Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2021/10/27 5:26 p.m.•45 views

CVE-2021-30849

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution...

7.8CVSS2.4AI score0.01786EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/21 3:9 p.m.•45 views

CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

5.3CVSS3.3AI score0.02092EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/20 7:25 p.m.•45 views

CVE-2021-35645

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01883EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/20 7:25 p.m.•45 views

CVE-2021-35646

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01935EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/06 10:44 a.m.•45 views

CVE-2005-0877

Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq...

7.5CVSS6.2AI score0.01874EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/05 7:0 p.m.•45 views

CVE-2021-32627

An integer overflow issue was found in redis. The vulnerability involves changing the default "proto-max-bulk-len" and "client-query-buffer-limit" configuration parameters to very large values and constructing specially crafted large stream elements. This flaw allows a remote attacker to corrupt...

7.5CVSS1.5AI score0.03688EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/05 7:0 p.m.•45 views

CVE-2021-41099

An integer overflow issue was found in redis in the underlying string library. The vulnerability involves changing the default "proto-max-bulk-len" configuration parameter to a very large value and constructing specially crafted network payloads or commands. This flaw allows a remote attacker to...

7.5CVSS1.5AI score0.03422EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/22 6:31 p.m.•45 views

CVE-2020-26301

A flaw was found in nodejs-ssh2. An OS command injection attack on Windows allows an attacker to perform remote code execution and potentially execute arbitrary code. The highest threat from this vulnerability is to confidentiality and integrity...

10CVSS5.6AI score0.03833EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/09/09 7:46 p.m.•45 views

CVE-2021-40528

A flaw was found in libgcrypt's ElGamal implementation, where it allows plain text recovery. During the interaction between two cryptographic libraries, a certain combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

7.5CVSS1.7AI score0.02342EPSS
Exploits1References7
RedhatCVE
RedhatCVE
•added 2021/09/09 10:36 a.m.•45 views

CVE-2017-5049

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer...

8.8CVSS5.8AI score0.01019EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/09/08 2:37 a.m.•45 views

CVE-2021-38493

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.14,...

8.8CVSS2.9AI score0.01205EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/01 11:19 a.m.•45 views

CVE-2021-33582

A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this vulnerability is to...

7.5CVSS1.9AI score0.0307EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/24 10:14 p.m.•45 views

CVE-2021-32778

An uncontrolled resource consumption vulnerability was found in envoyproxy/envoy. When envoy handles a large number of HTTP/2 requests which open and then reset the connection, it can cause excessive CPU usage. This flaw allows an attacker to cause a denial of service on the proxy. The highest...

7.5CVSS2.6AI score0.0123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/24 2:41 p.m.•45 views

CVE-2021-39360

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

7.5CVSS3.7AI score0.01469EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/18 3:56 p.m.•45 views

CVE-2021-38373

In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...

6.5CVSS1.5AI score0.00527EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:51 p.m.•45 views

CVE-2021-2440

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

6.8CVSS2AI score0.01718EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:20 p.m.•45 views

CVE-2021-2340

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Memcached. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS3.3AI score0.02312EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 5:20 p.m.•45 views

CVE-2021-37618

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. A...

5.5CVSS4.2AI score0.00984EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/28 1:54 p.m.•45 views

CVE-2021-1820

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory...

6.5CVSS1.6AI score0.01334EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/07/28 1:53 p.m.•45 views

CVE-2021-30720

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers...

9.3CVSS4.1AI score0.01279EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/06/08 11:48 a.m.•45 views

CVE-2021-3580

A flaw was found in nettle in the way its RSA decryption functions handle specially crafted ciphertext. This flaw allows an attacker to provide a manipulated ciphertext, leading to an application crash and a denial of service. Mitigation As per upstream: For applications that want to support olde...

7.5CVSS3.1AI score0.02686EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/19 12:26 a.m.•45 views

CVE-2021-25738

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

6.7CVSS2.9AI score0.00458EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/12 9:57 p.m.•45 views

CVE-2021-32606

A flaw was found in the Linux kernel. A use-after-free flaw in isotpsetsockopt leads to arbitrary kernel execution by overwriting the skerrorreport pointer which can be misused in order to execute a user-controlled ROP chain to gain root privileges. The highest threat from this vulnerability is t...

7.8CVSS3.5AI score0.00418EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/11 8:55 p.m.•45 views

CVE-2021-25287

There is an out-of-bounds read in J2kDecode in j2kugrayala. For J2k images with multiple bands, it’s legal to have different widths for each band, e.g. 1 byte for L, 4 bytes for A. Mitigation To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled as it is by default...

9.1CVSS1.2AI score0.02876EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:55 p.m.•45 views

CVE-2021-25288

There is an out-of-bounds read in J2kDecode in j2kugrayi. For J2k images with multiple bands, it’s legal to have different widths for each band, e.g. 1 byte for L, 4 bytes for A. Mitigation To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled, as it is by default...

