Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2022/05/20 11:8 p.m.•44 views

CVE-2022-0088

Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...

7.4CVSS2.8AI score0.01994EPSS
Exploits5References1
RedhatCVE
RedhatCVE
•added 2022/05/20 10:54 p.m.•44 views

CVE-2022-24953

The CryptGPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions...

6.2CVSS3AI score0.00837EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/20 10:48 p.m.•44 views

CVE-2022-27418

Tcpreplay v4.4.1 has a heap-based buffer overflow in dochecksummath at /tcpedit/checksum.c...

7.8CVSS3.1AI score0.0085EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/14 11:41 a.m.•44 views

CVE-2020-10713

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

4.6CVSS3.7AI score0.01068EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2022/05/11 3:59 a.m.•44 views

CVE-2022-1621

A flaw was found in vim, where it is vulnerable to a heap buffer overflow in the vimstrncpy findword function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim...

7.8CVSS3.6AI score0.02303EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/06 4:55 p.m.•44 views

CVE-2022-21437

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01266EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/13 11:25 a.m.•44 views

CVE-2022-27378

A flaw was found in MariaDB. The component, Createtmptable::finalize, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

7.5CVSS7.5AI score0.02406EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/12 7:27 p.m.•44 views

CVE-2022-1280

A use-after-free vulnerability was found in drmleaseheld in drivers/gpu/drm/drmlease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service DoS or a kernel information leak. Mitigation Mitigation for this issue is either not...

7CVSS2.2AI score0.00272EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/06 2:54 p.m.•44 views

CVE-2022-1097

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...

7.5CVSS2.5AI score0.00917EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/06 2:54 p.m.•44 views

CVE-2022-28282

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

6.5CVSS2AI score0.02012EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/25 6:35 a.m.•44 views

CVE-2022-24769

A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve2 runs...

5.9CVSS3.5AI score0.00492EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/23 9:38 a.m.•44 views

CVE-2022-0168

A denial of service DOS issue was found in the Linux kernel’s smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser function. This flaw allows a local, privileged CAPSYSADMIN attacker to crash the system. Mitigation...

4.4CVSS5.6AI score0.00261EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/17 4:9 p.m.•44 views

CVE-2021-23648

A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url...

6.1CVSS1.9AI score0.01423EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/03/10 9:16 a.m.•44 views

CVE-2022-24726

A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition...

7.5CVSS5.4AI score0.01529EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/23 2:36 a.m.•44 views

CVE-2022-21654

A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation...

9.8CVSS1.5AI score0.01061EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/22 12:49 p.m.•44 views

CVE-2021-25636

A improper certificate validation flaw was found in LibreOffice allowing an attacker to manipulate a digitally signed ODF document to appear that no alteration of the document occurred since the last signing and that the signature is valid...

7.5CVSS3.6AI score0.00965EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/22 4:46 a.m.•44 views

CVE-2021-44577

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. Al...

4.3CVSS6.7AI score0.01313EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/22 4:46 a.m.•44 views

CVE-2021-44569

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. Al...

4.3CVSS6.7AI score0.01313EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/21 7:30 a.m.•44 views

CVE-2021-45082

A flaw was found in cobbler. The vulnerability occurs due to incomplete template sanitization and leads to code injection. This flaw allows an attacker to interact and inject malicious codes and gain access to the system...

7.8CVSS5.2AI score0.00495EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/17 4:52 p.m.•44 views

CVE-2022-25181

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

8.8CVSS3.5AI score0.01541EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/10 7:52 p.m.•44 views

CVE-2022-22754

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If a user installed a particular type of extension, the extension could have auto-updated itself, and while doing so may have bypassed the prompt which grants the new version the new requested permission...

7.5CVSS2.7AI score0.00644EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/10 7:47 p.m.•44 views

CVE-2022-22756

The Mozilla Foundation Security Advisory describes this flaw as: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script, which would have run arbitrary code after the user clicked it...

8.8CVSS2.2AI score0.00926EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/02/10 4:51 p.m.•44 views

CVE-2022-22589

A vulnerability was found in WebKitGTK. The vulnerability exists due to improper input validation in WebKit when processing email messages. This flaw allows a remote attacker to trick the victim into opening a specially crafted email message and execute arbitrary JavaScript code...

7.6CVSS4.5AI score0.01973EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/03 7:28 p.m.•44 views

CVE-2022-0487

A use-after-free vulnerability was found in the Linux kernel’s moxartremove function in drivers/mmc/host/moxart-mmc.c. This flaw allows a local attacker with a user privilege to create issues with confidentiality. Mitigation Mitigation for this issue is either not available or the currently...

