Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2021/08/10 5:25 p.m.•43 views

CVE-2021-26423

An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...

7.5CVSS1.7AI score0.03858EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/07/26 5:31 p.m.•43 views

CVE-2021-32786

A flaw was found in modauthopenidc where it does not sanitize redirection URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest...

6.1CVSS2.8AI score0.02364EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/07/07 7:42 p.m.•43 views

CVE-2021-31615

A flaw has been identified in bluetooth. Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet...

5.3CVSS4.7AI score0.00402EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/08 2:51 p.m.•43 views

CVE-2018-25015

A flaw was found in the Linux kernel. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.6AI score0.00569EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2021/06/01 2:19 p.m.•43 views

CVE-2021-33623

A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

7.5CVSS2.2AI score0.02901EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/24 5:42 p.m.•43 views

CVE-2021-33516

A flaw was found in gupnp. DNS rebinding can occur when a victim's browser is used by a remote web server to trigger actions against local UPnP services including data exfiltration, data tempering, and other exploits. The highest threat from this vulnerability is to data confidentiality and...

8.3CVSS1.5AI score0.01084EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2021/05/21 12:15 p.m.•43 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS5AI score0.01319EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•43 views

CVE-2021-21419

A flaw was found in eventlet. If an unauthenticated user manages to send large websocket frames or highly compressed data frames that can lead to memory exhaustion. An attacker could use this flaw to cause a denial of service DoS...

5.3CVSS2AI score0.01807EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•43 views

CVE-2021-3489

A flaw out of bound memory write in the Linux kernel BPF subsystem was found in the way user writes to BPF ring buffer too fast, so larger buffer than available memory could be allocated. A local user could use this flaw to crash the system or possibly escalate their privileges on the system...

7.8CVSS7.8AI score0.0055EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/04/29 10:18 a.m.•43 views

CVE-2021-20254

A flaw was found in samba. The Samba smbd file server must map Windows group identities SIDs into unix group ids gids. The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache...

6.8CVSS1AI score0.01616EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/04/21 7:21 p.m.•43 views

CVE-2021-21643

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS0.7AI score0.01082EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/30 2:11 p.m.•43 views

CVE-2021-29264

A flaw was found in the Linux kernel. The Freescale Gianfar Ethernet driver allows attackers to cause a system crash due to a negative fragment size calculated in situations involving an RX queue overrun when jumbo packets are used and NAPI is enabled. The highest threat from this vulnerability i...

7.1CVSS4.3AI score0.00272EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/12 10:3 a.m.•43 views

CVE-2021-20232

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and denial of service...

9.8CVSS9.2AI score0.03444EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/03/09 11:54 p.m.•43 views

CVE-2021-21378

An authentication bypass vulnerability was found in envoyproxy/envoy. When specifying a JSON Web Token JWT authentication filter, if allowmissing is also used, this flaw allows an attacker to craft a request with a JWT token with an incorrect issuer bypassing the filter. The highest threat from...

8.2CVSS3.5AI score0.0171EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/03/01 4:3 p.m.•43 views

CVE-2021-24111

.NET Framework Denial of Service Vulnerability...

7.5CVSS2.7AI score0.0384EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/25 1:3 p.m.•43 views

CVE-2021-3416

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS...

6CVSS3.1AI score0.00455EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/22 9:18 p.m.•43 views

CVE-2021-22112

A flaw was found in jenkins. Unintentional persisted temporary elevated privileges in some circumstances in a user's session can occur in Spring Security. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9CVSS3.8AI score0.03197EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/18 7:13 p.m.•43 views

CVE-2020-24502

Improper input validation in some IntelR Ethernet E810 Adapter drivers for Linux may allow an authenticated user to potentially enable a denial of service via local access...

5.5CVSS5.2AI score0.0031EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/15 12:33 p.m.•43 views

CVE-2020-28493

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

7.5CVSS2.6AI score0.03546EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/02/10 6:35 a.m.•43 views

CVE-2020-1717

A flaw was found in keycloak. An attacker could use the change email function in the account settings to determine if an email address was already used for another account an account enumeration attack. The highest threat from this flaw is to data confidentiality...

4CVSS2AI score0.00766EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/03 8:4 p.m.•43 views

CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating...

