Lucene search
K
RedhatcveMost viewed

206362 matches found

RedhatCVE
RedhatCVE
•added 2025/05/23 4:23 a.m.•45 views

CVE-2023-43338

Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjsgetptr. This vulnerability allows attackers to execute arbitrary code via a crafted input...

9.8CVSS8.2AI score0.00903EPSS
Exploits1
RedhatCVE
RedhatCVE
•added 2025/04/17 2:19 a.m.•45 views

CVE-2025-33028

In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this...

7.8CVSS7.8AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/04/10 7:54 p.m.•45 views

CVE-2025-27738

Improper access control in Windows Resilient File System ReFS allows an authorized attacker to disclose information over a network...

6.5CVSS6.3AI score0.02848EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2025/04/02 7:33 a.m.•45 views

CVE-2025-32044

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exceptionignoreargs = 1 in the...

7.5CVSS7.1AI score0.00337EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/12/17 9:50 a.m.•45 views

CVE-2023-31355

A flaw was found in the AMD firmware. This vulnerability allows a malicious hypervisor to overwrite a guest's UMC seed, potentially enabling the reading of memory from a decommissioned guest via improper restriction of write operations. Mitigation Mitigation for this issue is either not available...

6CVSS6.5AI score0.00443EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/12/12 8:40 a.m.•45 views

CVE-2024-4109

A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests...

4.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/01 5:5 p.m.•45 views

CVE-2024-26942

In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031probe On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually...

5.5CVSS7AI score0.00147EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/03 5:35 a.m.•45 views

CVE-2024-3205

A flaw was found in the libyaml library. A specially crafted YAML file can cause a heap-based buffer over-read in the yamlemitteremitflowsequenceitem function in the src/emitter.c file, resulting in denial of service in the application linked to the library. Mitigation Applications that do not...

7.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/03/27 7:36 p.m.•45 views

CVE-2024-23450

A flaw was found in elasticsearch. Trying to process a document in a deeply nested pipeline may cause the related ingest node to crash, resulting in a Denial of Service...

4.9CVSS6.8AI score0.00943EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/19 5:26 p.m.•45 views

CVE-2024-27439

A flaw was found in Apache Wicket. Under certain circumstances, this flaw allows an attacker to bypass Cross-Site Request Forgery CSRF protections...

8.1CVSS7AI score0.00681EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/10 9:9 a.m.•45 views

CVE-2024-28102

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service. Mitigation Mitigation for this issue is...

6.8CVSS6.2AI score0.0098EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2024/03/04 8:8 p.m.•45 views

CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

6CVSS6.5AI score0.0023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/23 2:3 p.m.•45 views

CVE-2024-26589

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTRTOFLOWKEYS For PTRTOFLOWKEYS, checkflowkeysaccess only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not...

4.1CVSS6.5AI score0.00239EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/23 2:2 p.m.•45 views

CVE-2023-52451

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlparmemoryremovebyindex may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails,...

4.4CVSS7.6AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/22 3:2 p.m.•45 views

CVE-2024-26584

A flaw was found in the tls subsystem of the Linux kernel. When setting the CRYPTOTFMREQMAYBACKLOG flag on requests to the crypto API, cryptoaeadencrypt and cryptoaeaddecrypt functions can return -EBUSY instead of -EINPROGRESS in valid situations. This issue could lead to undefined behavior and a...

5.5CVSS6.7AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/31 11:49 p.m.•45 views

CVE-2024-0853

A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the verify status chec...

3.8CVSS7AI score0.01102EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/01/18 12:1 p.m.•45 views

CVE-2024-0409

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. Mitigation Mitigation for this issue is eith...

7.8CVSS8.7AI score0.00356EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/17 12:4 p.m.•45 views

CVE-2024-20970

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

4.9CVSS7.9AI score0.01096EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/06 5:27 a.m.•45 views

CVE-2023-6393

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

5.3CVSS6.9AI score0.00631EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/17 12:50 p.m.•45 views

CVE-2023-48234

A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations. Mitigation Mitigation for this issu...

4.3CVSS4.7AI score0.00749EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/10/05 7:25 a.m.•45 views

CVE-2023-43786

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

5.5CVSS6.1AI score0.00461EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/09/30 6:24 p.m.•45 views

CVE-2023-42119

An out-of-bounds read flaw was found in Exim which exists within the smtp service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer, leading to disclosure of some sensitive information. An attacker can...

3.1CVSS6.6AI score0.01593EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/20 5:25 p.m.•45 views

CVE-2023-38427

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemblenegcontexts...

9.8CVSS6.6AI score0.01129EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/08/31 1:30 a.m.•45 views

CVE-2023-26049

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS5AI score0.013EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/30 9:12 p.m.•45 views

CVE-2023-40217

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

8.6CVSS5.9AI score0.0079EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/08/30 1:45 p.m.•45 views

CVE-2021-29390

A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompresssmoothdata function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality...

7.1CVSS8.8AI score0.00715EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/08/16 7:48 a.m.•45 views

CVE-2021-28025

A flaw was found in the qt-qtsvg package. An integer overflow vulnerability in qsvghandler.cpp allows local attackers to cause a denial of service DoS...

