Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2023/06/29 4:28 p.m.•110 views

CVE-2023-33201

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

5.3CVSS5.1AI score0.00772EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/30 1:40 p.m.•110 views

CVE-2023-2977

A vulnerability was found in OpenSC. This issue causes a buffer overrun in the pkcs15 cardoshaveverifyrcpackage. This flaw allows an attacker to supply a smart card package with a malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for two tags, where the remainin...

6.3CVSS6.8AI score0.00295EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/15 7:29 a.m.•110 views

CVE-2023-23529

A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the...

8.8CVSS8.7AI score0.09426EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/01/18 5:5 p.m.•110 views

CVE-2022-36437

A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster...

9.1CVSS3AI score0.01021EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/11 5:35 a.m.•110 views

CVE-2022-23529

A flaw was found in the jsonwebtoken package. In affected versions of the jsonwebtoken library, if a malicious actor can modify the key retrieval parameter referring to the secretOrPublicKey argument from the readme link of the jwt.verify function, they can perform remote code execution RCE...

5.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/11/08 3:25 a.m.•110 views

CVE-2022-3649

A flaw was found in the NILFS2 file system implementation in the Linux kernel. If the beginning of the inode bitmap area was corrupted on disk, an inode with the same inode number as the root inode could be allocated and fail soon after. The subsequent call to nilfsclearinode wrongly decremented...

7CVSS1.9AI score0.00758EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/10/14 5:29 a.m.•110 views

CVE-2022-3140

A vulnerability was found in LibreOffice that affects the Office URI Schemes. These schemes enable browser integration of LibreOffice with the MS SharePoint server. In LibreOffice, the links using the scheme 'vnd.libreoffice.command' could be constructed to call internal macros with arbitrary...

5.3CVSS2.2AI score0.04354EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/07 4:6 p.m.•110 views

CVE-2022-36946

A memory corruption flaw was found in the Linux kernel’s Netfilter subsystem in the way a local user uses the libnetfilterqueue when analyzing a corrupted network packet. This flaw allows a local user to crash the system or a remote user to crash the system when the libnetfilterqueue is used by a...

6.2CVSS7.5AI score0.05542EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/20 11:0 p.m.•110 views

CVE-2021-44731

A race condition vulnerability in the snap-confine component setupprivatemount of snapd was found by Qualys. This flaw could lead to local privilege escalation from any user to root...

7.8CVSS3.3AI score0.00966EPSS
Exploits4References2
RedhatCVE
RedhatCVE
•added 2022/05/14 11:38 a.m.•110 views

CVE-2020-10968

A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following...

8.8CVSS3.6AI score0.03538EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/27 6:53 a.m.•110 views

CVE-2022-22576

A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or by a malicious...

8.1CVSS3.5AI score0.01914EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/03/15 11:44 a.m.•110 views

CVE-2022-0084

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS2.8AI score0.01183EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/02/11 2:23 p.m.•110 views

CVE-2022-24959

A memory leak was found in the yamsiocdevprivate function of the YAM driver for AX.25. This issue can result in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat Product Security criteria comprising ease of u...

5.5CVSS1.6AI score0.00428EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/06 5:52 p.m.•110 views

CVE-2021-4178

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML...

6.7CVSS6.4AI score0.00309EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/05 9:46 p.m.•110 views

CVE-2021-39226

An authentication bypass was found in grafana. An attacker on the network is able to view and delete snapshots by accessing a literal path...

9.8CVSS4.1AI score0.99888EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2019/06/11 6:20 a.m.•110 views

CVE-2019-8457

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables...

9.8CVSS1.3AI score0.45426EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/04/04 2:28 p.m.•109 views

CVE-2023-1973

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory...

7.5CVSS6.7AI score0.01292EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/25 11:57 a.m.•109 views

CVE-2023-5363

A flaw was found in OpenSSL in how it processes key and initialization vector IV lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality...

7.5CVSS7.2AI score0.03332EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/07 8:40 p.m.•109 views

CVE-2023-4207

There are 3 CVEs for the use-after-free flaw found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. A local user could use any of these flaws to crash the system or potentially escalate their privileges on the system...

7.8CVSS7.3AI score0.00565EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2022/10/14 8:22 a.m.•109 views

CVE-2022-3358

A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVPEncryptInitex2, EVPDecryptInitex2 and EVPCipherInitex2 functions as well as other similarly named encryption and decryption initialization functions. Instead of using the custom cipher directly, it...

7.5CVSS7.3AI score0.02846EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/03 3:10 p.m.•109 views

CVE-2022-20141

A use-after-free flaw was found in the Linux kernel’s IGMP protocol in how a user triggers a race condition in the ipcheckmcrcu function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7CVSS6.9AI score0.00141EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/13 12:45 a.m.•109 views

CVE-2022-1650

A flaw was found in the EventSource NPM Package. The description from the source states the following message: "Exposure of Sensitive Information to an Unauthorized Actor." This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website...

9.3CVSS2.8AI score0.01686EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/03/15 5:45 p.m.•109 views

CVE-2022-0778

A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subje...

