Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2024/06/27 4:23 a.m.•47 views

CVE-2024-39459

A vulnerability was found in the Jenkins Plain Credentials Plugin, which stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system. Users with access to the Jenkins controller file system global credentials or with Item/Extended Read permission...

6.5CVSS6.3AI score0.00419EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/06/20 1:27 p.m.•47 views

CVE-2021-4439

In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr-cnr to avoid array index out of bound The cmtpaddconnection would add a cmtp session to a controller and run a kernel thread to process cmtp. modulegetTHISMODULE; session-task = kthreadruncmtpsession, sessio...

5.1CVSS6.6AI score0.00235EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/06/14 7:12 a.m.•47 views

CVE-2024-23443

A flaw was found in Kibana. A high-privileged user, allowed to create custom osquery packs, could affect the availability of Kibana by uploading a maliciously crafted osquery pack...

4.9CVSS6.9AI score0.01764EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/05/03 9:27 p.m.•47 views

CVE-2022-48692

This is a vulnerability identified in the Linux kernel's RDMA Remote Direct Memory Access subsystem, specifically within the SCSI RDMA Protocol SRP driver. The issue arises from a NULL pointer dereference that can occur during certain operations, leading to potential system crashes or unexpected...

5.5CVSS6.8AI score0.00225EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/17 1:0 p.m.•47 views

CVE-2023-6544

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic...

5.4CVSS6.7AI score0.01075EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/03/21 12:28 a.m.•47 views

CVE-2024-22025

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...

6.5CVSS5.2AI score0.01309EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/03/08 3:17 p.m.•47 views

CVE-2021-42373

A flaw was found in BusyBox where it did not properly sanitize certain page arguments, leading to a denial of service. The highest threat from this vulnerability is to system availability...

5.5CVSS7.1AI score0.00377EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/04 5:26 p.m.•47 views

CVE-2023-52566

A use after free flaw was found in nilfsgccachesubmitreaddata in the Linux kernel. This may result in a crash...

5.5CVSS6AI score0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/23 3:2 a.m.•47 views

CVE-2024-26146

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Mitigation No mitigati...

5.3CVSS6.7AI score0.01996EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/20 9:19 a.m.•47 views

CVE-2022-48624

A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...

7CVSS7.1AI score0.01059EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/04 3:23 p.m.•47 views

CVE-2023-6270

A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function improperly updates the refcnt on struct netdevice, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to...

7CVSS7.2AI score0.0041EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/20 11:10 a.m.•47 views

CVE-2023-49083

A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "loadpempkcs7certificates" or "loadderpkcs7certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service DoS for any...

7.5CVSS6.5AI score0.00985EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2023/11/17 10:16 a.m.•47 views

CVE-2023-44446

A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution. Mitigation Mitigation for this issue is either not available or the currently...

8.8CVSS6.3AI score0.01744EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/16 7:16 p.m.•47 views

CVE-2023-41699

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server, Micro and Embedded Servlet Implementation modules allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.4...

6.1CVSS6.2AI score0.00407EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/07 2:38 p.m.•47 views

CVE-2023-47004

An out-of-bounds write flaw was found in RedisGraph, a module for the Redis server, due to improper code logic after a valid authentication. This issue may lead to arbitrary code execution...

7.5CVSS7.2AI score0.01043EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/11/02 1:48 p.m.•47 views

CVE-2023-5764

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data...

7.1CVSS7.5AI score0.00539EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/30 11:28 a.m.•47 views

CVE-2023-46246

Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function gagrowinner in in the file src/alloc.c at line 748, which is freed in the file src/exdocmd.c in the function docmdline at line 1010 and then used again in src/cmdhist.c at line 759...

4CVSS5.6AI score0.00366EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/10/26 6:28 p.m.•47 views

CVE-2023-46316

A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of...

5.5CVSS6.5AI score0.00367EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2023/10/11 11:12 a.m.•47 views

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.8AI score0.01151EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/09/27 4:54 p.m.•47 views

CVE-2023-5236

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

4.4CVSS6.5AI score0.0089EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/25 6:55 p.m.•47 views

CVE-2023-41419

A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges. Mitigation Mitigation for this issue is either not availabl...

9.1CVSS9.3AI score0.01334EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/09/12 7:54 p.m.•47 views

CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS8.8AI score0.01884EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/08/23 9:22 p.m.•47 views

CVE-2022-47011

A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability...

5.5CVSS5.5AI score0.00403EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/22 4:53 p.m.•47 views

CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.2CVSS8.3AI score0.01855EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/22 7:19 a.m.•47 views

CVE-2023-32006

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Mitigation Mitigation for this issue is either not available or the currentl...