5.5CVSS6.3AI score0.00266EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/08/14 9:49 p.m.•45 views

CVE-2023-20873

A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are...

9.8CVSS9.2AI score0.01122EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/08/08 5:51 p.m.•45 views

CVE-2023-35390

A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution...

7.8CVSS7.5AI score0.02471EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/07/25 8:50 a.m.•45 views

CVE-2023-3610

A use-after-free vulnerability was found in the netfilter: nftables component in the Linux kernel due to a missing error handling in the abort path of NFTMSGNEWRULE. This flaw allows a local attacker with CAPNETADMIN access capability to cause a local privilege escalation problem. Mitigation In...

7.8CVSS7.5AI score0.00259EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/24 11:17 p.m.•45 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS6.7AI score0.03055EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2023/07/20 9:31 a.m.•45 views

CVE-2023-34966

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function slunpackloop did not validate a field in the network packet that contains the count of elements in an array-like...

7.5CVSS7.4AI score0.62015EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/05 6:50 p.m.•45 views

CVE-2023-3269

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas VMAs is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, a...

7.8CVSS7AI score0.01484EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/06/26 6:17 p.m.•45 views

CVE-2023-29402

A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names...

7CVSS9AI score0.01708EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/05/16 2:0 p.m.•45 views

CVE-2023-28410

A flaw was found in the Linux kernel i915 graphics driver that improperly restricts operations within the bounds of a memory buffer. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Mitigation Preventing loading the i915 kernel module...

7CVSS7.7AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/17 3:32 p.m.•45 views

CVE-2023-29199

A flaw was found in the vm2 sandbox. When exception handling is triggered, the sanitization logic is not managed with proper exception handling. This issue may allow an attacker to bypass the sandbox protections which can lead to remote code execution on the hypervisor host or the host which is...

9.8CVSS9.3AI score0.03852EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/04/14 5:6 p.m.•45 views

CVE-2023-2008

A flaw was found in the Linux kernel's udmabuf device driver, within a fault handler. This issue occurs due to the lack of proper validation of user-supplied data, which can result in memory access past the end of an array. This may allow an attacker to escalate privileges and execute arbitrary...

8.2CVSS7.6AI score0.01013EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/04/04 8:43 p.m.•45 views

CVE-2023-24538

A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system. Mitigation Mitigation...

9.8CVSS9.7AI score0.02281EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/30 1:1 p.m.•45 views

CVE-2023-26117

A flaw was found in AngularJS, where it is vulnerable to a denial of service caused by a regular expression denial of service ReDoS issue in the $resource service. By providing specially-crafted regex input, a remote attacker could cause a denial of service...

5.3CVSS7AI score0.01695EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/30 1:0 p.m.•45 views

CVE-2023-0922

A vulnerability was found in Samba. This security issue occurs in the Samba AD DC administration tool. When operating against a remote LDAP server, it will, by default, send new or reset passwords over a signed-only connection...

5.9CVSS5.9AI score0.00484EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/30 9:21 a.m.•45 views

CVE-2023-22999

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3qcomcreateursusbplatdev return value expects it to be NULL in the error case, whereas it is actually an error pointer...

5.5CVSS5.3AI score0.00261EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/20 9:38 a.m.•45 views

CVE-2022-48425

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs...

7CVSS7.1AI score0.00264EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/17 5:13 a.m.•45 views

CVE-2023-28101

A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the flatpak1 command-line interface by setting...

6.2CVSS5.8AI score0.00887EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/14 10:43 a.m.•45 views

CVE-2023-28327

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unixdiaggetexact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. Mitigation Mitigation fo...

5.5CVSS5.7AI score0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/03 8:29 a.m.•45 views

CVE-2023-25358

A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely...

7.5CVSS8.6AI score0.01053EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/01 6:30 p.m.•45 views

CVE-2023-0507

A flaw was found in the GeoMap Grafana plugin, where a user can store unsanitized HTML in the GeoMap plugin under the Attribution text field, and the client will process it. The vulnerability makes it possible to use XHR to make arbitrary API calls on behalf of the attacked user. This means that ...

7.3CVSS5.6AI score0.1546EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/08 3:26 p.m.•45 views

CVE-2022-47929

A NULL pointer dereference flaw was found in qdiscgraft in net/sched/schapi.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the allocworkqueue function return is not validated in time of failure, resulting in a system crash or leaked interna...

4.2CVSS6.1AI score0.00964EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/31 10:35 a.m.•45 views

CVE-2022-40899

A denial of service flaw was found in Python Charmers Future. This flaw allows an attacker to send a specially crafted Set-Cookie header in an HTTP request, resulting in a loss of system availability...

7.5CVSS7.1AI score0.01804EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/01/26 1:6 p.m.•45 views

CVE-2023-0481

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user...

5.3CVSS4.4AI score0.00206EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/01/25 5:36 a.m.•45 views

CVE-2021-26393

A flaw was found in hw. Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker-controlled data, resultin...

4.1CVSS3.7AI score0.00247EPSS
Exploits0References4
Total number of security vulnerabilities5000