Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2022/02/03 7:28 p.m.•46 views

CVE-2022-0487

A use-after-free vulnerability was found in the Linux kernel’s moxartremove function in drivers/mmc/host/moxart-mmc.c. This flaw allows a local attacker with a user privilege to create issues with confidentiality. Mitigation Mitigation for this issue is either not available or the currently...

5.5CVSS2.8AI score0.00424EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2022/01/28 10:2 a.m.•46 views

CVE-2021-43519

A stack overflow issue was discovered in Lua in the luaresume function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service...

5.5CVSS3.6AI score0.01136EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/24 8:53 p.m.•46 views

CVE-2022-21673

An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token and no other user credentials will forward the OAuth Identity of the most recently logged-in user. This flaw allows API tok...

4.3CVSS3.8AI score0.02013EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/24 6:29 p.m.•46 views

CVE-2021-34402

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or...

6.7CVSS2.8AI score0.00286EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/10 6:55 p.m.•46 views

CVE-2021-20316

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. Mitigation Do not enable SMB1 please note SMB1 is disabled by default in Samba from...

6.8CVSS2.4AI score0.00761EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/14 11:21 a.m.•46 views

CVE-2021-4076

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys...

7.5CVSS1.7AI score0.0154EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/08 2:49 a.m.•46 views

CVE-2021-43542

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

6.5CVSS2.4AI score0.01714EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/01 7:19 a.m.•46 views

CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

7.8CVSS0.6AI score0.0101EPSS
Exploits2References5
RedhatCVE
RedhatCVE
•added 2021/11/26 2:19 p.m.•46 views

CVE-2021-4024

A flaw was found in podman. The podman machine function used to create and manage Podman virtual machine containing a Podman process spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall...

6.5CVSS6.2AI score0.01057EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/11/19 2:6 p.m.•46 views

CVE-2021-43618

A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability...

7.5CVSS7.5AI score0.03425EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2021/11/16 6:51 p.m.•46 views

CVE-2021-42376

A flaw was found in BusyBox, where it did not properly sanitize while processing a crafted shell command, leading to a denial of service. The highest threat from this vulnerability is to system availability...

5.5CVSS7AI score0.00399EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/16 6:8 p.m.•46 views

CVE-2021-27023

An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive...

9.8CVSS8.8AI score0.01328EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/11/10 3:28 a.m.•46 views

CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result cou...

9CVSS7.1AI score0.01673EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/19 4:44 p.m.•46 views

CVE-2021-41990

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur...

7.5CVSS4.7AI score0.06438EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/12 11:46 p.m.•46 views

CVE-2021-38502

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

7.5CVSS3.2AI score0.01066EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/05 2:26 p.m.•46 views

CVE-2020-3702

A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. An attacker within wireless range could send crafted traffic leading to information disclosure. Mitigation Mitigation for this issue is either not available or the currently available options doe...

3.3CVSS0.4AI score0.00343EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/24 11:12 a.m.•46 views

CVE-2021-21238

A verification flaw was found in python-pysaml2, where it did not validate signed SAML documents against an XML schema. Because the flaw allowed invalid XML documents to be processed, a network attacker could exploit this flaw by tricking pysaml2 with a wrapped signature. Mitigation Mitigation fo...

6.5CVSS0.6AI score0.01078EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/17 6:34 p.m.•46 views

CVE-2020-21530

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to usage of fgets. This leads to a denial of service via segmentation fault, impacting availability of the program...

5.5CVSS4.7AI score0.00693EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/06 5:22 p.m.•46 views

CVE-2021-35269

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes from the MFT , proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.4AI score0.00489EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/25 7:8 p.m.•46 views

CVE-2021-39141

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS4.5AI score0.16118EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/08/25 7:8 p.m.•46 views

CVE-2021-39144

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream...

8.5CVSS4.5AI score0.98124EPSS
Exploits6References5
RedhatCVE
RedhatCVE
•added 2021/08/23 1:53 p.m.•46 views

CVE-2021-35940

An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue...

