Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2017/08/15 12:49 p.m.•49 views

CVE-2017-12134

The xenbiovecphysmergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability...

8.8CVSS5.8AI score0.00497EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2017/04/20 6:20 a.m.•49 views

CVE-2017-5432

A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

7.5CVSS3.6AI score0.0318EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2017/02/03 12:49 p.m.•49 views

CVE-2016-10159

Integer overflow in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory consumption or application crash via a truncated manifest entry in a PHAR archive...

7.5CVSS5.9AI score0.07618EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/12/21 3:18 p.m.•49 views

CVE-2016-8743

It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a...

7.5CVSS2.4AI score0.13252EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/01/25 9:16 a.m.•48 views

CVE-2026-1103

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...

5.4CVSS5.5AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/01/09 9:31 a.m.•48 views

CVE-2023-25572

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

5.4CVSS5.4AI score0.00694EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/01/07 9:33 a.m.•48 views

CVE-2019-7711

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the user controlled shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses...

7.5CVSS6.8AI score0.01499EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/01/07 9:18 a.m.•48 views

CVE-2025-1188

A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched...

9.8CVSS7.3AI score0.00484EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/07/16 8:58 p.m.•48 views

CVE-2025-53820

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the index.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...

6.5CVSS6AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/03/02 1:24 p.m.•48 views

CVE-2025-22272

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...

2.1CVSS6.4AI score0.00427EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/07/17 9:23 a.m.•48 views

CVE-2024-21140

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

4.8CVSS5.8AI score0.00879EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/05/22 11:26 a.m.•48 views

CVE-2024-27834

A vulnerability was found in Webkit. This flaw allows an attacker with arbitrary read and write capability to bypass pointer authentication. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising...

8.8CVSS8AI score0.00603EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/09 2:55 p.m.•48 views

CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

8.3CVSS6.7AI score0.01279EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/05/09 4:53 a.m.•48 views

CVE-2024-24788

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions. Mitigation...

7.5CVSS7.4AI score0.01001EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/06 2:55 p.m.•48 views

CVE-2023-31346

A flaw was found in some AMD CPUs where the guest message responses have not been zero-initialized. This issue may allow a local attacker with the ability to run arbitrary code on a container or virtual machine to discover sensitive information contained in the host system's memory. Mitigation...

4.4CVSS5.4AI score0.00309EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/17 8:59 p.m.•48 views

CVE-2024-26919

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpiunregisterinterface tries to remove a debugfs directory named after the ulpi device itself. This results in t...

5.5CVSS6.8AI score0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/04 1:3 a.m.•48 views

CVE-2024-26778

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although...

5.5CVSS6.6AI score0.00271EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/29 3:50 p.m.•48 views

CVE-2023-52629

A vulnerability was found in the push-switch driver of Linux Kernel due to improper cleanup sequence in switchdrvremove. Originally, flushwork was placed before timershutdownsync, allowing the worker to potentially be rescheduled in switchtimer and causing a use-after-free bug. Mitigation Red Hat...

5.5CVSS6.4AI score0.00242EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/21 9:43 p.m.•48 views

CVE-2024-29180

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

7.4CVSS7.2AI score0.01199EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/02/29 5:2 p.m.•48 views

CVE-2024-1657

A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of...

8.1CVSS7.4AI score0.00378EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/23 2:2 p.m.•48 views

CVE-2023-52447

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr decreases the...

6.7CVSS6.6AI score0.00248EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/06 1:2 p.m.•48 views

CVE-2024-24855

A race condition vulnerability was found in the Linux kernel's SCSI device driver in the lpfcunregisterfcfrescan function. This issue can result in a NULL pointer dereference issue, possibly leading to a kernel panic or denial of service...

5.1CVSS7.1AI score0.00183EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/31 2:7 p.m.•48 views

CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...

8.2CVSS7.7AI score0.04794EPSS
Exploits8References5
RedhatCVE
RedhatCVE
•added 2024/01/30 5:23 p.m.•48 views

CVE-2021-33630

A NULL pointer dereference flaw was found in the Linux kernel's network scheduler. This issue occurs when offloading is enabled, the cbs instance is not added to the list. The code also incorrectly handles the case when offload is disabled without removing the qdisc. This could allow a local user...

5.5CVSS6.9AI score0.00341EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/24 3:33 p.m.•48 views

CVE-2024-0822

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command...

