Lucene search
K
RedhatcveMost viewed

206360 matches found

RedhatCVE
RedhatCVE
•added 2019/10/03 11:21 p.m.•118 views

CVE-2019-10215

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser...

6.1CVSS4.3AI score0.01532EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/01/15 12:50 a.m.•118 views

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. Mitigation This issue only affects the user...

6.8CVSS2.2AI score0.20906EPSS
Exploits8References2
RedhatCVE
RedhatCVE
•added 2024/03/29 4:50 p.m.•117 views

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

10CVSS9.4AI score0.85974EPSS
Exploits40References5
RedhatCVE
RedhatCVE
•added 2023/07/26 4:47 p.m.•117 views

CVE-2023-35941

A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC...

8.6CVSS6.7AI score0.00709EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/04/21 5:56 a.m.•117 views

CVE-2023-1370

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

7.5CVSS7.3AI score0.01119EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/03/16 9:42 a.m.•117 views

CVE-2023-28450

A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Mitigation Systems that can not be updated can still configure dnsmasq to use the recommended maximum EDNS value by setting edns-packet-max=1232 in the dnsmasq...

7.5CVSS7.4AI score0.01334EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/11 7:55 p.m.•117 views

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS2.3AI score0.02178EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2018/05/21 9:19 p.m.•117 views

CVE-2018-3640

An industry-wide issue was found in the way many modern microprocessor handle speculative access of system registers inaccessible to unprivileged user. It relies on the presence of a precisely-defined instruction sequence in the privileged code which allows speculative load of system registers an...

5.6CVSS3.8AI score0.07556EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2024/09/04 2:14 p.m.•116 views

CVE-2024-8421

This CVE has been rejected...

4.2AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/09 6:37 p.m.•116 views

CVE-2022-26373

A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation eIBRS capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer RSB...

5.5CVSS2.6AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/13 6:27 a.m.•116 views

CVE-2022-24765

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...

7.8CVSS7.6AI score0.00782EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/18 4:16 p.m.•116 views

CVE-2022-23307

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS2.3AI score0.52458EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/03 1:58 p.m.•116 views

CVE-2019-0211

A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process usually root. An attacker having access to run arbitrary scripts on the web server PHP, CGI etc could use this flaw to run code on the...

8.8CVSS2.9AI score0.65005EPSS
Exploits8References4
RedhatCVE
RedhatCVE
•added 2024/01/12 9:31 p.m.•115 views

CVE-2023-50290

A flaw was found in Apache Solr. This issue may allow an unauthorized actor access to sensitive information. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the...

6.5CVSS6.2AI score0.68665EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/10 4:0 a.m.•115 views

CVE-2024-0057

A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggerin...

9.8CVSS7.5AI score0.02778EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/20 8:28 a.m.•115 views

CVE-2022-21443

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit...

4.3CVSS2.4AI score0.02707EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/16 9:57 p.m.•115 views

CVE-2021-34798

A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has...

7.5CVSS1.6AI score0.64509EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/06/04 6:12 p.m.•115 views

CVE-2021-31618

A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service...

7.5CVSS1AI score0.51208EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/01/13 2:39 a.m.•115 views

CVE-2019-20372

NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. Mitigation To mitigate this issue, use a named location instead ...

5.3CVSS5.7AI score0.14961EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2023/06/06 8:25 p.m.•114 views

CVE-2023-31890

A flaw was found in glazedlists, which permits code execution when deserializing code via the BeanXMLByteDecoder's decode method. This flaw allows an attacker to execute code on the vulnerable system...

7.5CVSS9.3AI score0.01013EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/05/26 5:10 p.m.•114 views

CVE-2023-24824

A flaw was found in CommonMarker. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service...

7.5CVSS6.8AI score0.01027EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2023/05/08 9:52 a.m.•114 views

CVE-2023-24540

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

8.1CVSS8.8AI score0.01548EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/10/26 2:23 p.m.•114 views

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

7.5CVSS7.4AI score0.01048EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/10/02 4:19 p.m.•114 views

CVE-2021-27861

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and optionally VLAN0 headers...

5.3CVSS2AI score0.00578EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/21 12:24 a.m.•114 views

CVE-2019-6340

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...

9.8CVSS3AI score0.91919EPSS
Exploits22References1
RedhatCVE
RedhatCVE
•added 2022/05/16 1:45 p.m.•114 views

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

3.7CVSS3.9AI score0.01677EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/11 9:28 a.m.•114 views

CVE-2022-1671

A NULL pointer dereference flaw was found in rxrpcpreparses in net/rxrpc/serverkey.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information...

7.1CVSS6.4AI score0.00304EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/24 7:58 p.m.•114 views

CVE-2022-23221

A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...

10CVSS6.7AI score0.64766EPSS
Exploits4References4
RedhatCVE
RedhatCVE
•added 2021/07/25 10:27 a.m.•114 views

CVE-2018-3639

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

5.6CVSS2.7AI score0.93838EPSS
Exploits11References2
RedhatCVE
RedhatCVE
•added 2021/06/21 6:27 a.m.•114 views

CVE-2017-20005

A flaw was found in nginx. When a date exists earlier than the standard epoch, as demonstrated by a file with a modification date in 1969 that causes a negative number to be treated as an unsigned integer, the year field becomes five characters long, larger than is allocated for, leading to a...