7.1CVSS3.5AI score0.01749EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•46 views

CVE-2021-2356

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

5.9CVSS3.2AI score0.01879EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•46 views

CVE-2021-2367

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.02588EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•46 views

CVE-2021-2357

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.02588EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:21 p.m.•46 views

CVE-2021-38200

A flaw was found in the Linux kernel on the powerpc architecture, where a local user can cause a denial of service and panic the system when issuing the 'perf record' command. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not...

5.5CVSS1.5AI score0.00255EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 5:52 p.m.•46 views

CVE-2021-37621

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker...

5.5CVSS4AI score0.01104EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/21 9:20 a.m.•46 views

CVE-2021-22925

A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text...

5.3CVSS1.4AI score0.04929EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2021/06/15 1:47 p.m.•46 views

CVE-2021-3592

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function and could occur while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 byte...

3.8CVSS1.9AI score0.00326EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/11 5:43 p.m.•46 views

CVE-2021-20329

A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents...

6.8CVSS3.3AI score0.00961EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/05/25 1:43 p.m.•46 views

CVE-2021-3565

A flaw was found in tpm2-tools. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality...

5.9CVSS3.2AI score0.01327EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/19 7:14 p.m.•46 views

CVE-2021-3559

A flaw was found in libvirt in the virConnectListAllNodeDevices API. It only affects hosts with a PCI device and driver that supports mediated devices e.g., GRID driver. This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the...

6.5CVSS5.8AI score0.01033EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/19 12:26 a.m.•46 views

CVE-2020-26142

A flaw was found in the Linux kernel, where the WiFi implementations treat fragmented frames as full frames. This flaw allows an attacker to inject arbitrary network packets independent of the network configuration. The highest threat from this vulnerability is to integrity. Mitigation Mitigation...

7.5CVSS1.9AI score0.02076EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:55 p.m.•46 views

CVE-2021-31204

A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS4AI score0.01397EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•46 views

CVE-2021-3529

A flaw was found in noobaa-core. This flaw results in the name of an arbitrary URL copied into an HTML document as plain text between tags, including a potential payload script. The input is echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an...

7.1CVSS0.8AI score0.007EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/05 6:45 p.m.•46 views

CVE-2021-29478

A flaw was found in redis. An integer overflow bug could be exploited to corrupt the heap and potentially result with remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The flaw can be mitigated by...

8.8CVSS1.6AI score0.03628EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/04 8:21 p.m.•46 views

CVE-2018-25014

A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS1.8AI score0.0223EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/05/04 8:21 p.m.•46 views

CVE-2018-25012

A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability...

9.1CVSS1.8AI score0.02051EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/05/04 2:31 p.m.•46 views

CVE-2021-23343

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

7.5CVSS4.8AI score0.02218EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/04/20 8:44 p.m.•46 views

CVE-2021-2293

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS1.8AI score0.01319EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/20 8:26 p.m.•46 views

CVE-2021-2144

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

7.2CVSS4.6AI score0.01886EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/20 3:21 a.m.•46 views

CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

6.5CVSS1.7AI score0.01208EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/12 7:16 a.m.•46 views

CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

6.8CVSS2.1AI score0.01035EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/04/09 5:45 p.m.•46 views

CVE-2020-36311

A flaw was found in the Linux kernel. This flaw allows attackers to cause a denial of service soft lockup by triggering the destruction of a large SEV VM, which requires unregistering many encrypted regions. The highest threat from this vulnerability is to system availability...

5.5CVSS6.3AI score0.00335EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/24 2:53 p.m.•46 views

CVE-2021-21345

A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.9CVSS3AI score0.72324EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/03/22 10:58 a.m.•46 views

CVE-2021-28957

A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...

6.1CVSS1.2AI score0.04002EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/03/20 11:54 p.m.•46 views

CVE-2019-9636

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

9.8CVSS2.5AI score0.08811EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/19 7:0 p.m.•46 views

CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

7.5CVSS2.8AI score0.02719EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/12 10:4 a.m.•46 views

CVE-2021-20231

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and denial of service...

9.8CVSS9.1AI score0.03751EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2021/02/23 8:3 p.m.•46 views

CVE-2020-35524

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS3.7AI score0.01851EPSS
Exploits0References5
Total number of security vulnerabilities5000