Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2021/11/05 8:41 a.m.•44 views

CVE-2021-43400

An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call...

9.1CVSS8.7AI score0.01544EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/03 1:9 a.m.•44 views

CVE-2021-38507

The Mozilla Foundation Security Advisory describes this flaw as: The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on...

7.5CVSS7.7AI score0.00805EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/11/01 5:49 a.m.•44 views

CVE-2021-34981

A flaw was found in the Linux kernel's CAPI over Bluetooth connection code. An attacker with a local account can escalate privileges when CAPI ISDN hardware connection fails. Mitigation To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via...

7.5CVSS0.8AI score0.002EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/26 1:20 p.m.•44 views

CVE-2021-41802

HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4...

5.5CVSS2.8AI score0.00589EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/06 10:44 a.m.•44 views

CVE-2005-0877

Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq...

7.5CVSS6.2AI score0.01874EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/06 3:4 p.m.•44 views

CVE-2021-33285

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.4AI score0.00415EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/24 10:15 p.m.•44 views

CVE-2021-32780

A vulnerability was found in envoyproxy/envoy, in which the application terminates abruptly. The error occurs when envoy receives a GOAWAY frame followed by a SETTINGS frame with the parameter SETTINGMAXCONCURRENTSTREAMS to set 0. This flaw allows an attacker to cause a denial of service on the...

8.6CVSS4.2AI score0.0123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/24 10:14 p.m.•44 views

CVE-2021-32778

An uncontrolled resource consumption vulnerability was found in envoyproxy/envoy. When envoy handles a large number of HTTP/2 requests which open and then reset the connection, it can cause excessive CPU usage. This flaw allows an attacker to cause a denial of service on the proxy. The highest...

7.5CVSS2.6AI score0.0123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/18 8:4 p.m.•44 views

CVE-2021-25218

A flaw was found in bind. An assertion failure is triggered, resulting in termination of the named server process, if named attempts to respond over UDP with a response that is larger than the current effective interface maximum transmission unit MTU, and if response-rate limiting RRL is active...

7.5CVSS1.4AI score0.03559EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/10 9:51 p.m.•44 views

CVE-2021-2440

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

6.8CVSS2AI score0.01718EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 5:51 p.m.•44 views

CVE-2021-37620

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An...

5.5CVSS5.6AI score0.01051EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/07/26 5:31 p.m.•44 views

CVE-2021-32786

A flaw was found in modauthopenidc where it does not sanitize redirection URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest...

6.1CVSS2.8AI score0.02364EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/05/24 5:42 p.m.•44 views

CVE-2021-33516

A flaw was found in gupnp. DNS rebinding can occur when a victim's browser is used by a remote web server to trigger actions against local UPnP services including data exfiltration, data tempering, and other exploits. The highest threat from this vulnerability is to data confidentiality and...

8.3CVSS1.5AI score0.01084EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2021/05/21 12:15 p.m.•44 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS5AI score0.01319EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/05/19 12:26 a.m.•44 views

CVE-2021-25738

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

6.7CVSS2.9AI score0.00458EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•44 views

CVE-2021-21419

A flaw was found in eventlet. If an unauthenticated user manages to send large websocket frames or highly compressed data frames that can lead to memory exhaustion. An attacker could use this flaw to cause a denial of service DoS...

5.3CVSS2AI score0.01807EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/30 7:3 p.m.•44 views

CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

6.2CVSS2.2AI score0.00296EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/29 10:18 a.m.•44 views

CVE-2021-20254

A flaw was found in samba. The Samba smbd file server must map Windows group identities SIDs into unix group ids gids. The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache...

6.8CVSS1AI score0.01616EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/28 7:48 p.m.•44 views

CVE-2019-25037

A flaw was found in unbound. A reachable assertion in the dnamepktcopy function can be triggered by sending invalid packets to the server. The highest threat from this vulnerability is to service availability...

7.5CVSS8.3AI score0.02128EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/28 7:48 p.m.•44 views

CVE-2019-25036

A flaw was found in unbound. A reachable assertion in the synthcname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dnamepktcopy function. The highest threat from this vulnerability...

9.8CVSS8.4AI score0.01989EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/23 7:44 p.m.•44 views

CVE-2021-29653

HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1...

7.5CVSS1.3AI score0.00552EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/08 5:16 p.m.•44 views

CVE-2021-28965

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...

7.5CVSS3.1AI score0.05061EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/30 2:27 p.m.•44 views

CVE-2021-29266

A flaw was found in the Linux kernel. An invalid value upon reopening a character device can cause a use-after-free memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.5AI score0.00318EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/20 9:44 p.m.•44 views

CVE-2018-5390

A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcpcollapseofoqueue and tcppruneofoqueue functions by sending specially modified packets within ongoing T...

