Lucene search
K
RedhatcveMost viewed

206391 matches found

RedhatCVE
RedhatCVE
added 2022/04/11 3:23 p.m.50 views

CVE-2022-28202

A flaw was found in MediaWiki. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...

6.1CVSS1.8AI score0.01152EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/25 3:18 p.m.50 views

CVE-2022-26127

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babelpacketexamin function in babeld/message.c...

8.1CVSS4AI score0.01014EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/01/24 4:55 p.m.50 views

CVE-2021-45960

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability...

9CVSS1.1AI score0.042EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/11/10 3:37 a.m.50 views

CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. Mitigation Setting dcesrv:max auth states=0 in the...

7.5CVSS7.4AI score0.01953EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/09/30 8:24 p.m.50 views

CVE-2021-41798

Cross-site scripting XSS vulnerability was found in mediawiki. Due to insufficient sanitization of user-supplied data in Special:Search function a remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...

6.1CVSS2.8AI score0.01302EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/09/14 3:9 p.m.50 views

CVE-2021-37137

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

7.5CVSS3.6AI score0.0628EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/09/14 12:9 p.m.50 views

CVE-2020-19131

The libtiff package is susceptible to a heap/buffer overflow via the "invertImage" which may lead to a DoS. The highest threat from this vulnerability is to system availability...

7.5CVSS2.9AI score0.02433EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/08/18 5:34 p.m.50 views

CVE-2021-29991

The Mozilla Foundation Security Advisory describes this flaw as: Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3...

8.1CVSS7.7AI score0.00885EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/11 5:20 p.m.50 views

CVE-2021-38202

A flaw was found in Linux kernel. A remote attacker could cause a denial of service attack by sending NFS traffic when trace event framework is being used for nfsd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation...

7.5CVSS1.4AI score0.0319EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/06/21 2:59 p.m.50 views

CVE-2020-28200

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension...

4.3CVSS3.9AI score0.01968EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/06/08 5:44 p.m.50 views

CVE-2021-31957

A flaw was found in dotnet. The way client disconnects are handled can allow a remote, unauthenticated attacker to exploit this vulnerability to cause a denial of service against an ASP.NET Core application. The highest threat from this vulnerability is to system availability...

7.5CVSS3AI score0.05138EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/05/19 12:27 a.m.50 views

CVE-2021-29623

There's a flaw in exiv2's isWebPType function. An attacker who submits a crafted file to be processed by an application linked with exiv2 could trigger an out-of-bounds read of unitialized memory, saving it to the stack. The great impact of this flaw is most likely to application availability wit...

4.3CVSS3.2AI score0.01104EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/05/11 8:55 p.m.50 views

CVE-2021-31525

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...

5.9CVSS2.3AI score0.03692EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/04/29 11:50 p.m.50 views

CVE-2021-22139

Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all...

6.5CVSS3.9AI score0.00999EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/04/28 7:36 p.m.50 views

CVE-2019-25033

A flaw was found in unbound. An integer overflow in the regional allocator via the ALIGNUP macro may lead to a buffer overflow if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

9.8CVSS4AI score0.01783EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/03/30 10:27 a.m.50 views

CVE-2021-3456

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denia...

7.1CVSS2.9AI score0.00194EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/03/21 12:38 a.m.50 views

CVE-2019-9513

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability. Mitigation Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections...

7.8CVSS0.7AI score0.82017EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2021/03/02 6:3 p.m.50 views

CVE-2020-14372

A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdown variable content direct...

7.5CVSS7.2AI score0.01738EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/03/01 3:40 p.m.50 views

CVE-2021-26701

A remote code execution vulnerability was found in dotnet in the System.Text.Encodings.Web package, caused by a buffer overrun. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

9.8CVSS3.7AI score0.30315EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/12/17 2:11 a.m.50 views

CVE-2020-29511

A flaw was found in go. Encoding and decoding of XML elements could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on element integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SAML a...

10CVSS2AI score0.04872EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2020/11/24 10:51 a.m.50 views

CVE-2020-25669

A vulnerability was found in the Linux Kernel where the function sunkbdreinit having been scheduled by sunkbdinterrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbddisconnect, there is still an alias in sunkbdreinit causing Use After Free...

7.8CVSS2.1AI score0.00627EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/10/23 8:5 p.m.50 views

CVE-2020-27673

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate of events to dom0, aka CID-e99502f76271...

5.5CVSS5.9AI score0.0041EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/10/22 2:4 p.m.50 views

CVE-2020-3996

Velero prior to 1.4.3 and 1.5.2 in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users...

5.5CVSS3.8AI score0.00345EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/09/22 6:39 p.m.50 views

CVE-2020-25597

A logic flaw was found in the handling of event channel operations in Xen. Operations such as resetting all event channels may involve decreasing one of the bounds checked when determining validity. This flaw allows an unprivileged guest to crash Xen, leading to a denial of service DoS for the...

