Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2020/09/16 2:18 a.m.•44 views

CVE-2020-8252

A flaw has been found in libuv. The realpath implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS3.5AI score0.00714EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/07 6:49 p.m.•44 views

CVE-2019-8672

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may...

9.3CVSS2.6AI score0.11024EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/09/07 4:48 p.m.•44 views

CVE-2019-8820

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead...

8.8CVSS2.4AI score0.09543EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2020/09/07 12:19 p.m.•44 views

CVE-2020-3868

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...

9.3CVSS2.4AI score0.02633EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/08/19 10:10 a.m.•44 views

CVE-2020-24332

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...

5.5CVSS6.4AI score0.00553EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/08/13 12:43 p.m.•44 views

CVE-2020-14350

A flaw was found in PostgreSQL, where some PostgreSQL extensions did not use the searchpath safely in their installation script. This flaw allows an attacker with sufficient privileges to trick an administrator into executing a specially crafted script during the extension's installation or updat...

4.4CVSS3.4AI score0.00532EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/15 10:38 a.m.•44 views

CVE-2020-14581

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

4.3CVSS4.5AI score0.03284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/15 9:39 a.m.•44 views

CVE-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS2.9AI score0.04044EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/02 9:50 a.m.•44 views

CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba...

4CVSS2.2AI score0.02659EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/06/30 10:21 p.m.•44 views

CVE-2020-15393

In the Linux kernel 4.4 through 5.7.6, usbtestdisconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770...

2.1CVSS6.1AI score0.00433EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/06/18 2:37 p.m.•44 views

CVE-2020-14147

An integer overflow in the getnum function in luastruct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large...

5CVSS8AI score0.05362EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/06/16 9:25 a.m.•44 views

CVE-2020-2190

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

3.5CVSS1.2AI score0.0076EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/06/09 8:55 p.m.•44 views

CVE-2020-9633

A use-after-free flaw was found in the Adobe Flash Player. This flaw an attacker to perform arbitrary code execution when the Flash player is used to play a specially crafted SWF file. The highest threat from this vulnerability is to confidentiality, integrity and system availability...

10CVSS3.6AI score0.0756EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/05/05 7:39 p.m.•44 views

CVE-2020-12653

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system. Mitigation In order to mitigate this issue it is possible to prevent the...

7.8CVSS1.7AI score0.00435EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/30 8:10 p.m.•44 views

CVE-2020-2760

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

5.5CVSS2.7AI score0.03014EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/17 7:33 a.m.•44 views

CVE-2020-11868

A flaw was found in the Network Time Protocol NTP, where a security issue exists that allows an off-path attacker to prevent the Network Time Protocol daemon ntpd from synchronizing with NTP servers not using authentication. A server mode packet with a spoofed source address sent to the client nt...

7.5CVSS7.5AI score0.02081EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/14 10:33 p.m.•44 views

CVE-2020-2805

A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...

5.1CVSS3.3AI score0.04051EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/14 10:3 p.m.•44 views

CVE-2020-2830

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl...

5CVSS2.6AI score0.04948EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/14 10:3 p.m.•44 views

CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS1.4AI score0.02879EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/09 10:3 a.m.•44 views

CVE-2019-9518

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS1.4AI score0.25448EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/09 10:3 a.m.•44 views

CVE-2019-10213

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator b...

6.5CVSS4.4AI score0.00992EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/09 6:55 a.m.•44 views

CVE-2017-15289

Quick emulator QEMU, compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Deni...

6CVSS3.1AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2020/04/08 10:13 p.m.•44 views

CVE-2018-20677

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

6.1CVSS5.9AI score0.03984EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2020/04/08 10:1 p.m.•44 views

CVE-2020-8597

A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system...

9.8CVSS2.9AI score0.19431EPSS
Exploits3References3
RedhatCVE
RedhatCVE
•added 2020/04/08 10:1 p.m.•44 views

CVE-2019-19073

Memory leaks in drivers/net/wireless/ath/ath9k/htchst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering waitforcompletiontimeout failures. This affects the htcconfigpipecredits function, the htcsetupcomplete function, and the...

