Lucene search
K
RedhatcveMost viewed

206336 matches found

RedhatCVE
RedhatCVE
•added 2024/01/17 12:6 p.m.•48 views

CVE-2024-20985

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

6.5CVSS6.6AI score0.01104EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/17 3:34 a.m.•48 views

CVE-2023-45233

The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability. Mitigation Mitigation for this issue is...

7.5CVSS7.9AI score0.02084EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2024/01/12 6:30 a.m.•48 views

CVE-2022-48619

A vulnerability was found in drivers/input/input.c in the Linux Kernel, where the inputsetcapability function mishandles scenarios where an event code is outside the bitmap. This issue can lead to a kernel panic when the event code exceeds the bitmap for the specified event type, which could allo...

5.5CVSS7AI score0.00213EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/01/10 5:31 p.m.•48 views

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

6.8CVSS7.2AI score0.00542EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/10 5:2 a.m.•48 views

CVE-2024-21319

A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...

6.8CVSS7.9AI score0.02868EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/04 3:23 p.m.•48 views

CVE-2023-6270

A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function improperly updates the refcnt on struct netdevice, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to...

7CVSS7.2AI score0.0041EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/20 11:10 a.m.•48 views

CVE-2023-49083

A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "loadpempkcs7certificates" or "loadderpkcs7certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service DoS for any...

7.5CVSS6.5AI score0.00985EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2023/11/17 10:16 a.m.•48 views

CVE-2023-44446

A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution. Mitigation Mitigation for this issue is either not available or the currently...

8.8CVSS6.3AI score0.01744EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/02 1:48 p.m.•48 views

CVE-2023-5764

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data...

7.1CVSS7.5AI score0.00539EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/26 6:28 p.m.•48 views

CVE-2023-46316

A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of...

5.5CVSS6.5AI score0.00367EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2023/08/23 9:22 p.m.•48 views

CVE-2022-47011

A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability...

5.5CVSS5.5AI score0.00403EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/23 7:15 p.m.•48 views

CVE-2020-19724

A memory consumption issue was identified in binutils in getdata function in nm.c file. This flaws could allow attackers to cause a denial of service via crafted command...

5.5CVSS5.4AI score0.00275EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/22 7:19 a.m.•48 views

CVE-2023-32006

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Mitigation Mitigation for this issue is either not available or the currentl...

7.1CVSS9.2AI score0.01273EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/04 7:49 a.m.•48 views

CVE-2023-4135

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can ...

6CVSS6.7AI score0.00409EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/19 11:7 a.m.•48 views

CVE-2023-25399

A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a memory leak flaw in the PyFindObjects function due to a new reference not being decreased. This flaw allows a local attacker to send a specially crafted request, forcing the application to leak memory and perform...

5.5CVSS5.1AI score0.00385EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/06/16 9:44 a.m.•48 views

CVE-2023-3268

An out-of-bounds OOB memory access flaw was found in the Linux kernel in relayfilereadstartpos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information. Mitigation Mitigation for this issue is either not available or the currently...

6CVSS6.9AI score0.00469EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/13 6:35 a.m.•48 views

CVE-2023-1428

A flaw was found in the gRPC library. Affected versions of this package are vulnerable to a reachable assertion, causing the abort function to be called and resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/10 6:21 a.m.•48 views

CVE-2023-32205

The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks...

7.5CVSS7AI score0.00631EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/04/12 6:30 a.m.•48 views

CVE-2023-29532

The Mozilla Foundation Security Advisory describes this flaw as: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/05 6:17 a.m.•48 views

CVE-2023-1855

A use-after-free flaw was found in xgenehwmonremove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver xgene-hwmon. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. Mitigation This flaw can ...

6.4CVSS6.3AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/03 7:13 p.m.•48 views

CVE-2022-3509

A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection...

5.3CVSS7.3AI score0.00567EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/30 9:22 a.m.•48 views

CVE-2023-26545

A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code...

4.7CVSS6.6AI score0.00331EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/30 9:14 a.m.•48 views

CVE-2023-23003

A NULL pointer dereference flaw was found in the Linux kernel’s Linux performance measurement and analysis tool. This flaw allows a local user to crash the system...

4CVSS6.9AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/15 5:13 a.m.•48 views

CVE-2022-41725

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

7.5CVSS8.2AI score0.01231EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/03/14 10:43 a.m.•49 views

CVE-2023-1382

A data race flaw was found in the Linux kernel, between where con is allocated and con-sock is set. This issue leads to a NULL pointer dereference when accessing con-sock-sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. Mitigation This flaw can be mitigated by preventing the...