6.5CVSS0.4AI score0.00358EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/09/10 7:0 p.m.50 views

CVE-2020-25220

A flaw was found in the Linux kernel. The cgroups feature is affected by a use-after-free memory flaw that was not considered during the backport for CVE-2020-14356. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.2CVSS7.3AI score0.00965EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/08/24 1:4 p.m.50 views

CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...

5CVSS2.6AI score0.05447EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2020/06/23 3:25 p.m.50 views

CVE-2020-7656

A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "...

4.3CVSS2.5AI score0.06273EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2020/06/02 5:53 p.m.50 views

CVE-2020-8167

A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity...

5CVSS7.7AI score0.04397EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2020/06/01 6:20 p.m.50 views

CVE-2020-13754

An out-of-bounds access flaw was found in the Message Signalled Interrupt MSI-X device support of QEMU. This issue occurs while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user or process may use this flaw to crash the QEMU process resulting in ...

4.6CVSS3.4AI score0.00421EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/04/28 5:40 p.m.50 views

CVE-2020-11762

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. Mitigation Mitigation for this issue is either not available or the currently available options do not meet th...

5.5CVSS1.9AI score0.01807EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/04/09 10:11 a.m.50 views

CVE-2019-14821

An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...

8.8CVSS3.7AI score0.00763EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/04/09 10:6 a.m.50 views

CVE-2019-0154

A flaw was found in Intel graphics hardware GPU where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected display...

6.5CVSS1AI score0.00646EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/04/09 7:12 a.m.50 views

CVE-2018-3665

A Floating Point Unit FPU state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker cou...

5.6CVSS2AI score0.00611EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/07 5:14 p.m.50 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS5.8AI score0.0544EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/04/03 9:1 p.m.50 views

CVE-2020-1934

A flaw was found in Apache's HTTP server httpd .The modproxyftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality...

5.3CVSS6.6AI score0.51951EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/04/03 2:11 p.m.50 views

CVE-2020-7065

A vulnerability was found in PHP while using the mbstrtolower function with UTF-32LE encoding, where certain invalid strings cause PHP to overwrite the stack-allocated buffer. This flaw leads to memory corruption, crashes, and potential code execution...

8.8CVSS3.3AI score0.04764EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2020/04/03 2:9 a.m.50 views

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

7.7CVSS1.7AI score0.01984EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/03/31 8:38 a.m.50 views

CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations...

9.8CVSS6.2AI score0.0606EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/02/11 10:44 p.m.50 views

CVE-2020-6800

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws...

8.8CVSS2.4AI score0.02274EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/02/06 5:44 p.m.50 views

CVE-2020-5398

A flaw was found in springframework in versions prior to 5.0.16, 5.1.13, and 5.2.3. A reflected file download RFD attack is possible when a "Content-Disposition" header is set in response to where the filename attribute is derived from user supplied input. The highest threat from this vulnerabili...

8CVSS4.4AI score0.88077EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2020/01/07 9:28 p.m.50 views

CVE-2018-1120

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

5.3CVSS2.9AI score0.07291EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2019/12/11 12:21 a.m.50 views

CVE-2019-1349

An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice...

9.3CVSS1.5AI score0.34007EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/12/10 11:51 a.m.50 views

CVE-2019-19449

An out of bounds OOB memory access flaw was found in the Linux kernel's F2FS file system. A local attacker could use this vulnerability to crash the system or leak kernel internal information. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not bee...

7.8CVSS1.6AI score0.02014EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2019/11/21 11:7 a.m.50 views

CVE-2019-19045

A flaw was found in the Linux kernel. The Mellanox Technologies Innova driver mishandles resource cleanup on error. An attacker, able to trigger error could use this flaw to crash the system. The highest threat from this vulnerability is to system availability. Mitigation In order to mitigate thi...

4.9CVSS0.9AI score0.00556EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/11/18 2:37 p.m.50 views

CVE-2019-10172

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity XXE vulnerability affects codehaus's jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity...

9.8CVSS3AI score0.17044EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/11/10 3:10 p.m.50 views

CVE-2019-10211

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory...

9.8CVSS6.2AI score0.01866EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/11/08 4:20 a.m.50 views

CVE-2017-3511

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

7.7CVSS1.6AI score0.00759EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2019/11/04 4:10 p.m.50 views

CVE-2019-1125

A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel. Mitigation For mitigation related information, please refer to the Red Hat Knowledgebase artic...

5.9CVSS0.5AI score0.04521EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2019/10/20 12:7 p.m.50 views

CVE-2018-13405

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...

7.8CVSS3AI score0.0101EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2019/10/10 11:37 p.m.50 views

CVE-2017-11600

The xfrmmigrate function in the net/xfrm/xfrmpolicy.c file in the Linux kernel built with CONFIGXFRMMIGRATE does not verify if the dir parameter is less than XFRMPOLICYMAX. This allows a local attacker to cause a denial of service out-of-bounds access or possibly have unspecified other impact by...

7CVSS5AI score0.00406EPSS
Exploits0References1
Total number of security vulnerabilities5000