Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2023/02/14 10:59 p.m.•43 views

CVE-2022-25147

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

6.5CVSS8.9AI score0.01417EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/07 5:26 a.m.•43 views

CVE-2022-44267

A vulnerability was found in ImageMagick that is triggered when the software parses a PNG image containing a single dash - in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that adds a single dash in the name to any site using ImageMagick. The...

7.5CVSS6.4AI score0.76581EPSS
Exploits4References5
RedhatCVE
RedhatCVE
•added 2023/02/06 3:56 a.m.•43 views

CVE-2021-43998

A flaw was found in HashiCorp Vault. In affected versions of HashiCorp Vault and Vault Enterprise, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy...

6.5CVSS2.9AI score0.01008EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/26 2:35 p.m.•43 views

CVE-2023-22792

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...

7.5CVSS7.2AI score0.01695EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/25 11:35 a.m.•43 views

CVE-2021-26316

A flaw was found in hw. Failure to validate the BIOS's communication buffer and communication service may allow an attacker to tamper with the buffer, resulting in potential System Management Mode SMM arbitrary code execution. Mitigation Please contact AMD for more updates on this flaw...

7.8CVSS5AI score0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/24 3:5 p.m.•43 views

CVE-2023-0468

A use-after-free flaw was found in iouring/poll.c in iopollcheckevents in the iouring subcomponent in the Linux Kernel due to a race condition of pollrefs. This flaw may cause a NULL pointer dereference...

5.5CVSS5.7AI score0.0028EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/01/12 7:35 a.m.•43 views

CVE-2020-36649

A vulnerability was found in PapaParse. The affected function is present in the papaparse.js file. The manipulation leads to an inefficient regular expression complexity...

7.5CVSS3.7AI score0.01388EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/01/12 6:37 a.m.•43 views

CVE-2023-0229

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context...

6.3CVSS6.1AI score0.00647EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/29 4:4 a.m.•43 views

CVE-2022-40716

A flaw was found in the HashiCorp Consul package. In the affected versions of this package, a specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names...

6.5CVSS2.5AI score0.00849EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/14 11:4 a.m.•43 views

CVE-2022-23516

An uncontrolled recursion vulnerability was found in rubygem loofah. While sanitizing certain sections, loofah is susceptible to stack exhaustion, which can result in a denial of service through CPU resource consumption...

7.5CVSS3.2AI score0.01104EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/13 10:11 p.m.•43 views

CVE-2022-3108

An issue was discovered in the Linux kernel through 5.16-rc6. kfdparsesubtypeiolink in drivers/gpu/drm/amd/amdkfd/kfdcrat.c lacks check of the return value of kmemdup...

5.5CVSS1.9AI score0.00214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/08 4:40 a.m.•43 views

CVE-2022-3630

A memory leak flaw was found in the Linux kernel IPSec functionality. This issue could allow a local user to crash the system...

5.5CVSS1.9AI score0.00244EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/05 5:1 p.m.•43 views

CVE-2022-46366

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the also unsupported 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no...

9.8CVSS9.7AI score0.09732EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/12/05 9:31 a.m.•43 views

CVE-2022-4285

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599...

5.5CVSS3.7AI score0.01042EPSS
Exploits2References5
RedhatCVE
RedhatCVE
•added 2022/12/05 7:31 a.m.•43 views

CVE-2020-35539

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

9.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/11/15 6:56 a.m.•43 views

CVE-2022-3598

An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition...

6.5CVSS6.4AI score0.00938EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/10/24 9:18 p.m.•43 views

CVE-2022-39260

Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the...

8.8CVSS9.4AI score0.02938EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/18 7:10 a.m.•43 views

CVE-2022-38249

Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the MTR component in version 1.0.4...

6.1CVSS3.1AI score0.01717EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/05 2:57 p.m.•43 views

CVE-2022-2929

A vulnerability was found in the DHCP server where the "fqdnuniversedecode" function allocates buffer space for the contents of option 81 fqdn data received in a DHCP packet. The maximum length of a DNS "label" is 63 bytes. The function tests the length byte of each label contained in the "fqdn";...

6.5CVSS6.6AI score0.0062EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/21 3:49 p.m.•43 views

CVE-2022-36056

A vulnerability was found in cosign, where it incorrectly verified an artifact when the embedded rekorBundle does not reference the given signature. This flaw allows an attacker to exploit integrity and confidentiality...

5.5CVSS5.3AI score0.00145EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/09/21 10:18 a.m.•43 views

CVE-2022-32886

A vulnerability was found in webkitgtkm, where a buffer overflow issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS8.7AI score0.01413EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/09/07 9:30 a.m.•43 views

CVE-2022-36067

A flaw was found in the vm2 sandbox when running untrusted code, as the sandbox setup does not manage proper exception handling. This flaw allows an attacker to bypass the sandbox protections and gain remote code execution on the hypervisor host or the host which is running the sandbox. Mitigatio...

