Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2026/01/09 8:50 a.m.•50 views

CVE-2021-31457

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.02778EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/12/17 12:55 a.m.•50 views

CVE-2025-67722

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to versions 16.0.45 and 17.0.24 of the FreePBX framework, an authenticated local privilege escalation exists in the deprecated FreePBX startup script amportal. In the deprecated amportal utility, the...

8.4CVSS6.8AI score0.0011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/04/30 8:38 a.m.•50 views

CVE-2025-31650

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak. Mitigation...

7.5CVSS7.6AI score0.66933EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2024/09/05 7:14 a.m.•50 views

CVE-2024-45491

An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

7.5CVSS6.9AI score0.0113EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/08/19 8:39 p.m.•50 views

CVE-2024-7592

A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...

4.8CVSS7.6AI score0.02303EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2024/07/01 9:49 p.m.•50 views

CVE-2024-38473

A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication. Mitigation Mitigation for this issue is either not available or the currently available optio...

5.3CVSS8AI score0.35447EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/06/24 1:53 p.m.•50 views

CVE-2024-39331

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments. Mitigation Do not open Org mode files or...

7.8CVSS6.2AI score0.01323EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/03 9:29 p.m.•50 views

CVE-2023-44431

A flaw was found within the handling of the AVRCP protocol in BlueZ. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a...

7.1CVSS7.1AI score0.01563EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/04/03 11:45 p.m.•50 views

CVE-2024-26720

A vulnerability was found in the wbdirtylimits function in the Linux kernel memory management mm subsystem which can lead to a divide-by-zero error. This issue could lead to a potential kernel crash...

5.5CVSS6.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/27 3:50 a.m.•50 views

CVE-2023-42843

A flaw was found in WebKit that may allow a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. By tricking a victim into visiting a specially crafted website, the attacker could perform address bar spoofing...

5.4CVSS6.6AI score0.0086EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/15 10:37 p.m.•50 views

CVE-2024-23206

A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass the security restriction by using a specially crafted malicious website to fingerprint the victim...

6.5CVSS7.5AI score0.00921EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/14 6:39 p.m.•50 views

CVE-2024-28849

A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a...

6.5CVSS6.2AI score0.01044EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/01/17 9:13 a.m.•50 views

CVE-2024-20926

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

5.9CVSS6AI score0.01026EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/16 5:10 p.m.•50 views

CVE-2024-0607

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nftbyteordereval function, where the code iterates through a loop and writes to the dst array. On each iteration, 8 bytes are written, but dst is an array of u32, so each element only has space for 4 bytes. That...

6.6CVSS6.6AI score0.00239EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/08 10:34 p.m.•50 views

CVE-2024-21647

A flaw was found in Puma rubygem. Versions prior 6.4.2 are susceptible to a HTTP smuggling attack when parsing chunked transfer encoding bodies on HTTP messages, which don't limit the size of the message chunk extensions. This issue may lead to uncontrolled resource consumption, possibly resultin...

7.5CVSS6.8AI score0.00958EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/02 9:14 a.m.•50 views

CVE-2023-6693

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables...

4.9CVSS7.1AI score0.0033EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/20 4:0 p.m.•50 views

CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. Mitigation Mitigation for this issue is either not...

5.9CVSS7AI score0.00849EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/12/18 11:27 p.m.•50 views

CVE-2023-6918

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...

3.7CVSS5.4AI score0.01421EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/12/14 6:1 p.m.•50 views

CVE-2023-6563

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...

7.7CVSS7.6AI score0.01239EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/11/21 4:19 a.m.•50 views

CVE-2023-5752

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

3.3CVSS3.8AI score0.00476EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/17 10:20 p.m.•50 views

CVE-2023-26364

A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment. Mitigation No mitigation is yet available for this...

5.3CVSS5.4AI score0.00985EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/19 1:47 p.m.•50 views

CVE-2023-22084

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

4.9CVSS5.6AI score0.01782EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/18 12:59 a.m.•50 views

CVE-2023-45863

An out-of-bounds memory write flaw was found in the load/unload module in the Linux kernel's kobject functionality, potentially triggering a race condition in the kobjectgetpath function. This issue may allow a local user to crash the system or potentially escalate their privileges on the system...

6.4CVSS7AI score0.00284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/28 11:54 a.m.•50 views

CVE-2023-43646

A vulnerability was found in the get-func-name package in the chai module. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

7.5CVSS6.8AI score0.01114EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/09/28 9:52 a.m.•50 views

CVE-2023-42756

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSETCMDADD and IPSETCMDSWAP can lead to a kernel panic due to the invocation of ipsetput on a wrong set. This issue may allow a local user to crash the system. Mitigation Mitigation for this issue is either...