7.5CVSS7.3AI score0.00708EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/01/19 12:4 p.m.•48 views

CVE-2024-22365

A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with /tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pamnamespace configured will cause the openat in protectdir to...

5.5CVSS5.6AI score0.00455EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/01/18 4:35 a.m.•48 views

CVE-2024-21886

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. Mitigation Mitigation for this issue is either not available or the currently...

7.8CVSS9.4AI score0.0142EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/17 12:6 p.m.•48 views

CVE-2024-20985

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

6.5CVSS6.6AI score0.01104EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/17 3:34 a.m.•48 views

CVE-2023-45233

The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability. Mitigation Mitigation for this issue is...

7.5CVSS7.9AI score0.02084EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2024/01/12 6:30 a.m.•48 views

CVE-2022-48619

A vulnerability was found in drivers/input/input.c in the Linux Kernel, where the inputsetcapability function mishandles scenarios where an event code is outside the bitmap. This issue can lead to a kernel panic when the event code exceeds the bitmap for the specified event type, which could allo...

5.5CVSS7AI score0.00213EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/01/10 5:31 p.m.•48 views

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

6.8CVSS7.2AI score0.00542EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/10 5:2 a.m.•48 views

CVE-2024-21319

A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...

6.8CVSS7.9AI score0.02868EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/05 1:2 a.m.•48 views

CVE-2024-22051

An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. Mitigation Disabling any use of the table extension of cmark-gfm will prevent this vulnerability from being triggered...

7.5CVSS9.7AI score0.0145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/13 11:31 a.m.•48 views

CVE-2023-42890

A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system. Mitigation Mitigation for this issue is either not available or the currently...

8.8CVSS8.9AI score0.03208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/17 10:44 a.m.•48 views

CVE-2023-5676

Eclipse OpenJ9 is vulnerable to a denial of service, caused by a flaw when a shutdown signal SIGTERM, SIGINT or SIGHUP is received before the JVM has finished initializing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause an infinite...

4.1CVSS6.8AI score0.00406EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/06 10:26 a.m.•48 views

CVE-2023-5090

A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Mitigation Mitigation for this issue is either not available or the currently available optio...

6CVSS6.7AI score0.00234EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/24 3:27 a.m.•48 views

CVE-2023-42794

A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be delete...

5.9CVSS7AI score0.01854EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/23 2:1 p.m.•48 views

CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS6.5AI score0.00461EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/16 4:49 p.m.•48 views

CVE-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

9.8CVSS7AI score0.01819EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/04 7:54 p.m.•48 views

CVE-2023-43665

An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs...

7.5CVSS6.8AI score0.01236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/23 9:45 p.m.•48 views

CVE-2022-45703

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function displaydebugsection in file readelf.c...

7.8CVSS7.4AI score0.00513EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/23 7:15 p.m.•48 views

CVE-2020-19724

A memory consumption issue was identified in binutils in getdata function in nm.c file. This flaws could allow attackers to cause a denial of service via crafted command...

5.5CVSS5.4AI score0.00275EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/04 7:49 a.m.•48 views

CVE-2023-4135

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can ...

6CVSS6.7AI score0.00409EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/02 7:51 a.m.•48 views

CVE-2023-4045

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy...

7.5CVSS6.5AI score0.00527EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/07/25 4:47 a.m.•48 views

CVE-2023-3637

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

4.3CVSS6.1AI score0.01056EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/09 9:47 a.m.•48 views

CVE-2023-3567

A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. Mitigation Mitigation for this issue is either not available or the current...

7.1CVSS6.9AI score0.00455EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/16 9:44 a.m.•48 views

CVE-2023-3268

An out-of-bounds OOB memory access flaw was found in the Linux kernel in relayfilereadstartpos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information. Mitigation Mitigation for this issue is either not available or the currently...

6CVSS6.9AI score0.00469EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/14 2:15 p.m.•48 views

CVE-2023-20867

A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity...

3.9CVSS5.1AI score0.13638EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/06/13 6:35 a.m.•48 views

CVE-2023-1428

A flaw was found in the gRPC library. Affected versions of this package are vulnerable to a reachable assertion, causing the abort function to be called and resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/06 7:55 a.m.•48 views

CVE-2023-34432

A heap buffer overflow vulnerability was found in sox, in the lsxreadbuf function at sox/src/formatsi.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure...

7.8CVSS7.4AI score0.00386EPSS
Exploits1References3
Total number of security vulnerabilities5000