Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2023/08/02 10:49 a.m.•43 views

CVE-2023-31486

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

6.8CVSS7.1AI score0.01742EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/26 4:47 p.m.•43 views

CVE-2023-35944

A flaw was found in Envoy that allows for mixed-case schemes in HTTP/2. However, some internal scheme checks in Envoy are case-sensitive, leading to incorrect handling of requests and responses with mixed case schemes. For example, if a request with a mixed scheme HTTP is sent to the OAuth2 filte...

8.2CVSS6.8AI score0.00598EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/07/24 7:41 a.m.•43 views

CVE-2020-25969

gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest...

5.3CVSS7.6AI score0.00876EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/07/20 9:31 a.m.•43 views

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

5.3CVSS6.4AI score0.62606EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/20 8:30 a.m.•43 views

CVE-2023-22038

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

2.7CVSS5AI score0.00782EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/20 8:1 a.m.•43 views

CVE-2023-22007

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS5.5AI score0.01049EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/19 7:37 a.m.•43 views

CVE-2023-38197

A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body...

7.5CVSS6.1AI score0.01076EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/06/26 6:17 p.m.•43 views

CVE-2023-29404

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...

7.5CVSS9.4AI score0.01837EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/06/15 2:14 p.m.•43 views

CVE-2022-21235

A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands on the system...

9.8CVSS9.2AI score0.01818EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/08 11:5 a.m.•43 views

CVE-2023-31670

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service DoS via running a crafted binary...

7.5CVSS6.7AI score0.00833EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/06/07 8:55 a.m.•43 views

CVE-2023-31085

A divide-by-zero flaw was found in the Linux kernel’s UBI a software layer above the MTD layer that admits the use of LVM-like logical volumes on top of MTD devices. This flaw allows a local user to crash the system...

5.5CVSS5.2AI score0.00379EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/05/17 9:27 a.m.•43 views

CVE-2023-28320

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

3.7CVSS6.2AI score0.02658EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/05/08 6:21 p.m.•43 views

CVE-2022-24434

A flaw was found in the Node.js dicer module. The affected versions of the Node.js dicer module are vulnerable to a denial of service. By sending a specially-crafted form to the server, a remote attacker can crash the node.js service. Mitigation Mitigation for this issue is either not available o...

7.5CVSS7.2AI score0.03035EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2023/05/08 9:52 a.m.•43 views

CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

5.3CVSS5.7AI score0.02507EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/05/08 4:52 a.m.•43 views

CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

4.3CVSS6.6AI score0.01314EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/19 9:31 a.m.•43 views

CVE-2023-21938

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

3.7CVSS4.8AI score0.01208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/04/18 3:31 p.m.•43 views

CVE-2023-20863

A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server...

6.5CVSS6.1AI score0.01122EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/14 6:0 a.m.•43 views

CVE-2022-48468

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

6.2CVSS6.1AI score0.00366EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/13 1:31 p.m.•43 views

CVE-2023-26552

An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS5.5AI score0.00645EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/12 6:32 a.m.•43 views

CVE-2023-29548

The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result...

3.4CVSS7.9AI score0.00689EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/12 6:31 a.m.•43 views

CVE-2023-29536

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash...

8.8CVSS8AI score0.00702EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/04 6:13 p.m.•43 views

CVE-2021-28235

A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges...

9.8CVSS8.9AI score0.01605EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/26 3:39 p.m.•43 views

CVE-2023-1281

A use-after-free vulnerability was found in the traffic control index filter tcindex in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. Mitigation Thi...

7.8CVSS7AI score0.00305EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/21 1:14 p.m.•43 views

CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

5.6CVSS7.5AI score0.01856EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/20 4:13 a.m.•43 views

CVE-2023-26484

A flaw was found in the Kubevirt package. KubeVirt could allow a remote authenticated attacker to bypass security restrictions caused by improper authorization validation. An attacker can modify all node specs by sending a specially-crafted request using the virt-handler service account...

8.2CVSS7.6AI score0.00611EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/03/09 12:15 a.m.•43 views

CVE-2023-1175

A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yankcopyline function of the register.c file. This flaw allows illegal memory access when using virtual editing as "startspaces" goes negative. An attacker can trick a user into opening a specially...

5.3CVSS6.7AI score0.00438EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/03 8:30 a.m.•43 views

CVE-2023-25361

A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely...

7.5CVSS8.6AI score0.00974EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/02 11:59 a.m.•43 views

CVE-2023-23586

A use-after-free vulnerability was discovered in the Linux kernel's iouring subsystem. It was found that it is possible to insert a time namespace's vvar page to process memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the...

