.8CVSS2.8AI score0.01218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/02/21 3:59 p.m.51 views

CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

7.5CVSS7.1AI score0.02209EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/01/31 6:5 a.m.51 views

CVE-2023-0512

A divide-by-zero flaw was found in Vim's adjustskipcol function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service...

7.8CVSS6.7AI score0.0049EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/12/14 11:35 a.m.51 views

CVE-2022-4492

A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step that should at least be performed by default in HTTPS and in http/2...

7.5CVSS7.4AI score0.00596EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/11/11 4:55 a.m.51 views

CVE-2022-3755

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

6.5CVSS6.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/10/19 7:17 p.m.51 views

CVE-2022-40303

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

7.5CVSS3.9AI score0.22791EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2022/10/19 9:47 a.m.51 views

CVE-2022-21628

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

5.3CVSS0.9AI score0.02038EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/10/13 2:30 p.m.51 views

CVE-2022-38096

A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmwcmddxdefinequery. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causi...

5.5CVSS6.7AI score0.0059EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/08/19 4:38 a.m.51 views

CVE-2022-30953

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

6.5CVSS3.2AI score0.00633EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/08/15 7:37 p.m.51 views

CVE-2022-2568

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges...

7.2CVSS4.6AI score0.00769EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/07/27 3:55 p.m.51 views

CVE-2022-32745

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault...

5.4CVSS3.6AI score0.00904EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/07/15 4:7 a.m.51 views

CVE-2022-31097

A Cross-site scripting XSS vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin. Mitigation Disable Unified alerting. https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/unifiedalerting...

7.3CVSS6.8AI score0.68603EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/07/01 5:56 p.m.51 views

CVE-2022-24805

A flaw was found in net-snmp. A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access issue...

6.7CVSS3.4AI score0.01299EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/06/29 1:5 p.m.51 views

CVE-2022-2206

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2...

7.8CVSS1.6AI score0.013EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/06/21 9:1 a.m.51 views

CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

5.5CVSS4.3AI score0.02495EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/06/14 2:59 p.m.51 views

CVE-2022-1976

A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. Mitigati...

7.8CVSS1.2AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/06/07 2:29 a.m.52 views

CVE-2022-30321

A flaw was found in go-getter. Several vulnerabilities were identified in the way go-getter processes HTTP responses, response headers, and password-protected ZIP files. This flaw allows an attacker to bypass certain configuration settings and may lead to a denial of service. Mitigation The fix...

8.6CVSS2AI score0.03054EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/06/01 7:22 a.m.51 views

CVE-2022-1852

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86emulateinsn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. Mitigation This flaw can be mitigated by preventing...

5.5CVSS2.1AI score0.00302EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/30 7:22 p.m.52 views

CVE-2022-1678

A flaw was found in the Linux kernel. An incorrect update of the sock reference in TCP pacing can lead to a memory leak, wasting memory on the system. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteri...

7.5CVSS1.2AI score0.02913EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/05/23 9:19 a.m.51 views

CVE-2022-1802

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...

8.8CVSS3.9AI score0.26709EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/21 12:16 a.m.51 views

CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

7.5CVSS3.7AI score0.02115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/05/14 11:41 a.m.51 views

CVE-2020-10749

A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, t...

6CVSS2.7AI score0.02428EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/05/07 2:12 p.m.51 views

CVE-2021-44716

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

7.5CVSS3AI score0.03958EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/06 6:0 p.m.51 views

CVE-2022-21427

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS2AI score0.02052EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/05/06 4:55 p.m.51 views

CVE-2022-21462

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01287EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/13 5:22 a.m.51 views

CVE-2021-28544

A flaw was found in Subversion. When using path-based authorization authz, the helper function detectchanged does not omit potentially sensitive information from log messages. In particular, if a node is copied from a protected location, its 'copyfrom' path the path to the protected location is...

4.3CVSS5.7AI score0.02788EPSS
Exploits1References4
Total number of security vulnerabilities5000