9.8CVSS3.3AI score0.03285EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2021/04/01 6:17 p.m.•114 views

CVE-2021-28164

In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...

5.3CVSS4.6AI score0.82371EPSS
Exploits7References4
RedhatCVE
RedhatCVE
•added 2024/06/21 1:52 p.m.•113 views

CVE-2024-38780

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...

4.4CVSS6.7AI score0.00187EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/29 4:28 p.m.•113 views

CVE-2023-33201

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

5.3CVSS5.1AI score0.00772EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/27 6:47 a.m.•113 views

CVE-2023-36664

A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix...

8.4CVSS6.7AI score0.03236EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2022/10/26 5:23 p.m.•113 views

CVE-2022-35260

A vulnerability was found in curl. The issue occurs when curl is told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, it can write a zero byt...

5.3CVSS7.6AI score0.01761EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/18 12:47 p.m.•113 views

CVE-2022-33743

An incomplete cleanup flaw was found in the Linux kernel’s Xen networking XDP eXpress Data Path subsystem. This flaw allows a local user to crash the system...

7.8CVSS2.2AI score0.00349EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/05/13 12:41 a.m.•113 views

CVE-2022-30594

A flaw was found in the Linux kernel. The PTRACESEIZE code path allows attackers to bypass intended restrictions on setting the PTSUSPENDSECCOMP flag, possibly disabling seccomp. Mitigation If ptrace is not required, ptrace can be disabled in multiple ways. 1. SELinux policy. setsebool -P...

7.8CVSS7.9AI score0.00798EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/27 6:55 a.m.•113 views

CVE-2022-27776

A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...

6.5CVSS2.2AI score0.03425EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/04/14 8:23 a.m.•113 views

CVE-2022-29156

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrscltdevrelease...

7.8CVSS1.6AI score0.0037EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/16 8:56 p.m.•113 views

CVE-2022-0396

A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP strea...

5.3CVSS5.8AI score0.02617EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2025/03/28 9:33 p.m.•112 views

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....

9.8CVSS6.9AI score0.99098EPSS
Exploits20References1
RedhatCVE
RedhatCVE
•added 2023/08/29 1:46 p.m.•112 views

CVE-2021-30047

VSFTPD is vulnerable to a denial of service, caused by only a limited number of connections allowed, a remote attacker could exploit this vulnerability to cause a denial of service condition...

7.5CVSS7.1AI score0.03073EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/02/06 6:56 a.m.•112 views

CVE-2023-0045

A flaw was found in the Linux kernel. This issue occurs due to a failure mitigating the Spectre-BTI attack using the kernel API, as IBPB is not issued during the syscall until the next schedule, leaving the system vulnerable. Mitigation For user-mode applications, a usleep after the prctl call wi...

4.7CVSS7.1AI score0.02399EPSS
Exploits3References6
RedhatCVE
RedhatCVE
•added 2021/04/30 7:6 p.m.•112 views

CVE-2021-26291

A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model pom, which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that...

9.1CVSS1AI score0.08691EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2024/03/25 12:35 p.m.•111 views

CVE-2024-29059

.NET Framework Information Disclosure Vulnerability...

7.5CVSS7.1AI score0.98624EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/12/18 8:27 p.m.•111 views

CVE-2023-6817

A use-after-free flaw was found in the Netfilter subsystem in the Linux kernel via the nftpipapowalk function. This issue may allow a local user with CAPNETADMIN capability to trigger an application crash, information disclosure, or local privilege escalation. Mitigation In order to trigger the...

7.8CVSS7.5AI score0.12966EPSS
Exploits7References4
RedhatCVE
RedhatCVE
•added 2023/10/18 12:59 a.m.•111 views

CVE-2023-45871

A flaw was found in igbconfigurerxring in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue. Mitigation Mitigation for this...

7.5CVSS8AI score0.00544EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/30 1:40 p.m.•111 views

CVE-2023-2977

A vulnerability was found in OpenSC. This issue causes a buffer overrun in the pkcs15 cardoshaveverifyrcpackage. This flaw allows an attacker to supply a smart card package with a malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for two tags, where the remainin...

6.3CVSS6.8AI score0.00295EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/01/11 5:35 a.m.•111 views

CVE-2022-23529

A flaw was found in the jsonwebtoken package. In affected versions of the jsonwebtoken library, if a malicious actor can modify the key retrieval parameter referring to the secretOrPublicKey argument from the readme link of the jwt.verify function, they can perform remote code execution RCE...

5.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/08 3:25 a.m.•111 views

CVE-2022-3649

A flaw was found in the NILFS2 file system implementation in the Linux kernel. If the beginning of the inode bitmap area was corrupted on disk, an inode with the same inode number as the root inode could be allocated and fail soon after. The subsequent call to nilfsclearinode wrongly decremented...

7CVSS1.9AI score0.00758EPSS
Exploits0References3
Total number of security vulnerabilities5000