5.5CVSS5.4AI score0.00268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/01 8:29 p.m.•43 views

CVE-2023-25173

A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some...

7.3CVSS7.7AI score0.00542EPSS
Exploits1References8
RedhatCVE
RedhatCVE
•added 2023/02/27 6:30 p.m.•43 views

CVE-2023-1078

An out-of-bounds memory access flaw was found in the Linux kernel's RDS Reliable Datagram Sockets protocol due to triggering rdsmessageput. This could allow a local user to crash the system or potentially escalate their privileges on the system...

7.8CVSS7.2AI score0.00251EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/22 1:31 a.m.•43 views

CVE-2023-25151

A flaw was found in opentelemetry-go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration...

7.5CVSS7.1AI score0.00973EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/02/20 10:29 p.m.•43 views

CVE-2023-23918

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

7.5CVSS7.7AI score0.02023EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/16 9:32 a.m.•43 views

CVE-2023-25744

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...

8.8CVSS2.8AI score0.00668EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/16 9:30 a.m.•43 views

CVE-2023-25735

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy...

8.8CVSS2.2AI score0.00716EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/16 7:59 a.m.•43 views

CVE-2021-42135

A flaw was found in the HashiCorp vault. Affected versions may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. In some situations, users may have more privileges than intended...

8.1CVSS3AI score0.00755EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/07 5:28 p.m.•43 views

CVE-2023-0216

A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. This may result in an application crash which could lead to a denial of service. The TLS implementati...

7.5CVSS7.2AI score0.01846EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/01/25 11:35 a.m.•43 views

CVE-2021-26316

A flaw was found in hw. Failure to validate the BIOS's communication buffer and communication service may allow an attacker to tamper with the buffer, resulting in potential System Management Mode SMM arbitrary code execution. Mitigation Please contact AMD for more updates on this flaw...

7.8CVSS5AI score0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/24 4:36 a.m.•43 views

CVE-2022-48281

A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow for example, "WRITE of size 307203" via a crafted TIFF image...

5.5CVSS5.6AI score0.00461EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/01/13 7:34 p.m.•43 views

CVE-2022-46456

A buffer over-read was found in NASM. The issue occurs when a specially crafted file is processed by NASM when using the dbg output file format, causing the application to crash and disclose a limited amount of information...

6.1CVSS2.1AI score0.00357EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/12/29 4:4 a.m.•43 views

CVE-2022-40716

A flaw was found in the HashiCorp Consul package. In the affected versions of this package, a specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names...

6.5CVSS2.5AI score0.00849EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/27 2:4 p.m.•43 views

CVE-2022-47946

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in iosqpollwaitsq in fs/iouring.c allows an attacker to crash the kernel, resulting in denial of service. finishwait can be skipped. An attack can occur in some situations by forking a process and then quickly...

5.5CVSS4.4AI score0.00373EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/12/16 4:0 p.m.•43 views

CVE-2022-37966

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability...

8.1CVSS4.2AI score0.02772EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/08 4:40 a.m.•43 views

CVE-2022-3630

A memory leak flaw was found in the Linux kernel IPSec functionality. This issue could allow a local user to crash the system...

5.5CVSS1.9AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/05 5:1 p.m.•43 views

CVE-2022-46366

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the also unsupported 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no...

9.8CVSS9.7AI score0.09732EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/12/05 7:31 a.m.•43 views

CVE-2020-35539

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

9.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/12/02 2:26 p.m.•43 views

CVE-2022-24999

A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a proto or constructor payload, a remote attacker can cause a...

7.5CVSS8.1AI score0.14663EPSS
Exploits2References6
RedhatCVE
RedhatCVE
•added 2022/10/18 7:10 a.m.•43 views

CVE-2022-38249

Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the MTR component in version 1.0.4...

6.1CVSS3.1AI score0.01717EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/08/31 7:59 p.m.•43 views

CVE-2022-2663

A flaw was found in the Linux kernel in nfconntrackirc where the message handling can be confused and it incorrectly matches on the message. An attacker could exploit this vulnerability to bypass firewall when users are using unencrypted IRC with nfconntrackirc configured. Mitigation To mitigate...

5.3CVSS6.1AI score0.01429EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/08/30 7:6 a.m.•43 views

CVE-2022-20148

In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.8CVSS2.9AI score0.00115EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/08/26 5:40 a.m.•43 views

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

3.6CVSS2.2AI score0.0037EPSS
Exploits1References4
Total number of security vulnerabilities5000