Lucene search
K
RedhatcveMost viewed

206305 matches found

RedhatCVE
RedhatCVE
•added 2021/12/21 9:53 p.m.•45 views

CVE-2021-44917

A flaw was found in gnuplot. A possible divide by zero flaw could allow an attacker to input a specially crafted file leading to a crash or code execution...

5.5CVSS4.4AI score0.00699EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/12/15 2:50 p.m.•45 views

CVE-2021-4011

A flaw was found in xorg-x11-server where an out-of-bounds access can occur in the SwapCreateRegister function...

7.8CVSS2.3AI score0.00565EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/12/08 2:49 a.m.•45 views

CVE-2021-43546

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

5.4CVSS3.6AI score0.014EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/19 2:6 p.m.•45 views

CVE-2021-43618

A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability...

7.5CVSS7.5AI score0.03425EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2021/11/16 6:51 p.m.•45 views

CVE-2021-42376

A flaw was found in BusyBox, where it did not properly sanitize while processing a crafted shell command, leading to a denial of service. The highest threat from this vulnerability is to system availability...

5.5CVSS7AI score0.00399EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/16 6:45 p.m.•45 views

CVE-2021-42374

A flaw was found in BusyBox. It did not properly sanitize while crafted LZMA compressed input was decompressing, leading to a denial of service. The highest threat from this vulnerability is to confidentiality and system availability...

5.7CVSS6.1AI score0.00579EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/11/16 6:8 p.m.•45 views

CVE-2021-27023

An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive...

9.8CVSS8.8AI score0.01328EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/11/12 12:0 p.m.•45 views

CVE-2021-23222

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

5.9CVSS6.7AI score0.01501EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/03 1:10 a.m.•45 views

CVE-2021-38509

Due to an unusual sequence of attacker-controlled events, a Javascript alert dialog with arbitrary although unstyled contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

6.1CVSS6.7AI score0.01622EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/27 5:26 p.m.•45 views

CVE-2021-30849

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution...

7.8CVSS2.4AI score0.01786EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/21 3:9 p.m.•45 views

CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

5.3CVSS3.3AI score0.02032EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/20 7:25 p.m.•45 views

CVE-2021-35645

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01883EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/20 7:25 p.m.•45 views

CVE-2021-35646

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01935EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/12 11:46 p.m.•45 views

CVE-2021-38502

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

7.5CVSS3.2AI score0.01066EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/06 8:58 a.m.•45 views

CVE-2021-40690

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS4.5AI score0.10448EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/05 7:0 p.m.•45 views

CVE-2021-32627

An integer overflow issue was found in redis. The vulnerability involves changing the default "proto-max-bulk-len" and "client-query-buffer-limit" configuration parameters to very large values and constructing specially crafted large stream elements. This flaw allows a remote attacker to corrupt...

7.5CVSS1.5AI score0.03688EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/05 7:0 p.m.•45 views

CVE-2021-41099

An integer overflow issue was found in redis in the underlying string library. The vulnerability involves changing the default "proto-max-bulk-len" configuration parameter to a very large value and constructing specially crafted network payloads or commands. This flaw allows a remote attacker to...

7.5CVSS1.5AI score0.03422EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/05 2:26 p.m.•45 views

CVE-2020-3702

A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. An attacker within wireless range could send crafted traffic leading to information disclosure. Mitigation Mitigation for this issue is either not available or the currently available options doe...

3.3CVSS0.4AI score0.00343EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/24 11:12 a.m.•45 views

CVE-2021-21238

A verification flaw was found in python-pysaml2, where it did not validate signed SAML documents against an XML schema. Because the flaw allowed invalid XML documents to be processed, a network attacker could exploit this flaw by tricking pysaml2 with a wrapped signature. Mitigation Mitigation fo...

6.5CVSS0.6AI score0.01078EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/22 6:31 p.m.•45 views

CVE-2020-26301

A flaw was found in nodejs-ssh2. An OS command injection attack on Windows allows an attacker to perform remote code execution and potentially execute arbitrary code. The highest threat from this vulnerability is to confidentiality and integrity...

10CVSS5.6AI score0.03833EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/09 7:46 p.m.•45 views

CVE-2021-40528

A flaw was found in libgcrypt's ElGamal implementation, where it allows plain text recovery. During the interaction between two cryptographic libraries, a certain combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

7.5CVSS1.7AI score0.02342EPSS
Exploits1References7
RedhatCVE
RedhatCVE
•added 2021/09/09 10:36 a.m.•45 views

CVE-2017-5049

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer...

8.8CVSS5.8AI score0.0101EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/09/08 2:37 a.m.•45 views

CVE-2021-38493

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.14,...

8.8CVSS2.9AI score0.01205EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/01 11:19 a.m.•45 views

CVE-2021-33582

A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this vulnerability is to...