5.5CVSS2.8AI score0.00424EPSS
Exploits3References4
RedhatCVE
RedhatCVE
•added 2022/02/03 5:15 a.m.•44 views

CVE-2021-46664

MariaDB through 10.5.9 allows an application crash in subselectpostjoinaggr for a NULL value of aggr...

5.5CVSS3.1AI score0.004EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/25 1:55 p.m.•44 views

CVE-2021-4214

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service...

5.5CVSS2.7AI score0.00505EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/24 8:21 p.m.•44 views

CVE-2022-23852

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

9.8CVSS2.1AI score0.04525EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/24 6:29 p.m.•44 views

CVE-2021-34401

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPUIOCTLCHANNELSETERRORNOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service...

7.8CVSS5.6AI score0.003EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/13 6:54 a.m.•44 views

CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

6.5CVSS6.9AI score0.20271EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/21 9:53 p.m.•44 views

CVE-2021-44917

A flaw was found in gnuplot. A possible divide by zero flaw could allow an attacker to input a specially crafted file leading to a crash or code execution...

5.5CVSS4.4AI score0.00699EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/12/16 4:53 p.m.•44 views

CVE-2021-23463

A flaw was found in the h2database. This flaw allows an attacker to benefit from XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object. A user may trigger the vulnerability by sending malicious data...

9.1CVSS8.9AI score0.03284EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/15 2:50 p.m.•44 views

CVE-2021-4011

A flaw was found in xorg-x11-server where an out-of-bounds access can occur in the SwapCreateRegister function...

7.8CVSS2.3AI score0.00565EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/12/08 3:3 a.m.•44 views

CVE-2021-43539

The Mozilla Foundation Security Advisory describes this flaw as: Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitab...

8.8CVSS9.1AI score0.0162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/12/08 2:49 a.m.•44 views

CVE-2021-43546

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

5.4CVSS3.6AI score0.014EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/25 6:21 p.m.•44 views

CVE-2021-41816

A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escapehtml. By sending an overly long string using the sizet parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system...

9.8CVSS9.5AI score0.04766EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/11/16 6:45 p.m.•44 views

CVE-2021-42374

A flaw was found in BusyBox. It did not properly sanitize while crafted LZMA compressed input was decompressing, leading to a denial of service. The highest threat from this vulnerability is to confidentiality and system availability...

5.7CVSS6.1AI score0.00579EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/11/12 12:0 p.m.•44 views

CVE-2021-23222

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

5.9CVSS6.7AI score0.01501EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/05 8:41 a.m.•44 views

CVE-2021-43400

An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call...

9.1CVSS8.7AI score0.01544EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/26 1:20 p.m.•44 views

CVE-2021-41802

HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4...

5.5CVSS2.8AI score0.00589EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/21 3:9 p.m.•44 views

CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

5.3CVSS3.3AI score0.02032EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/20 7:25 p.m.•44 views

CVE-2021-35645

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01883EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/12 11:46 p.m.•44 views

CVE-2021-38502

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

7.5CVSS3.2AI score0.01066EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/06 10:44 a.m.•44 views

CVE-2005-0877

Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq...

7.5CVSS6.2AI score0.01874EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/06 8:58 a.m.•44 views

CVE-2021-40690

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS4.5AI score0.10448EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/05 7:0 p.m.•44 views

CVE-2021-32627

An integer overflow issue was found in redis. The vulnerability involves changing the default "proto-max-bulk-len" and "client-query-buffer-limit" configuration parameters to very large values and constructing specially crafted large stream elements. This flaw allows a remote attacker to corrupt...

7.5CVSS1.5AI score0.03688EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/09 10:36 a.m.•44 views

CVE-2017-5049

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer...

8.8CVSS5.8AI score0.0101EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/09/08 2:37 a.m.•44 views

CVE-2021-38493

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.14,...

8.8CVSS2.9AI score0.01205EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/06 3:4 p.m.•44 views

CVE-2021-33285

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.4AI score0.00415EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/01 11:19 a.m.•44 views

CVE-2021-33582

A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this vulnerability is to...

7.5CVSS1.9AI score0.0307EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/24 10:14 p.m.•44 views

CVE-2021-32778

An uncontrolled resource consumption vulnerability was found in envoyproxy/envoy. When envoy handles a large number of HTTP/2 requests which open and then reset the connection, it can cause excessive CPU usage. This flaw allows an attacker to cause a denial of service on the proxy. The highest...

7.5CVSS2.6AI score0.0123EPSS
Exploits0References4
Total number of security vulnerabilities5000