Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2024/05/06 2:55 p.m.•49 views

CVE-2023-31346

A flaw was found in some AMD CPUs where the guest message responses have not been zero-initialized. This issue may allow a local attacker with the ability to run arbitrary code on a container or virtual machine to discover sensitive information contained in the host system's memory. Mitigation...

4.4CVSS5.4AI score0.00309EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/18 4:7 p.m.•49 views

CVE-2024-26921

In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass skb-sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be...

5.5CVSS7.2AI score0.0038EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/02/23 2:6 p.m.•49 views

CVE-2024-26593

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once...

4.4CVSS7AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/13 6:30 p.m.•49 views

CVE-2024-21404

A denial of service vulnerability exists in .NET applications with OpenSSL support when parsing X509 certificates. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service DoS attack by providing specially crafte...

7.5CVSS7AI score0.02707EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/06 1:2 p.m.•49 views

CVE-2024-24855

A race condition vulnerability was found in the Linux kernel's SCSI device driver in the lpfcunregisterfcfrescan function. This issue can result in a NULL pointer dereference issue, possibly leading to a kernel panic or denial of service...

5.1CVSS7.1AI score0.00184EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/30 5:23 p.m.•49 views

CVE-2021-33630

A NULL pointer dereference flaw was found in the Linux kernel's network scheduler. This issue occurs when offloading is enabled, the cbs instance is not added to the list. The code also incorrectly handles the case when offload is disabled without removing the qdisc. This could allow a local user...

5.5CVSS6.9AI score0.00341EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/24 3:33 p.m.•49 views

CVE-2024-0822

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command...

7.5CVSS7.3AI score0.00708EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/01/11 11:52 a.m.•49 views

CVE-2024-0232

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service...

4.7CVSS6.4AI score0.00343EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/01/05 1:2 a.m.•49 views

CVE-2024-22051

An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. Mitigation Disabling any use of the table extension of cmark-gfm will prevent this vulnerability from being triggered...

7.5CVSS9.7AI score0.0145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/04 3:23 p.m.•49 views

CVE-2023-6270

A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function improperly updates the refcnt on struct netdevice, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to...

7CVSS7.2AI score0.0041EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/13 11:31 a.m.•49 views

CVE-2023-42890

A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system. Mitigation Mitigation for this issue is either not available or the currently...

8.8CVSS8.9AI score0.03208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/08 7:57 a.m.•49 views

CVE-2023-6606

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Mitigation To mitigate this issue, prevent module cifs from being loaded. Please see...

7.1CVSS6.9AI score0.00526EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/11/17 10:44 a.m.•49 views

CVE-2023-5676

Eclipse OpenJ9 is vulnerable to a denial of service, caused by a flaw when a shutdown signal SIGTERM, SIGINT or SIGHUP is received before the JVM has finished initializing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause an infinite...

4.1CVSS6.8AI score0.00406EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/06 10:26 a.m.•49 views

CVE-2023-5090

A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Mitigation Mitigation for this issue is either not available or the currently available optio...

6CVSS6.7AI score0.00234EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/03 4:56 p.m.•49 views

CVE-2023-44271

A flaw was found in Pillow. A denial of service issue uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for TrueType in ImageFont when text length in an ImageDraw instance operates on a long text argument...

7.5CVSS7.2AI score0.01038EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/24 3:27 a.m.•49 views

CVE-2023-42794

A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be delete...

5.9CVSS7AI score0.01854EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/16 4:49 p.m.•49 views

CVE-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

9.8CVSS7AI score0.01819EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/12 1:12 a.m.•49 views

CVE-2023-37536

An integer overflow exists in xerces-c++. This flaw allows an attacker using a specially crafted HTTP request payload to trigger an out-of-bounds read, resulting in a loss of confidentiality, integrity, and availability. Mitigation Mitigation for this issue is either not available or the currentl...

8.8CVSS8.6AI score0.01381EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/11 11:12 a.m.•49 views

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.8AI score0.01151EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/04 7:54 p.m.•49 views

CVE-2023-43665

An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs...

7.5CVSS6.8AI score0.01236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/27 6:54 a.m.•49 views

CVE-2023-5176

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs are present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these cou...

9.8CVSS7.3AI score0.01233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/06 6:35 p.m.•49 views

CVE-2023-4622

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

6.6CVSS7.2AI score0.00549EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/08/31 1:30 a.m.•49 views

CVE-2023-26048

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS4.8AI score0.0326EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/28 4:47 p.m.•49 views

CVE-2020-18781

A vulnerability was found in audiofile, where heap buffer overflow vulnerability was discovered in FilePOSIX::read in File.cpp leads to denial of service via a crafted wav file, this bug can be triggered by the executable sfconvert...

5.5CVSS5.7AI score0.00264EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/23 9:45 p.m.•49 views

CVE-2022-47673

An issue was discovered in Binutils addr2line before 2.39.3, function parsemodule contains multiple out of bound reads which may cause a denial of service or other unspecified impacts...

7.8CVSS6.9AI score0.00434EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/23 9:45 p.m.•49 views

CVE-2022-45703

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function displaydebugsection in file readelf.c...