9.1CVSS1.2AI score0.02342EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•45 views

CVE-2021-3491

A flaw was found in the Linux kernel. The iouring PROVIDEBUFFERS operation allowed the MAXRWCOUNT limit to be bypassed, which led to negative values being used in memrw when reading /proc//mem. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS8.1AI score0.00629EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/04 8:22 p.m.•45 views

CVE-2020-36331

A flaw was found in libwebp. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

9.1CVSS8.7AI score0.02302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/20 8:45 p.m.•45 views

CVE-2021-2161

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

5.9CVSS2.1AI score0.03125EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/14 4:40 p.m.•45 views

CVE-2021-25735

A vulnerability was found in Kubernetes' kube-apiserver that could allow Node updates to bypass a Validating Admission Webhook. An authenticated user could exploit this by modifying Node properties to values that should have been prevented by registered admission webhooks...

6.5CVSS2.9AI score0.05524EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/04/12 9:16 p.m.•45 views

CVE-2021-23369

A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

9.8CVSS5AI score0.07028EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2021/04/06 5:47 p.m.•45 views

CVE-2021-29421

There's a flaw in the pikepdf Python library's XMP metadata parsing functionality. An attacker who is able to submit a crafted PDF file to be processed by pikepdf could trigger an XML External Entity XXE injection. The highest threat of this flaw is to confidentiality of data...

7.5CVSS3.9AI score0.01713EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/31 10:8 a.m.•45 views

CVE-2021-22876

It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected. Mitigation This issue can...

5.3CVSS6.4AI score0.05301EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/03/29 6:55 p.m.•45 views

CVE-2021-1789

A type confusion vulnerability was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS5.3AI score0.14542EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/03/21 6:34 a.m.•45 views

CVE-2020-10718

A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...

5CVSS1.3AI score0.01435EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/20 11:59 p.m.•45 views

CVE-2018-12130

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

6.2CVSS1.8AI score0.01553EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/14 5:40 a.m.•45 views

CVE-2021-3428

A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4escacheextent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem...

5.5CVSS1.9AI score0.00296EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/05 1:44 a.m.•45 views

CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some...

7.1CVSS7.1AI score0.01015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/24 9:3 a.m.•45 views

CVE-2021-20260

A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.8AI score0.002EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/23 8:3 p.m.•45 views

CVE-2020-35522

In LibTIFF, there is a memory malloc failure in tifpixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack...

5.5CVSS6.3AI score0.01574EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/18 3:35 p.m.•45 views

CVE-2020-12363

A flaw was found in the Linux kernel. Improper input validation in some IntelR Graphics Drivers may allow a privileged user to potentially enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red...

5.5CVSS2.6AI score0.00308EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/18 3:34 p.m.•45 views

CVE-2020-12364

Null pointer reference in some IntelR Graphics Drivers for Microsoft Windows and the Linux kernel may allow a privileged user to potentially enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the R...

5.5CVSS2.9AI score0.00308EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/12 3:32 p.m.•45 views

CVE-2020-13949

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...

7.5CVSS2.6AI score0.06779EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/29 6:34 p.m.•45 views

CVE-2021-3347

A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...

7.8CVSS4.8AI score0.01377EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/01/07 12:5 a.m.•45 views

CVE-2020-16044

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

8.8CVSS3AI score0.01304EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/01/06 3:9 p.m.•45 views

CVE-2020-36158

A flaw was found in the Linux kernel. The marvell wifi driver could allow a local attacker to execute arbitrary code via a long SSID value in mwifiexcmd80211adhocstart function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.5AI score0.02209EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/17 1:26 a.m.•45 views

CVE-2020-29509

A flaw was found in go. Encoding and decoding of XML attributes could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on attribute integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SA...

10CVSS2.5AI score0.04872EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2020/12/02 6:4 p.m.•45 views

CVE-2020-9861

A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input...

7.5CVSS3.2AI score0.01432EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/11/24 7:54 p.m.•45 views

CVE-2020-27771

In RestoreMSCWarning of /coders/pdf.c there are several areas where calls to GetPixelIndex could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex to ssizet type to avoid this bug. This undefined behavior could be...

4.3CVSS1.6AI score0.01161EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/11/18 5:9 p.m.•45 views

CVE-2020-28915

An out-of-bounds OOB memory access flaw was found in fbcongetfont in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A bound check failure allows a local attacker with special user privilege to gain access to out-of-bounds memory, leading to a system crash or a leak o...

6.1CVSS6.5AI score0.00374EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/11/11 12:52 p.m.•45 views

CVE-2020-25707

An infinite loop flaw was found in the e1000e NIC emulation code of QEMU. This issue occurs in the e1000ewritepackettoguest routine while processing bogus RX descriptor data transmitted by the guest. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a...

5.5CVSS3.7AI score0.00654EPSS
Exploits1References3
Total number of security vulnerabilities5000