Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2021/08/18 1:34 p.m.•51 views

CVE-2021-39240

A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters. This may cause specially crafted input to bypass implemented security restrictions. The highest threat from...

7.5CVSS2AI score0.02319EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:20 p.m.•51 views

CVE-2021-2342

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS1.7AI score0.02588EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 6:34 p.m.•51 views

CVE-2021-34335

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception FPE due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata...

5.5CVSS4.5AI score0.00984EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•51 views

CVE-2021-30665

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by a memory corruption issue in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a...

8.8CVSS8.1AI score0.03692EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•51 views

CVE-2021-30682

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information...

6.5CVSS1.8AI score0.01593EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•51 views

CVE-2021-30689

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting...

8.1CVSS2AI score0.01105EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/26 8:22 p.m.•51 views

CVE-2021-23413

A flaw was found in JSZip. Crafting a new zip file with filenames set to Object prototype values ex. proto, toString, etc. results in a returned object with a modified prototype instance. The highest threat from this vulnerability is to system availability...

5.3CVSS1.2AI score0.03307EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/06/27 12:32 p.m.•51 views

CVE-2021-29946

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

8.8CVSS2.3AI score0.01167EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/27 1:13 p.m.•51 views

CVE-2021-20718

modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service DoS condition via unspecified vectors...

7.5CVSS5.8AI score0.03395EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/26 1:13 p.m.•51 views

CVE-2020-26556

A flaw was found in the Linux kernel’s authentication protocol in the Bluetooth® Mesh Profile Specification. A vulnerability occurs if the AuthValue is identified during the provisioning procedure, even if the AuthValue is selected randomly. This flaw allows an attacker to identify the AuthValue...

7.5CVSS2AI score0.00907EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/25 2:57 p.m.•51 views

CVE-2021-33502

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

7.5CVSS3.2AI score0.01705EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/24 4:43 a.m.•51 views

CVE-2020-15684

Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 82...

9.8CVSS3.2AI score0.01328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/19 12:25 a.m.•51 views

CVE-2021-3531

A flaw was found in the Red Hat Ceph Storage RGW. When processing a GET Request for a swift URL that ends with two slashes, it can cause the RGW to crash, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

5.3CVSS1.1AI score0.02425EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•51 views

CVE-2020-36327

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

9.3CVSS8.7AI score0.06307EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2021/04/09 5:16 p.m.•51 views

CVE-2020-36312

A flaw was found in the KVM hypervisor of the Linux kernel. A memory leak could occur in kvmiobusunregisterdev upon a kmalloc failure. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently available...

5.5CVSS0.9AI score0.00313EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/01 2:9 p.m.•51 views

CVE-2021-20291

A deadlock vulnerability was found in github.com/containers/storage. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar...

7.1CVSS1.9AI score0.01587EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/03/29 7:15 p.m.•51 views

CVE-2021-1870

A logic issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A remote attacker may be able to cause arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS6.1AI score0.07921EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/03/25 8:6 p.m.•51 views

CVE-2021-20293

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

6.1CVSS3.8AI score0.00856EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/25 2:58 p.m.•51 views

CVE-2021-3450

A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is t...

7.4CVSS0.8AI score0.18339EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/03/23 9:36 a.m.•51 views

CVE-2021-3461

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute Name...

7.1CVSS1.8AI score0.00285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/22 7:54 p.m.•51 views

CVE-2021-28971

A flaw was found in the Linux kernel. On some Haswell CPUs, userspace applications such as perf-fuzzer can cause a system crash because the PEBS status in a PEBS record is mishandled. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the...

5.5CVSS1.6AI score0.00385EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/18 5:57 p.m.•51 views

CVE-2021-28660

A flaw was found in the Linux kernel. The rtwwxsetscan driver allows writing beyond the end of the -ssid array. The highest threat from this vulnerability is to data confidentiality and integrity as well system availability...

8.8CVSS7.7AI score0.01316EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/10 5:3 p.m.•51 views

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

6.5CVSS2AI score0.06357EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/26 7:51 p.m.•51 views

CVE-2021-3156

A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...

7.8CVSS0.5AI score0.99295EPSS
Exploits81References5
RedhatCVE
RedhatCVE
•added 2021/01/25 11:53 a.m.•51 views

CVE-2020-0431

A flaw out of bounds write in the Linux kernel human interface devices subsystem was found in the way user calls find key code by index. A local user could use this flaw to crash the system or escalate privileges on the system. Mitigation Mitigation for this issue is either not available or the...

6.7CVSS0.6AI score0.00223EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/01/25 7:53 a.m.•51 views

CVE-2020-0404

A flaw linked list corruption in the Linux kernel for USB Video Class driver functionality was found in the way user connects web camera to the USB port. A local user could use this flaw to crash the system. Mitigation To mitigate this issue, prevent the module uvcvideo from being loaded. Please...