7.5CVSS1.9AI score0.0307EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/25 7:8 p.m.•45 views

CVE-2021-39141

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS4.5AI score0.16118EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/08/24 2:41 p.m.•45 views

CVE-2021-39360

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

7.5CVSS3.7AI score0.01469EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/23 1:53 p.m.•45 views

CVE-2021-35940

An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue...

7.1CVSS3.5AI score0.01749EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/18 3:56 p.m.•45 views

CVE-2021-38373

In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...

6.5CVSS1.5AI score0.00527EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•45 views

CVE-2021-2356

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

5.9CVSS3.2AI score0.01879EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:21 p.m.•45 views

CVE-2021-38200

A flaw was found in the Linux kernel on the powerpc architecture, where a local user can cause a denial of service and panic the system when issuing the 'perf record' command. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not...

5.5CVSS1.5AI score0.00255EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:20 p.m.•45 views

CVE-2021-2340

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Memcached. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS3.3AI score0.02312EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 5:20 p.m.•45 views

CVE-2021-37618

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. A...

5.5CVSS4.2AI score0.00984EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/28 1:54 p.m.•45 views

CVE-2021-1820

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory...

6.5CVSS1.6AI score0.01334EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•45 views

CVE-2021-30720

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers...

9.3CVSS4.1AI score0.01279EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/21 9:20 a.m.•45 views

CVE-2021-22925

A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text...

5.3CVSS1.4AI score0.04929EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2021/06/15 1:47 p.m.•45 views

CVE-2021-3592

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function and could occur while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 byte...

3.8CVSS1.9AI score0.00326EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/08 11:48 a.m.•45 views

CVE-2021-3580

A flaw was found in nettle in the way its RSA decryption functions handle specially crafted ciphertext. This flaw allows an attacker to provide a manipulated ciphertext, leading to an application crash and a denial of service. Mitigation As per upstream: For applications that want to support olde...

7.5CVSS3.1AI score0.02686EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/12 9:57 p.m.•45 views

CVE-2021-32606

A flaw was found in the Linux kernel. A use-after-free flaw in isotpsetsockopt leads to arbitrary kernel execution by overwriting the skerrorreport pointer which can be misused in order to execute a user-controlled ROP chain to gain root privileges. The highest threat from this vulnerability is t...

7.8CVSS3.5AI score0.00418EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/11 8:55 p.m.•45 views

CVE-2021-31204

A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS4AI score0.01397EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/05/11 8:55 p.m.•45 views

CVE-2021-25287

There is an out-of-bounds read in J2kDecode in j2kugrayala. For J2k images with multiple bands, it’s legal to have different widths for each band, e.g. 1 byte for L, 4 bytes for A. Mitigation To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled as it is by default...

9.1CVSS1.2AI score0.02876EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:55 p.m.•45 views

CVE-2021-25288

There is an out-of-bounds read in J2kDecode in j2kugrayi. For J2k images with multiple bands, it’s legal to have different widths for each band, e.g. 1 byte for L, 4 bytes for A. Mitigation To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled, as it is by default...

9.1CVSS1.2AI score0.02342EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•45 views

CVE-2021-3491

A flaw was found in the Linux kernel. The iouring PROVIDEBUFFERS operation allowed the MAXRWCOUNT limit to be bypassed, which led to negative values being used in memrw when reading /proc//mem. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS8.1AI score0.00629EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/05 6:45 p.m.•45 views

CVE-2021-29478

A flaw was found in redis. An integer overflow bug could be exploited to corrupt the heap and potentially result with remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The flaw can be mitigated by...

8.8CVSS1.6AI score0.03628EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/04 8:22 p.m.•45 views

CVE-2020-36331

A flaw was found in libwebp. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

9.1CVSS8.7AI score0.02302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/04 2:31 p.m.•45 views

CVE-2021-23343

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

7.5CVSS4.8AI score0.02218EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/04/20 8:45 p.m.•45 views

CVE-2021-2161

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

5.9CVSS2.1AI score0.03125EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/20 8:26 p.m.•45 views

CVE-2021-2144

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

7.2CVSS4.6AI score0.01886EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/14 4:40 p.m.•45 views

CVE-2021-25735

A vulnerability was found in Kubernetes' kube-apiserver that could allow Node updates to bypass a Validating Admission Webhook. An authenticated user could exploit this by modifying Node properties to values that should have been prevented by registered admission webhooks...

6.5CVSS2.9AI score0.05524EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/04/12 9:16 p.m.•45 views

CVE-2021-23369

A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

9.8CVSS5AI score0.07028EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2021/04/06 5:47 p.m.•45 views

CVE-2021-29421

There's a flaw in the pikepdf Python library's XMP metadata parsing functionality. An attacker who is able to submit a crafted PDF file to be processed by pikepdf could trigger an XML External Entity XXE injection. The highest threat of this flaw is to confidentiality of data...

7.5CVSS3.9AI score0.01713EPSS
Exploits0References4
Total number of security vulnerabilities5000