Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2023/08/17 7:19 a.m.•46 views

CVE-2023-40338

A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller fi...

4.3CVSS6.5AI score0.00533EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/03 7:48 a.m.•46 views

CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

6CVSS7.2AI score0.00234EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/19 5:3 a.m.•46 views

CVE-2023-2975

A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can...

5.3CVSS6.8AI score0.00525EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/14 5:49 a.m.•46 views

CVE-2023-29331

A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates...

7.5CVSS7.3AI score0.02627EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/06/05 12:35 p.m.•46 views

CVE-2023-32636

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect gli...

6.2CVSS7.7AI score0.00774EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/05/23 10:40 a.m.•46 views

CVE-2022-37599

A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service ReDoS. Mitigation Mitigation for this issue is either not available or the...

7.5CVSS7.1AI score0.0204EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/05/05 8:51 a.m.•46 views

CVE-2023-2203

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of...

8.8CVSS8.6AI score0.27076EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/04 6:26 p.m.•46 views

CVE-2023-0458

A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the doprlimit function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. Mitigation...

4.7CVSS6AI score0.0072EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/25 4:51 p.m.•46 views

CVE-2023-29552

.The Service Location Protocol SLP is vulnerable to an attack through UDP The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However, SLP is vulnerable to a reflective denial of service amplification attack through UD...

7.5CVSS7.2AI score0.65873EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/04/25 2:51 p.m.•46 views

CVE-2020-10661

A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote attacker to bypass security restrictions caused by an issue when the existing nested-path policies may give access to Namespaces created after the fact. By sending a specially crafted request, an attacker can bypa...

9.1CVSS8.6AI score0.01116EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/13 5:0 p.m.•46 views

CVE-2022-20572

A flaw was found in the Linux kernel, where it is possible to modify read-only files due to a missing permission check. This flaw can lead to local privilege escalation...

6.7CVSS6.4AI score0.00485EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/04/11 4:56 a.m.•46 views

CVE-2021-46877

A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

7.5CVSS7AI score0.01124EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/04/07 6:59 p.m.•46 views

CVE-2023-22899

A flaw was found in Zip4j. In this issue, it does not always check the MAC when decrypting a ZIP archive...

5.9CVSS6AI score0.00619EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/03/24 1:7 p.m.•46 views

CVE-2023-0836

A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGIBEGINREQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and us...

7.5CVSS6.7AI score0.01201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/21 1:13 p.m.•46 views

CVE-2023-27535

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic...

5.9CVSS8.4AI score0.01607EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/21 9:43 a.m.•46 views

CVE-2022-26837

A flaw was found in hw. Improper input validation in the BIOS firmware for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access. Mitigation Please contact the hardware vendor for more updates...

7.5CVSS6.6AI score0.00223EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/14 7:32 p.m.•46 views

CVE-2023-0833

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

4.7CVSS8AI score0.00436EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/02/07 11:26 a.m.•46 views

CVE-2023-23517

A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target syste...

8.8CVSS8.7AI score0.00902EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 5:36 a.m.•46 views

CVE-2021-26360

A flaw was found in hw. This flaw allows an attacker with local access to the system to make unauthorized modifications to the security configuration of the SOC registers. This issue could allow potential corruption of the AMD secure processor’s encrypted memory contents, leading to arbitrary cod...

6.4CVSS6.2AI score0.00213EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/19 12:5 p.m.•46 views

CVE-2022-46871

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

8.8CVSS3.5AI score0.00892EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/01/18 8:35 a.m.•46 views

CVE-2023-21843

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

3.7CVSS4.4AI score0.01357EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/26 12:34 p.m.•46 views

CVE-2021-44856

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value...

4.9CVSS2AI score0.00493EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/23 5:35 p.m.•46 views

CVE-2022-47939

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2TREEDISCONNECT...

10CVSS1.9AI score0.46428EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/11/30 2:26 p.m.•46 views

CVE-2022-4139

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. Mitigation Mitigation for this issue is either not...

