Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2021/04/30 7:3 p.m.•44 views

CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

6.2CVSS2.2AI score0.00296EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/28 7:48 p.m.•44 views

CVE-2019-25037

A flaw was found in unbound. A reachable assertion in the dnamepktcopy function can be triggered by sending invalid packets to the server. The highest threat from this vulnerability is to service availability...

7.5CVSS8.3AI score0.02128EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/28 7:48 p.m.•44 views

CVE-2019-25036

A flaw was found in unbound. A reachable assertion in the synthcname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dnamepktcopy function. The highest threat from this vulnerability...

9.8CVSS8.4AI score0.01989EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/23 7:44 p.m.•44 views

CVE-2021-29653

HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1...

7.5CVSS1.3AI score0.00552EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/12 9:16 p.m.•44 views

CVE-2021-23369

A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

9.8CVSS5AI score0.07028EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2021/04/08 5:16 p.m.•44 views

CVE-2021-28965

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...

7.5CVSS3.1AI score0.05061EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/06 5:47 p.m.•44 views

CVE-2021-29421

There's a flaw in the pikepdf Python library's XMP metadata parsing functionality. An attacker who is able to submit a crafted PDF file to be processed by pikepdf could trigger an XML External Entity XXE injection. The highest threat of this flaw is to confidentiality of data...

7.5CVSS3.9AI score0.01713EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/31 10:8 a.m.•44 views

CVE-2021-22876

It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected. Mitigation This issue can...

5.3CVSS6.4AI score0.05301EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/03/30 2:27 p.m.•44 views

CVE-2021-29266

A flaw was found in the Linux kernel. An invalid value upon reopening a character device can cause a use-after-free memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.5AI score0.00318EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/21 6:34 a.m.•44 views

CVE-2020-10718

A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...

5CVSS1.3AI score0.01435EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/20 9:44 p.m.•44 views

CVE-2018-5390

A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcpcollapseofoqueue and tcppruneofoqueue functions by sending specially modified packets within ongoing T...

7.8CVSS1.7AI score0.7354EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/03/14 5:40 a.m.•44 views

CVE-2021-3428

A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4escacheextent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem...

5.5CVSS1.9AI score0.00296EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/05 7:4 p.m.•44 views

CVE-2021-27365

A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.8CVSS8AI score0.02079EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/03/05 1:44 a.m.•44 views

CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some...

7.1CVSS7.1AI score0.01015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/18 3:35 p.m.•44 views

CVE-2020-12363

A flaw was found in the Linux kernel. Improper input validation in some IntelR Graphics Drivers may allow a privileged user to potentially enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red...

5.5CVSS2.6AI score0.00308EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/15 6:34 p.m.•44 views

CVE-2021-20239

A flaw was found in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. Mitigation Loading a filter is a privileged CAPSYSADMIN or root operation. Once any filter...

3.8CVSS3.4AI score0.00255EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/12 3:32 p.m.•44 views

CVE-2020-13949

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...

7.5CVSS2.6AI score0.06779EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/28 8:24 p.m.•44 views

CVE-2021-26117

A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider zero length DN/password and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. The highest threat from this vulnerability ...

8.1CVSS3.2AI score0.11239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/27 11:56 p.m.•44 views

CVE-2020-36228

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service...

7.5CVSS7.3AI score0.83381EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/26 11:53 a.m.•44 views

CVE-2020-0466

A flaw was found in the Linux kernel. A logic error in eventpoll.c can cause a use-after-free, leading to a local escalation of privilege with no additional execution privileges. User interaction is not needed for exploitation. The highest threat from this vulnerability is to confidentiality,...

7.8CVSS2.3AI score0.00268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/26 11:53 a.m.•44 views

CVE-2020-0444

A flaw was found in the Linux kernel. A logic error in auditdatatoentry can lead to a local escalation of privilege without user interaction needed. A local attacker with special user privilege could crash the system leading to information leak. The highest threat from this vulnerability is to da...

7.8CVSS1.9AI score0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/07 7:41 p.m.•44 views

CVE-2020-36181

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

8.8CVSS1.9AI score0.05018EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/01/07 12:5 a.m.•44 views

CVE-2020-16044

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

8.8CVSS3AI score0.01304EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/01/06 3:9 p.m.•44 views

CVE-2020-36158

A flaw was found in the Linux kernel. The marvell wifi driver could allow a local attacker to execute arbitrary code via a long SSID value in mwifiexcmd80211adhocstart function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.5AI score0.02209EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/23 1:31 p.m.•44 views

CVE-2020-28949

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

7.8CVSS3.2AI score0.84554EPSS
Exploits4References3
RedhatCVE
RedhatCVE
•added 2020/12/14 7:26 p.m.•44 views

CVE-2020-27843

A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability...