10CVSS1.1AI score0.47868EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/08/31 7:59 p.m.•43 views

CVE-2022-2663

A flaw was found in the Linux kernel in nfconntrackirc where the message handling can be confused and it incorrectly matches on the message. An attacker could exploit this vulnerability to bypass firewall when users are using unencrypted IRC with nfconntrackirc configured. Mitigation To mitigate...

5.3CVSS6.1AI score0.01417EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/08/30 7:6 a.m.•43 views

CVE-2022-20148

In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.8CVSS2.9AI score0.00115EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/26 5:40 a.m.•43 views

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

3.6CVSS2.2AI score0.0037EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/08/25 5:45 a.m.•43 views

CVE-2021-33646

A flaw was found in libtar. This security vulnerability occurs because the thread function in libtar doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

7.5CVSS3.7AI score0.01431EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/25 5:44 a.m.•43 views

CVE-2021-33644

A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in header struct being 0 to trigger a calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

6.8CVSS2.6AI score0.01127EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/17 6:8 p.m.•43 views

CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...

7.1CVSS2.3AI score0.01091EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/08/17 12:8 a.m.•43 views

CVE-2022-2869

A flaw was found in libtiff's tiffcrop tool that has a uint32t underflow, which leads to an out-of-bounds read and write in the extractContigSamples8bits routine. This flaw allows an attacker who supplies a crafted file to tiffcrop to trick a user into opening the crafted file with tiffcrop,...

5.5CVSS3.4AI score0.003EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/09 3:37 p.m.•43 views

CVE-2022-2191

A flaw was found in the Jetty-server package. This flaw allows an attacker to send invalid requests, causing a denial of service in the Jetty Server...

7.5CVSS3.7AI score0.02036EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/08/04 11:38 a.m.•43 views

CVE-2022-21525

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01418EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/03 10:10 a.m.•43 views

CVE-2022-25758

A flaw was found in the scss-tokenizer package. Affected versions of this package are vulnerable to a regular expression denial of service ReDoS attacks...

5.3CVSS5.8AI score0.01949EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/07/27 3:54 p.m.•43 views

CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

4.3CVSS1.9AI score0.0099EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/27 3:54 p.m.•43 views

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

8.8CVSS3.8AI score0.00965EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/07/14 8:44 a.m.•43 views

CVE-2022-2403

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. This flaw allows a malicious user to read the...

7.7CVSS6.4AI score0.00474EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/07/04 5:41 a.m.•43 views

CVE-2022-34177

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

7.5CVSS1.9AI score0.01468EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/30 8:38 p.m.•43 views

CVE-2022-29228

A flaw was found in Envoy. The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT in newer versions and corrupts memory on earlier versions...

7.5CVSS3.2AI score0.01173EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/06/15 2:30 p.m.•43 views

CVE-2022-2000

An out-of-bounds write vulnerability was found in Vim's appendcommand function of the src/exdocmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflo...

7.8CVSS3.5AI score0.01527EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/06/09 11:27 p.m.•43 views

CVE-2022-29227

A flaw was found in Envoy. Internal redirects for requests with bodies or trailers are not safe if the redirect prompts an Envoy-generated local reply. A remote attacker can exploit this to cause a denial of service. Mitigation Disable internal redirects if crashes are observed...

7.5CVSS4AI score0.01141EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/21 12:15 a.m.•43 views

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...

5.5CVSS4.2AI score0.0106EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/20 11:44 p.m.•43 views

CVE-2022-26144

An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code if CSP allows it in managepluginpage.php and managepluginuninstall.php when a crafted plugin is installed...

6.5CVSS3.4AI score0.00788EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/20 11:25 p.m.•43 views

CVE-2021-23165

A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may lead to execute arbitrary code and denial of service...

10CVSS2.4AI score0.03291EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/20 11:7 p.m.•43 views

CVE-2021-37970

Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.7AI score0.01349EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/20 10:41 p.m.•43 views

CVE-2021-21209

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS2.6AI score0.01009EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2022/05/16 2:32 p.m.•43 views

CVE-2022-21131

A flaw was found in hw. Improper access control for some IntelR XeonR processors may potentially allow an authenticated user to enable information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat...

5.5CVSS5.1AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/14 12:39 p.m.•43 views

CVE-2020-8698

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

5.5CVSS3.3AI score0.0051EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/06 3:56 a.m.•43 views

CVE-2022-29173

A flaw was found in go-tuf. This flaw allows an attacker to cause clients to install older software than the software the client previously knew to be available and may include software with known vulnerabilities...

8.8CVSS3.7AI score0.00532EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/03 8:24 p.m.•43 views

CVE-2022-29909

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS2.4AI score0.00848EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/05/03 6:37 a.m.•43 views

CVE-2022-29869

A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs...

5.3CVSS1.9AI score0.01804EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/02 7:38 a.m.•43 views

CVE-2022-25645

A flaw was found in the dset package via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains a proto, constructor, or prototype. This flaw allows an attacker to craft a malicious object, bypassing this check and achieving prototype...

8.1CVSS5AI score0.0176EPSS
Exploits1References5
Total number of security vulnerabilities5000