7CVSS7.2AI score0.00252EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/19 9:47 a.m.•46 views

CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS2.3AI score0.01401EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/18 11:40 a.m.•46 views

CVE-2022-40150

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...

7.5CVSS3.8AI score0.01256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/13 2:30 p.m.•46 views

CVE-2022-38457

A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmwcmdrescheck. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causing a...

5.5CVSS5.9AI score0.0044EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/30 5:19 p.m.•46 views

CVE-2022-39958

A flaw was found in the OWASP ModSecurity Core Rule Set. Repeated payloads with a HTTP range header field with a small byte range allows a response body bypass, resulting in access to restricted resources...

7.3CVSS0.1AI score0.00953EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/13 7:43 p.m.•46 views

CVE-2022-39135

Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...

7.5CVSS9AI score0.01861EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/07 3:36 a.m.•46 views

CVE-2022-3146

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information...

7.3CVSS2.1AI score0.002EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/09/02 5:57 p.m.•46 views

CVE-2021-35097

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrago...

7.3CVSS2.1AI score0.00173EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/30 1:37 p.m.•46 views

CVE-2021-3826

A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlanglname function in d-demangle.c leads to a denial of service...

7.5CVSS3.1AI score0.01089EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/04 11:38 a.m.•46 views

CVE-2022-21509

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

5.5CVSS2.6AI score0.01271EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/03 8:40 a.m.•46 views

CVE-2022-36881

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

8.1CVSS3.2AI score0.00783EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/08/01 5:40 a.m.•46 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS1.1AI score0.00992EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/01 5:39 a.m.•46 views

CVE-2016-3709

A Cross-site scripting XSS vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document...

6.1CVSS2.3AI score0.00764EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/07/08 7:17 p.m.•46 views

CVE-2022-32215

A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle...

6.5CVSS3.4AI score0.68796EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/01 5:56 p.m.•46 views

CVE-2022-24810

A flaw was found in net-snmp. A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference issue...

5.9CVSS2.5AI score0.01146EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/29 12:35 p.m.•46 views

CVE-2022-2200

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

8.8CVSS2.9AI score0.23941EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/06/15 5:34 a.m.•46 views

CVE-2022-23823

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Mitigation For mitigations please refer to the AMD Security Bulletin at...

6.5CVSS6.2AI score0.01044EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/06/14 11:29 a.m.•46 views

CVE-2022-1158

A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...

7.8CVSS3.1AI score0.00385EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/06/08 4:7 p.m.•46 views

CVE-2022-1968

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the utfptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s...

7.8CVSS6.2AI score0.01419EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/06/07 4:26 a.m.•46 views

CVE-2022-1796

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use after free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not recommended t...

7.8CVSS6AI score0.01097EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/29 4:22 p.m.•46 views

CVE-2022-1419

The root cause of this vulnerability is that the ioctl$DRMIOCTLMODEDESTROYDUMB can decrease refcount of drmvgemgemobject created in vgemgemdumbcreate concurrently, and vgemgemdumbcreate will access the freed drmvgemgemobject...

7.8CVSS7.5AI score0.00298EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/25 2:33 p.m.•46 views

CVE-2022-1873

No description is available for this CVE...

1.3AI score0.00763EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/25 2:32 p.m.•46 views

CVE-2022-1864

No description is available for this CVE...

1.3AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/25 8:12 a.m.•46 views

CVE-2022-1882

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS7.3AI score0.00347EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/23 6:50 p.m.•46 views

CVE-2022-1836

A use-after-free vulnerability was found in drivers/block/floppy.c in the floppy driver module in the Linux kernel between rawcmdioctl and seekinterrupt. This flaw allows an attacker to cause a denial of service, leading to a leak of internal kernel information...

3.7AI score
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/05/21 12:7 a.m.•46 views

CVE-2021-30577

Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file...

7.8CVSS5.1AI score0.00952EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/20 10:45 p.m.•46 views

CVE-2021-21131

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page...

6.5CVSS3.1AI score0.07953EPSS
Exploits0References2
Total number of security vulnerabilities5000