7.8CVSS1.7AI score0.7354EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/03/05 7:4 p.m.•44 views

CVE-2021-27365

A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.8CVSS8AI score0.02079EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/02/18 7:13 p.m.•44 views

CVE-2020-24502

Improper input validation in some IntelR Ethernet E810 Adapter drivers for Linux may allow an authenticated user to potentially enable a denial of service via local access...

5.5CVSS5.2AI score0.0031EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/15 6:34 p.m.•44 views

CVE-2021-20239

A flaw was found in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. Mitigation Loading a filter is a privileged CAPSYSADMIN or root operation. Once any filter...

3.8CVSS3.4AI score0.00255EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/15 12:33 p.m.•44 views

CVE-2020-28493

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

7.5CVSS2.6AI score0.03546EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/02/10 6:35 a.m.•44 views

CVE-2020-1717

A flaw was found in keycloak. An attacker could use the change email function in the account settings to determine if an email address was already used for another account an account enumeration attack. The highest threat from this flaw is to data confidentiality...

4CVSS2AI score0.00766EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/01/28 8:24 p.m.•44 views

CVE-2021-26117

A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider zero length DN/password and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. The highest threat from this vulnerability ...

8.1CVSS3.2AI score0.11239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/27 11:56 p.m.•44 views

CVE-2020-36228

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service...

7.5CVSS7.3AI score0.83381EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/26 11:53 a.m.•44 views

CVE-2020-0466

A flaw was found in the Linux kernel. A logic error in eventpoll.c can cause a use-after-free, leading to a local escalation of privilege with no additional execution privileges. User interaction is not needed for exploitation. The highest threat from this vulnerability is to confidentiality,...

7.8CVSS2.3AI score0.00268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/26 11:53 a.m.•44 views

CVE-2020-0444

A flaw was found in the Linux kernel. A logic error in auditdatatoentry can lead to a local escalation of privilege without user interaction needed. A local attacker with special user privilege could crash the system leading to information leak. The highest threat from this vulnerability is to da...

7.8CVSS1.9AI score0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/21 3:5 p.m.•44 views

CVE-2021-3115

A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have "." listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and...

7.5CVSS8.1AI score0.06497EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/01/11 9:26 p.m.•44 views

CVE-2021-23240

A race condition vulnerability was found in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, this flaw allows a malicious user with sudoedit permissions to set the owner of an arbitrary file to the user ID of the target user, potentially leading...

7.8CVSS1.7AI score0.01066EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/01/07 7:41 p.m.•44 views

CVE-2020-36181

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

8.8CVSS1.9AI score0.05018EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2020/12/23 1:31 p.m.•44 views

CVE-2020-28949

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

7.8CVSS3.2AI score0.84554EPSS
Exploits4References3
RedhatCVE
RedhatCVE
•added 2020/12/14 7:26 p.m.•44 views

CVE-2020-27844

A flaw was found in openjpeg's src/lib/openjp2/t2.c. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

8.3CVSS1.6AI score0.01329EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/14 7:26 p.m.•44 views

CVE-2020-27843

A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability...

7.1CVSS5.4AI score0.01682EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/01 6:0 p.m.•44 views

CVE-2020-14360

A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.3AI score0.00393EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/11/29 7:58 a.m.•44 views

CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS1.1AI score0.07215EPSS
Exploits2References2
RedhatCVE
RedhatCVE
•added 2020/11/06 5:29 p.m.•44 views

CVE-2020-16846

A flaw was found in salt. A shell injection vulnerability was found where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client. An attacker could use this flaw to cause a denial of service, information disclosure, or...

9.8CVSS1.8AI score0.99585EPSS
Exploits5References8
RedhatCVE
RedhatCVE
•added 2020/11/03 12:1 p.m.•44 views

CVE-2020-27616

An out-of-bounds access flaw was found in the ati-vga emulator of the QEMU. This flaw occurs when the source and destination x y display parameters in ati2dblt have invalid values. This flaw allows a guest user or process to crash the QEMU process, resulting in a denial of service...

6.5CVSS4.1AI score0.02498EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/10/29 11:29 a.m.•44 views

CVE-2020-14323

A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability...

5.5CVSS2AI score0.00613EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/10/06 9:25 p.m.•44 views

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

6.4CVSS2.3AI score0.02055EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/30 4:17 p.m.•44 views

CVE-2020-26154

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header...

6.8CVSS2.9AI score0.03569EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/16 2:18 a.m.•44 views

CVE-2020-8252

A flaw has been found in libuv. The realpath implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS3.5AI score0.00714EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/07 6:49 p.m.•44 views

CVE-2019-8672

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may...

9.3CVSS2.6AI score0.11024EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/09/07 4:48 p.m.•44 views

CVE-2019-8820

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead...

8.8CVSS2.4AI score0.09543EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2020/09/07 12:19 p.m.•44 views

CVE-2020-3868

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...

9.3CVSS2.4AI score0.02633EPSS
Exploits0References4
Total number of security vulnerabilities5000