7.1CVSS5.4AI score0.01682EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/01 6:0 p.m.•44 views

CVE-2020-14360

A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.3AI score0.00393EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/11/29 7:58 a.m.•44 views

CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS1.1AI score0.07215EPSS
Exploits2References2
RedhatCVE
RedhatCVE
•added 2020/11/24 7:54 p.m.•44 views

CVE-2020-27771

In RestoreMSCWarning of /coders/pdf.c there are several areas where calls to GetPixelIndex could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex to ssizet type to avoid this bug. This undefined behavior could be...

4.3CVSS1.6AI score0.01161EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/11/11 12:52 p.m.•44 views

CVE-2020-25707

An infinite loop flaw was found in the e1000e NIC emulation code of QEMU. This issue occurs in the e1000ewritepackettoguest routine while processing bogus RX descriptor data transmitted by the guest. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a...

5.5CVSS3.7AI score0.00654EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/11/03 12:1 p.m.•44 views

CVE-2020-27616

An out-of-bounds access flaw was found in the ati-vga emulator of the QEMU. This flaw occurs when the source and destination x y display parameters in ati2dblt have invalid values. This flaw allows a guest user or process to crash the QEMU process, resulting in a denial of service...

6.5CVSS4.1AI score0.02498EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/10/14 1:33 a.m.•44 views

CVE-2020-16119

A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, the socket will be used after being released leading to denial of service DoS or a potential code execution. The highest threat from this vulnerability is to data confidentiality and integrit...

8.1CVSS7.5AI score0.00418EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2020/10/06 9:25 p.m.•44 views

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

6.4CVSS2.3AI score0.02055EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/30 4:17 p.m.•44 views

CVE-2019-20922

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of...

7.8CVSS4.3AI score0.03793EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/09/25 5:3 a.m.•44 views

CVE-2020-25285

A flaw was found in the Linux kernels sysctl handling code for hugepages management. When multiple root level processes would write to modify the /proc/sys/vm/nrhugepages file it could create a race on internal variables leading to a system crash or memory corruption. Mitigation Mitigation for th...

6.4CVSS6.9AI score0.00272EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/16 2:18 a.m.•44 views

CVE-2020-8252

A flaw has been found in libuv. The realpath implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS3.5AI score0.00714EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/07 4:48 p.m.•44 views

CVE-2019-8820

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead...

8.8CVSS2.4AI score0.09543EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2020/09/07 9:49 a.m.•44 views

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

4.3CVSS1.6AI score0.01665EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/08/27 8:37 a.m.•44 views

CVE-2020-15862

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS7.8AI score0.00382EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/23 6:37 p.m.•44 views

CVE-2020-14339

A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of...

7.2CVSS1.7AI score0.00416EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/16 8:9 p.m.•44 views

CVE-2020-15366

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

6.8CVSS5.7AI score0.02313EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/07/15 10:38 a.m.•44 views

CVE-2020-14581

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

4.3CVSS4.5AI score0.03284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/15 9:38 a.m.•44 views

CVE-2020-14556

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.8CVSS2.5AI score0.03022EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/07 2:21 p.m.•44 views

CVE-2020-15566

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: 1 port is already in use, 2 the memory allocation failed, or...

4.7CVSS0.1AI score0.00409EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/06/19 11:56 a.m.•44 views

CVE-2020-14195

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Th...

6.8CVSS2.8AI score0.04511EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/06/16 9:25 a.m.•44 views

CVE-2020-2190

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

3.5CVSS1.2AI score0.0076EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/06/09 8:55 p.m.•44 views

CVE-2020-9633

A use-after-free flaw was found in the Adobe Flash Player. This flaw an attacker to perform arbitrary code execution when the Flash player is used to play a specially crafted SWF file. The highest threat from this vulnerability is to confidentiality, integrity and system availability...

10CVSS3.6AI score0.0756EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/06/06 2:25 a.m.•44 views

CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Mitigation To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler...

6.4CVSS8.7AI score0.11334EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/05/28 4:55 p.m.•44 views

CVE-2020-13435

A NULL pointer dereference flaw was found in SQLite when rewriting select statements for window functions. This flaw allows an attacker who can execute SQL statements, to crash the application, resulting in a denial of service...

2.1CVSS7.4AI score0.0064EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/05/05 7:39 p.m.•44 views

CVE-2020-12653

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system. Mitigation In order to mitigate this issue it is possible to prevent the...

7.8CVSS1.7AI score0.00435EPSS
Exploits0References3
Total number of security vulnerabilities5000