4CVSS5.2AI score0.00533EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/08 8:59 p.m.•44 views

CVE-2017-18269

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in...

9.8CVSS4.9AI score0.04831EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2020/04/07 7:5 a.m.•44 views

CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. Mitigation Mitigation provided by DigitalOcean: Mitigation relies on the HAProx...

6.1CVSS0.7AI score0.01525EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/06 11:4 a.m.•44 views

CVE-2019-19529

A use-after-free flaw was found in the driver for the USB Microchip CAN BUS Analyzer Tool. The CAN BUS analysis hardware is not commonly found on server-grade hardware where the flaw exists while a device is removed physical access or a kernel module is unloaded administrative privileges. An...

6.9CVSS0.6AI score0.00445EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/03 1:1 p.m.•44 views

CVE-2020-7064

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

6.5CVSS3.3AI score0.04295EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/04/02 9:0 a.m.•44 views

CVE-2020-2604

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

8.1CVSS2.1AI score0.04903EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2020/04/02 8:57 a.m.•44 views

CVE-2019-3846

A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiexupdatebssdescwithie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of servicesystem crash or execute arbitrary code. Mitigation This flaw requires a system with marvell wifi...

8.8CVSS3.7AI score0.05649EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/04/01 11:1 a.m.•44 views

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

8.8CVSS8.4AI score0.25779EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/04/01 12:32 a.m.•44 views

CVE-2019-11254

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. Mitigation Prevent unauthenticated or unauthorized...

6.5CVSS4.8AI score0.0236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/03/31 8:0 p.m.•44 views

CVE-2019-9458

A flaw was found in the Linux kernel's video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation. Mitigation To mitigate this issue, prevent modules v4l2-common, v4l2-dv-timings from being loaded if not...

7CVSS1.8AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/31 8:39 a.m.•44 views

CVE-2020-10531

An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...

8.8CVSS3.8AI score0.02669EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/03/30 1:1 p.m.•44 views

CVE-2019-9454

An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation...

6.7CVSS2.1AI score0.00182EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/30 8:7 a.m.•44 views

CVE-2018-18700

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remote attackers could leverage this vulnerability to...

5.5CVSS5.1AI score0.01686EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2020/03/29 1:52 p.m.•44 views

CVE-2018-8421

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framewo...

10CVSS2.6AI score0.2891EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/03/29 8:5 a.m.•44 views

CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

7.5CVSS2.3AI score0.02942EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/27 7:59 a.m.•44 views

CVE-2019-9503

If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be...

8.3CVSS1.8AI score0.03313EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2020/03/06 1:31 p.m.•44 views

CVE-2019-2978

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

4.3CVSS4.5AI score0.03284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/03 7:41 p.m.•44 views

CVE-2019-20485

A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon indefinitely, resulti...

5.8CVSS5.9AI score0.00813EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/02 11:41 a.m.•44 views

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

7.1CVSS7.2AI score0.06617EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/02/15 8:24 p.m.•44 views

CVE-2019-5010

A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...

7.5CVSS4.1AI score0.20743EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/01/29 4:7 p.m.•44 views

CVE-2018-7456

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tifprint.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to...

6.5CVSS2.9AI score0.03021EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2020/01/22 4:10 a.m.•44 views

CVE-2020-1702

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...

4.3CVSS2.3AI score0.00688EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/01/21 12:9 p.m.•44 views

CVE-2019-19355

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...

7CVSS3.6AI score0.00245EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/01/12 3:33 p.m.•44 views

CVE-2019-2614

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

4.4CVSS1.6AI score0.0281EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/01/11 3:49 a.m.•44 views

CVE-2018-19132

A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine...

5.9CVSS2.2AI score0.06114EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/01/09 5:9 a.m.•44 views

CVE-2019-17026

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...

8.8CVSS3.4AI score0.46589EPSS
Exploits7References4
Total number of security vulnerabilities5000