5.5CVSS5.7AI score0.00184EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/22 4:59 a.m.•48 views

CVE-2022-38779

An open redirect flaw was found in Kibana. This issue can lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL...

6.1CVSS6.2AI score0.00513EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/22 4:59 a.m.•48 views

CVE-2022-38778

A flaw was found in one of Kibana’s third-party dependencies. This issue could allow an authenticated user to perform a request that crashes the Kibana server process...

6.5CVSS6.1AI score0.0088EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/16 12:29 a.m.•48 views

CVE-2023-23934

A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a...

2.6CVSS5.9AI score0.00507EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/02/02 6:7 a.m.•48 views

CVE-2023-0634

An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command...

3.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
•added 2023/01/30 8:5 p.m.•48 views

CVE-2022-3534

A use-after-free flaw was found in btfdumpnamedups in tools/lib/bpf/btfdump.c in libbpf in the Linux Kernel. This issue occurs because the key stored in the hash table namemap is a string address, and the string memory is allocated by realloc function. When the memory is resized by realloc later,...

8CVSS7.1AI score0.00535EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/26 2:35 p.m.•48 views

CVE-2022-44566

A flaw was found in the rubygem-activerecord. RubyGem's ActiveRecord is vulnerable to a denial of service caused by a flaw in the PostgreSQL adapter. By sending a specially-crafted request, a remote attacker can cause a slow sequential scan, resulting in a denial of service...

7.5CVSS3.4AI score0.01265EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/19 4:4 a.m.•48 views

CVE-2022-41721

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulat...

7.5CVSS0.7AI score0.01814EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2023/01/16 4:35 p.m.•48 views

CVE-2022-3526

A flaw was found in macvlanhandleframe in drivers/net/macvlan.c in skb in the Linux Kernel. This issue may allow an attacker on the network to cause a memory leak problem. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat Product...

7.5CVSS1.8AI score0.00914EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/05 6:35 p.m.•48 views

CVE-2022-40897

A flaw was found in Python Setuptools due to a regular expression Denial of Service ReDoS present in packageindex.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page...

5.9CVSS5.9AI score0.02617EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/12/12 5:4 p.m.•48 views

CVE-2022-3591

Use After Free in GitHub repository vim/vim prior to 9.0.0789. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

7.8CVSS8.6AI score0.00373EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/22 7:56 p.m.•48 views

CVE-2022-3910

A use-after-free flaw was found in the iouring subsystem of the Linux kernel. When iomsgring was invoked with a fixed file, it called iofputfile which improperly decreased its reference count. This could allow a local user to crash the system or escalate their privileges on the system...

7CVSS3.1AI score0.01006EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2022/10/21 5:17 p.m.•48 views

CVE-2022-3644

A flaw exists in the collection remote for pulpansible, where tokens are stored in plaintext instead of using pulp's encrypted field. This flaw allows an attacker with sufficient privileges to read the stored tokens, resulting in the loss of confidentiality...

4.1CVSS4.9AI score0.00276EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/10/19 9:47 a.m.•48 views

CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS2.3AI score0.01401EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/18 11:40 a.m.•48 views

CVE-2022-40150

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...

7.5CVSS3.8AI score0.01256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/18 10:10 a.m.•48 views

CVE-2022-3577

An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS4AI score0.00242EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2022/09/28 5:18 p.m.•48 views

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

7.1CVSS5AI score0.00433EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/26 6:19 a.m.•48 views

CVE-2022-38749

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service...

6.5CVSS4.3AI score0.01583EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/21 6:10 p.m.•48 views

CVE-2022-3262

A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability...

8.1CVSS4.2AI score0.00716EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/15 8:13 p.m.•48 views

CVE-2021-25642

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...

7.5CVSS3.4AI score0.0182EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/13 12:55 p.m.•48 views

CVE-2022-39028

A flaw was found in MIT krb5-appl, where it has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. The telnetd application would crash in a typical installation, but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short ti...

7.5CVSS0.8AI score0.01657EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/09/08 12:18 a.m.•48 views

CVE-2022-27664

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

6.5CVSS7.5AI score0.02513EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/09/01 2:58 p.m.•48 views

CVE-2022-39046

A flaw was found in the glibc package. If the Syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...

5.3CVSS2.1AI score0.01567EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2022/08/31 9:54 p.m.•48 views

CVE-2021-33452

An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasmmalloc in nasmlib/alloc.c...

5.5CVSS3AI score0.0032EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/08/30 8:15 p.m.•48 views

CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...

6.5CVSS2.5AI score0.00939EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/08/19 4:38 a.m.•48 views

CVE-2022-30954

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

6.5CVSS2.3AI score0.00782EPSS
Exploits0References4
Total number of security vulnerabilities5000