7.1CVSS9.2AI score0.01273EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/03 7:48 a.m.•47 views

CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

6CVSS7.2AI score0.00234EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/08/01 10:48 a.m.•47 views

CVE-2022-40609

A flaw was found in IBM SDK, Java Technology Edition, which could allow a remote attacker to execute arbitrary code on the system caused by an unsafe deserialization flaw. An attacker could exploit this vulnerability by sending specially-crafted data to execute arbitrary code on the system...

8.1CVSS7.6AI score0.01827EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/19 11:7 a.m.•47 views

CVE-2023-25399

A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a memory leak flaw in the PyFindObjects function due to a new reference not being decreased. This flaw allows a local attacker to send a specially crafted request, forcing the application to leak memory and perform...

5.5CVSS5.1AI score0.00385EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/07/19 5:3 a.m.•47 views

CVE-2023-2975

A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can...

5.3CVSS6.8AI score0.00525EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/14 5:49 a.m.•47 views

CVE-2023-29331

A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates...

7.5CVSS7.3AI score0.02627EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/06/12 9:35 p.m.•47 views

CVE-2023-3141

A use-after-free flaw was found in r592remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This issue may allow a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. Mitigation Mitigation for this issue is either not...

6.4CVSS7AI score0.00437EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/10 6:21 a.m.•47 views

CVE-2023-32205

The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks...

7.5CVSS7AI score0.00631EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/05/05 8:51 a.m.•47 views

CVE-2023-2203

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of...

8.8CVSS8.6AI score0.27076EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/04 6:26 p.m.•47 views

CVE-2023-0458

A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the doprlimit function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. Mitigation...

4.7CVSS6AI score0.0072EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/25 4:51 p.m.•47 views

CVE-2023-29552

.The Service Location Protocol SLP is vulnerable to an attack through UDP The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However, SLP is vulnerable to a reflective denial of service amplification attack through UD...

7.5CVSS7.2AI score0.65873EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/04/13 5:0 p.m.•47 views

CVE-2022-20572

A flaw was found in the Linux kernel, where it is possible to modify read-only files due to a missing permission check. This flaw can lead to local privilege escalation...

6.7CVSS6.4AI score0.00485EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/04/12 6:30 a.m.•47 views

CVE-2023-29532

The Mozilla Foundation Security Advisory describes this flaw as: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/11 4:56 a.m.•47 views

CVE-2021-46877

A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

7.5CVSS7AI score0.01124EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/03/30 9:14 a.m.•47 views

CVE-2023-23003

A NULL pointer dereference flaw was found in the Linux kernel’s Linux performance measurement and analysis tool. This flaw allows a local user to crash the system...

4CVSS6.9AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/24 1:7 p.m.•47 views

CVE-2023-0836

A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGIBEGINREQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and us...

7.5CVSS6.7AI score0.01201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/24 1:7 p.m.•47 views

CVE-2022-3636

A vulnerability was found in Linux Kernel. This affects the mtkppecheckskb function in the drivers/net/ethernet/mediatek/mtkppe.c file in the Ethernet Handler component. This manipulation can lead to use after free issue...

7.8CVSS7.4AI score0.00325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/21 1:13 p.m.•47 views

CVE-2023-27535

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic...

5.9CVSS8.4AI score0.01607EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/14 3:19 p.m.•47 views

CVE-2023-1390

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipclinkxmit hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization...

7.5CVSS6.9AI score0.05095EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/13 6:13 p.m.•47 views

CVE-2022-2503

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

6.9CVSS2.7AI score0.0035EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/13 8:43 a.m.•47 views

CVE-2023-27901

A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

7.5CVSS7.4AI score0.46836EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/13 8:12 a.m.•47 views

CVE-2023-27899

A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator’s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in...

7CVSS7.2AI score0.00233EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/09 12:15 a.m.•47 views

CVE-2023-1264

A NULL pointer dereference vulnerability was discovered in vim's utfcptr2len function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes a...

5.5CVSS5.8AI score0.00426EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/01 5:29 a.m.•47 views

CVE-2022-36021

A vulnerability was found in Redis. This flaw allows an authenticated to use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial of service attack on Redis, causing it to hang and consume 100% of CPU time...

5.5CVSS5.7AI score0.59706EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/22 4:59 a.m.•47 views

CVE-2022-38779

An open redirect flaw was found in Kibana. This issue can lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL...

6.1CVSS6.2AI score0.00513EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/21 4:29 p.m.•47 views

CVE-2023-23936

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection...

6.5CVSS6.7AI score0.01129EPSS
Exploits1References3
Total number of security vulnerabilities5000