7.5CVSS7.7AI score0.70561EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2022/03/11 3:24 p.m.•109 views

CVE-2021-39698

A vulnerability was found in the Linux kernel’s file polling implementation in kernel/sched/wait.c., which leads to a use-after-free problem. This flaw allows a local user to cause a denial of service memory corruption or crash or privilege escalation. Mitigation Mitigation for this issue is eith...

7.8CVSS1.7AI score0.00232EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/01/13 6:38 a.m.•109 views

CVE-2018-14718

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS4AI score0.15087EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2021/11/29 7:31 a.m.•109 views

CVE-2021-4028

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this...

7.8CVSS1.7AI score0.00296EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/07/13 7:25 p.m.•109 views

CVE-2021-21781

An information disclosure flaw exists in the ARM SIGPAGE functionality of the Linux kernel. An attacker with a local account can read the contents of the sigpage, which contains previously initialized kernel memory contents. This flaw requires an attacker to read a process’s memory at a specific...

4CVSS1.7AI score0.00529EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/08 3:32 p.m.•109 views

CVE-2021-21362

A flaw has been identified in minio https://github.com/minio/minio. It is possible to bypass a readOnly policy by creating a temporary 'mc share upload'...

7.7CVSS0.7AI score0.01321EPSS
Exploits1References7
RedhatCVE
RedhatCVE
•added 2021/05/28 12:47 a.m.•109 views

CVE-2021-33196

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files...

7.5CVSS3.5AI score0.03464EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2018/07/18 10:14 a.m.•109 views

CVE-2018-3060

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.5CVSS2.6AI score0.02947EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2025/04/25 1:20 p.m.•108 views

CVE-2024-32752

The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access...

9.1CVSS7AI score0.00586EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/15 6:31 p.m.•108 views

CVE-2023-6237

A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large...

5.9CVSS6.9AI score0.02303EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/09/08 3:5 p.m.•108 views

CVE-2023-4807

A vulnerability was found in OpenSSL. The security issue occurs in the POLY1305 MAC message authentication code implementation, that contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA...

7.8CVSS6.3AI score0.00862EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/17 12:43 p.m.•108 views

CVE-2023-28531

A vulnerability was found in openssh. This issue occurs when adding smartcard keys to ssh-agent1 with per-hop destination constraints. A logic error prevented the constraints from being communicated to the agent, resulting in the keys being added without constraints. The common cases of...

9.1CVSS8.8AI score0.02216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/09 12:42 p.m.•108 views

CVE-2022-26383

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification...

7.5CVSS1.7AI score0.00655EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/07 10:58 a.m.•108 views

CVE-2017-18638

A flaw was found in graphite-web. The sendemail in the graphite-web/webapp/graphite/composer/views.py function is vulnerable to a Server-side request forgery SSRF. This flaw allows an attacker to use the vulnerable SSRF endpoint to have the Graphite web server request any resource. An attacker ca...

7.5CVSS3.4AI score0.16948EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/05/28 12:47 a.m.•108 views

CVE-2021-22543

A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VMIO|VMPFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of...

8.7CVSS1.3AI score0.0066EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/12/05 12:43 p.m.•107 views

CVE-2023-6378

A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition. Mitigation Mitigation for this issue is either no...

7.5CVSS6.8AI score0.009EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/08/22 2:21 p.m.•107 views

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

7.8CVSS7.7AI score0.00253EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/23 1:9 p.m.•107 views

CVE-2021-28861

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

7.4CVSS1.3AI score0.0199EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/04 11:40 a.m.•107 views

CVE-2022-21556

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS2.4AI score0.01147EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/12 3:33 p.m.•107 views

CVE-2021-43529

A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...

9.8CVSS3.1AI score0.17563EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2022/04/27 6:54 a.m.•107 views

CVE-2022-27774

A vulnerability was found in curl. This security flaw allows leaking credentials to other servers when it follows redirects from auth-protected HTTPS URLs to other protocols and port numbers...

5.7CVSS2.1AI score0.01595EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/03/18 4:17 p.m.•107 views

CVE-2022-27195

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...

5.5CVSS3.9AI score0.00368EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/06/13 5:52 a.m.•107 views

CVE-2021-20182

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as...

8.8CVSS2.3AI score0.01145EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/13 5:51 a.m.•107 views

CVE-2020-2305

A flaw was found in the mercurial plugin in Jenkins. The XML changelog parser is not configured to prevent an XML external entity XXE attack allowing an attacker the ability to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of...

6.5CVSS2.7AI score0.01447EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/26 1:14 p.m.•107 views

CVE-2020-26555

A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even...

5.4CVSS3.4AI score0.00887EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/26 9:12 a.m.•107 views

CVE-2021-29509

A flaw was found in rubygem-puma. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections...

7.5CVSS1.1AI score0.0196EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2019/10/29 4:34 p.m.•107 views

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. Mitigation...

9.8CVSS4AI score0.9947EPSS
Exploits54References4
RedhatCVE
RedhatCVE
•added 2024/04/15 8:56 a.m.•106 views

CVE-2024-2756

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser. Mitigation Mitigation for this issue is either not available or the currently available options don'...

6.5CVSS7.2AI score0.49336EPSS
Exploits2References4
Total number of security vulnerabilities5000