5.5CVSS0.00232EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/01/11 9:54 a.m.•51 views

CVE-2020-35514

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShif...

7CVSS3AI score0.00218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/05 10:30 p.m.•51 views

CVE-2019-25013

A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability...

7.1CVSS6.7AI score0.03538EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/17 8:42 a.m.•51 views

CVE-2020-29510

A flaw was found in go. Encoding and decoding of XML directives could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on directive integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SA...

10CVSS7.3AI score0.04872EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2020/11/27 1:22 p.m.•51 views

CVE-2020-29129

An out-of-bounds access issue was found in the SLiRP user networking implementation of QEMU. It could occur while processing ARP/NCSI packets, if the packet length was shorter than required to accommodate respective protocol headers and payload. A privileged guest user may use this flaw to...

4.3CVSS3.6AI score0.01443EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/11/24 4:32 p.m.•51 views

CVE-2020-15437

A NULL pointer dereference flaw was found in the Linux kernel’s UART 8250 functionality, in the way certain hardware architectures handled situations where default ports 0x2E8, 0x2F8, 0x3E8, 0x3F8 are not available. This flaw allows a local user to crash the system. The highest threat from this...

4.9CVSS5.6AI score0.00436EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/11/18 8:9 a.m.•51 views

CVE-2020-25723

A reachable assertion vulnerability was found in the USB EHCI emulation code of QEMU. This issue occurs while processing USB requests due to missed handling of DMA memory map failure. This flaw allows a malicious privileged user within the guest to send bogus USB requests and crash the QEMU proce...

2.1CVSS1.5AI score0.00357EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/10/20 9:17 p.m.•51 views

CVE-2020-14803

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...

5.3CVSS2.6AI score0.03122EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/07 10:19 a.m.•51 views

CVE-2020-3901

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrar...

6.8CVSS2.2AI score0.01846EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/09/03 10:19 p.m.•51 views

CVE-2020-14384

A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. Mitigatio...

7.5CVSS7.5AI score0.87553EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/07/28 11:38 a.m.•51 views

CVE-2020-14331

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VTRESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the...

7.2CVSS1.7AI score0.00563EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/07/01 1:50 p.m.•51 views

CVE-2020-8022

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server...

7.2CVSS2.5AI score0.00857EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/06/10 1:24 p.m.•51 views

CVE-2020-11078

A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenatio...

4.3CVSS2.1AI score0.05406EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2020/06/01 3:26 p.m.•51 views

CVE-2020-10756

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6sendechoreply routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory,...

2.1CVSS2.3AI score0.0051EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/05/29 1:55 p.m.•51 views

CVE-2020-13631

A flaw was found in the virtual table implementation of SQLite. This flaw allows an attacker who can execute SQL statements to rename a virtual table to the name of one of its shadow tables, leading to potential data corruption...

2.1CVSS7.1AI score0.0062EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/05/06 7:40 p.m.•51 views

CVE-2020-12654

A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability. Mitigation In order to...

7.1CVSS7.4AI score0.01218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/14 7:26 p.m.•51 views

CVE-2019-14895

A heap-based buffer overflow was discovered in the Linux kernel's Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service system...

9.8CVSS4.2AI score0.0776EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/09 12:44 p.m.•51 views

CVE-2019-11248

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...

8.2CVSS2.1AI score0.61139EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/09 7:26 a.m.•51 views

CVE-2017-17485

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...

9.8CVSS3.6AI score0.49727EPSS
Exploits7References2
RedhatCVE
RedhatCVE
•added 2020/04/08 4:57 a.m.•51 views

CVE-2018-1000199

An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint CONFIGHAVEHWBREAKPOINT support. While modifying a h/w breakpoint via 'modifyuserhwbreakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to...

7.8CVSS1.7AI score0.01221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2020/04/06 5:7 p.m.•51 views

CVE-2019-11745

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

8.8CVSS4AI score0.02994EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2020/04/03 8:8 a.m.•51 views

CVE-2019-15117

An out of bounds OOB memory access flaw was found in the Linux kernel's ALSA subsystem. This could allow a local attacker to crash the system or leak kernel internal information. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat...

7.8CVSS0.8AI score0.00613EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/24 2:31 p.m.•51 views

CVE-2019-8844

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may le...

9.3CVSS2.4AI score0.02091EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/03/23 8:1 p.m.•51 views

CVE-2020-9548

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS2.3AI score0.18345EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/10 3:41 p.m.•51 views

CVE-2020-10255

A Rowhammer flaw was found in latest DDR4 DRAM hardware chips. These chips implement Target Row Refresh TRR mitigation to prevent a Rowhammer flaw-induced bit corruption across memory space. An unprivileged system user may leverage this flaw and use Rowhammer attack variants to induce bit...

9.3CVSS1.9AI score0.02515EPSS
Exploits0References6
Total number of security vulnerabilities5000