7.8CVSS7.4AI score0.00513EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/02 7:51 a.m.•49 views

CVE-2023-4045

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy...

7.5CVSS6.5AI score0.00527EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/07/25 4:47 a.m.•49 views

CVE-2023-3637

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

4.3CVSS6.1AI score0.01056EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/09 9:47 a.m.•49 views

CVE-2023-3567

A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. Mitigation Mitigation for this issue is either not available or the current...

7.1CVSS6.9AI score0.00455EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/05 10:26 a.m.•49 views

CVE-2023-1295

A time-of-check to time-of-use flaw was found in the iouring subsystem's IORINGOPCLOSE operation in the Linux kernel. This flaw allows a local user to elevate their privileges to root...

7.8CVSS6.7AI score0.00218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/14 2:15 p.m.•49 views

CVE-2023-20867

A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity...

3.9CVSS5.1AI score0.13638EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/06/13 3:35 p.m.•49 views

CVE-2023-2801

A flaw was found in grafana. This issue occurs when sending an API call to the /ds/query or public dashboard query endpoint that has mixed queries, such as having two or more distinct data sources in one API call. As a result, the Grafana instance will crash. Currently, the only feature that uses...

7.5CVSS6.7AI score0.00745EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/23 3:10 p.m.•49 views

CVE-2023-20883

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...

7.5CVSS6.6AI score0.00904EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/04/05 6:17 a.m.•49 views

CVE-2023-1855

A use-after-free flaw was found in xgenehwmonremove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver xgene-hwmon. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. Mitigation This flaw can ...

6.4CVSS6.3AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/13 8:42 a.m.•49 views

CVE-2023-27898

A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting XSS...

8.8CVSS5.9AI score0.0184EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/02 12:29 p.m.•49 views

CVE-2022-27672

A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure. Mitigation The current mitigations for spectre V4 or spectrev2 should mitiga...

4.7CVSS6.4AI score0.00289EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/02/28 6:59 p.m.•49 views

CVE-2022-1438

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting XSS vulnerability...

6.4CVSS0.9AI score0.0066EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/22 4:59 a.m.•49 views

CVE-2022-38778

A flaw was found in one of Kibana’s third-party dependencies. This issue could allow an authenticated user to perform a request that crashes the Kibana server process...

6.5CVSS6.1AI score0.0088EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/02/17 11:57 a.m.•49 views

CVE-2023-23914

A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity...

6.5CVSS7.7AI score0.00858EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/02/15 4:0 p.m.•49 views

CVE-2023-0778

A Time-of-check Time-of-use TOCTOU flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system...

6.8CVSS6.4AI score0.00541EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/07 4:26 a.m.•49 views

CVE-2023-0494

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs...

7.8CVSS8AI score0.00899EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/30 8:5 p.m.•49 views

CVE-2022-3534

A use-after-free flaw was found in btfdumpnamedups in tools/lib/bpf/btfdump.c in libbpf in the Linux Kernel. This issue occurs because the key stored in the hash table namemap is a string address, and the string memory is allocated by realloc function. When the memory is resized by realloc later,...

8CVSS7.1AI score0.00535EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/26 2:35 p.m.•49 views

CVE-2022-44566

A flaw was found in the rubygem-activerecord. RubyGem's ActiveRecord is vulnerable to a denial of service caused by a flaw in the PostgreSQL adapter. By sending a specially-crafted request, a remote attacker can cause a slow sequential scan, resulting in a denial of service...

7.5CVSS3.4AI score0.01265EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/25 4:13 p.m.•49 views

CVE-2022-3094

A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This issue may cause named to slow down due to a lack of free memory, resulting in a denial of service DoS...

6.5CVSS7.2AI score0.13108EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 2:36 p.m.•49 views

CVE-2022-4696

A use-after-free flaw was found in the iouring subsystem of the Linux kernel. This issue occurs during the IORINGOPSPLICE operation due to a missing IOWQWORKFILES flag, leading to an invalid decrease of its reference counter and later causing the use-after-free vulnerability. This flaw allows a...

7.8CVSS4.7AI score0.00407EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/01/05 6:35 p.m.•49 views

CVE-2022-40897

A flaw was found in Python Setuptools due to a regular expression Denial of Service ReDoS present in packageindex.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page...

5.9CVSS5.9AI score0.02617EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/12/25 3:4 p.m.•49 views

CVE-2022-42329

A possible deadlock flaw was found in the Linux kernel’s XEN driver in how some packets generated by a user dropped. This flaw allows a local user to crash the system...

5.5CVSS2.8AI score0.0021EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2022/12/14 11:4 a.m.•49 views

CVE-2022-3996

A vulnerability was found in OpenSSL. This security flaw occurs if an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows, this issue results in a denial of...

5.3CVSS1.9AI score0.0123EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/12 5:4 p.m.•49 views

CVE-2022-3591

Use After Free in GitHub repository vim/vim prior to 9.0.0789. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

7.8CVSS8.6AI score0.00373EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/09 1:34 p.m.•49 views

CVE-2022-41854

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...

6.5CVSS6.6AI score0.01476EPSS
Exploits1References5
Total number of security vulnerabilities5000