4.4CVSS5.9AI score0.00275EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/08/24 5:15 p.m.•50 views

CVE-2022-44729

A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...

6.5CVSS6.6AI score0.00786EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/08/23 8:15 p.m.•50 views

CVE-2022-48064

An excessive memory consumption vulnerability was identified in GNU Binutils, specifically in the function bfddwarf2findnearestlinewithalt at dwarf2.c. An attacker could exploit this by providing a crafted ELF file, potentially leading to a denial of service attack through excessive memory usage...

5.5CVSS5.2AI score0.0059EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/10 10:19 a.m.•50 views

CVE-2023-32004

A vulnerability was found in NodeJS. This security issue occurs as improper handling of buffers in file system APIs, causing a traversal path to bypass when verifying file permissions. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the R...

8.8CVSS9AI score0.01817EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/08 11:19 a.m.•50 views

CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabili...

7.3CVSS6.7AI score0.00239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/19 4:6 p.m.•50 views

CVE-2023-37450

A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution. Mitigation This vulnerability can be mitigated by setting the environment variable JSCuseWebAssembly=0, which will disable support for WebAssembly. It's not necessary...

8.8CVSS8.7AI score0.18185EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/21 10:47 p.m.•50 views

CVE-2023-2828

A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...

7.5CVSS7.2AI score0.03776EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/17 9:27 a.m.•50 views

CVE-2023-28319

A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...

5.9CVSS6.2AI score0.02489EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/04/19 9:32 a.m.•50 views

CVE-2023-21968

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS4.7AI score0.01036EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/04/04 8:43 p.m.•50 views

CVE-2023-24537

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

7.5CVSS8.3AI score0.01412EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/24 1:7 p.m.•50 views

CVE-2023-1584

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

7.5CVSS6.6AI score0.00963EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/19 5:42 p.m.•50 views

CVE-2023-26606

In the Linux kernel 6.0.8, there is a use-after-free in ntfstrimfs in fs/ntfs3/bitmap.c...

7CVSS7.6AI score0.00393EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/03/14 7:43 p.m.•50 views

CVE-2022-45787

A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...

5.5CVSS5.4AI score0.00271EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/09 12:15 a.m.•50 views

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

7.5CVSS2.4AI score0.01771EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/08 10:22 p.m.•50 views

CVE-2022-40959

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

7.5CVSS2.5AI score0.01284EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/06 8:59 a.m.•50 views

CVE-2023-1194

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

8.1CVSS6.2AI score0.01077EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/21 3:59 p.m.•50 views

CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

7.5CVSS7.1AI score0.02209EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/02/09 9:20 p.m.•50 views

CVE-2022-2879

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...

6.5CVSS7.4AI score0.01544EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/09 4:56 a.m.•51 views

CVE-2023-25165

A flaw was found in the helm package. The 'getHostByName' is a Helm template function introduced in Helm v3 and can accept a hostname and return an IP address for that hostname. To get the IP address, the function performs a DNS lookup. The DNS lookup happens when used with 'helm...

4.3CVSS4.9AI score0.00762EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/31 6:5 a.m.•50 views

CVE-2023-0512

A divide-by-zero flaw was found in Vim's adjustskipcol function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service...

7.8CVSS6.7AI score0.0049EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/30 1:35 p.m.•50 views

CVE-2022-23552

A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-site scripting, where an attacker with an Editor role can add...

7.5CVSS1.7AI score0.02179EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/13 2:30 p.m.•50 views

CVE-2022-38096

A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmwcmddxdefinequery. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causi...

5.5CVSS6.7AI score0.0059EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/19 10:43 a.m.•50 views

CVE-2022-3176

A use-after-free flaw was found in iouring in the Linux kernel. This flaw allows a local user to trigger the issue if a signalfd or binder fd is polled with the iouring poll due to a lack of iouring POLLFREE handling...

7CVSS1.9AI score0.00287EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/08/25 2:10 p.m.•50 views

CVE-2022-2990

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

7.1CVSS2.1AI score0.00331EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/08/24 1:10 p.m.•50 views

CVE-2022-35948

A flaw was found in the undici package. When requesting unsanitized input on content-type headers, it is possible to inject additional requests via Carriage Return/Line Feed CRLF. Mitigation A possible mitigation is to sanitize user input when sending content-type headers...

5.3CVSS3.9AI score0.01203EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/27 3:55 p.m.•50 views

CVE-2022-32745

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault...

5.4CVSS3.6AI score0.00904EPSS
Exploits0References4
Total number of security vulnerabilities5000