6CVSS1.1AI score0.00323EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/01/25 11:53 a.m.•43 views

CVE-2020-0427

A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. Mitigation Mitigation for this issue is either not available or the currently availabl...

5.5CVSS1.4AI score0.00492EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/21 3:5 p.m.•43 views

CVE-2021-3115

A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have "." listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and...

7.5CVSS8.1AI score0.06497EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/01/13 2:19 p.m.•43 views

CVE-2021-20180

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS2.5AI score0.003EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/11 9:26 p.m.•43 views

CVE-2021-23240

A race condition vulnerability was found in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, this flaw allows a malicious user with sudoedit permissions to set the owner of an arbitrary file to the user ID of the target user, potentially leading...

7.8CVSS1.7AI score0.01066EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/12/18 9:59 a.m.•43 views

CVE-2020-17520

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API...

9.1CVSS2.4AI score0.01337EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/14 7:26 p.m.•43 views

CVE-2020-27844

A flaw was found in openjpeg's src/lib/openjp2/t2.c. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

8.3CVSS1.6AI score0.01329EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/11/29 7:58 a.m.•43 views

CVE-2018-3180

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

6.8CVSS2.1AI score0.03392EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/11/13 6:12 p.m.•43 views

CVE-2020-28366

An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...

7.5CVSS7.9AI score0.02244EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/11/12 3:24 p.m.•43 views

CVE-2020-25696

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

7.6CVSS3.6AI score0.02586EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/11/06 5:29 p.m.•43 views

CVE-2020-16846

A flaw was found in salt. A shell injection vulnerability was found where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client. An attacker could use this flaw to cause a denial of service, information disclosure, or...

9.8CVSS1.8AI score0.99585EPSS
Exploits5References8
RedhatCVE
RedhatCVE
•added 2020/10/29 11:29 a.m.•43 views

CVE-2020-14323

A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability...

5.5CVSS2AI score0.00613EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/10/23 9:3 p.m.•43 views

CVE-2020-14798

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS2.3AI score0.02684EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/10/05 5:26 a.m.•43 views

CVE-2017-10355

It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...

5.3CVSS2AI score0.16181EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2020/09/30 4:17 p.m.•43 views

CVE-2020-26154

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header...

6.8CVSS2.9AI score0.03569EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/15 6:0 p.m.•43 views

CVE-2020-8927

A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a "one-shot" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB. Mitigation This flaw can be mitigated by using...

6.5CVSS1.6AI score0.03217EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/07 6:49 p.m.•43 views

CVE-2019-8672

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may...

9.3CVSS2.6AI score0.11024EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/09/07 12:19 p.m.•43 views

CVE-2020-3868

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...

9.3CVSS2.4AI score0.02633EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/09/07 9:49 a.m.•43 views

CVE-2020-3894

A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory...

2.6CVSS2.4AI score0.01107EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2020/08/19 10:10 a.m.•43 views

CVE-2020-24332

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...

5.5CVSS6.4AI score0.00553EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/08/18 7:29 p.m.•43 views

CVE-2019-0230

A flaw was found in Apache Struts frameworks. When forced, struts2 performs double evaluation of attributes' values assigned to certain tags attributes such as ID so it is possible to pass a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted...

7.5CVSS3.3AI score0.97399EPSS
Exploits15References3
RedhatCVE
RedhatCVE
•added 2020/08/13 12:43 p.m.•43 views

CVE-2020-14350

A flaw was found in PostgreSQL, where some PostgreSQL extensions did not use the searchpath safely in their installation script. This flaw allows an attacker with sufficient privileges to trick an administrator into executing a specially crafted script during the extension's installation or updat...

4.4CVSS3.4AI score0.00532EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/31 7:43 p.m.•43 views

CVE-2020-5411

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

6.8CVSS3AI score0.01856EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/31 1:44 p.m.•43 views

CVE-2020-16135

A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicabili...

4.3CVSS1AI score0.04105EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/07/16 6:9 p.m.•43 views

CVE-2020-15780

A flaw was found in how the ACPI table loading through acpiconfigfs was handled when the kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerability is to data confidentiality and integrity as wel...

7.2CVSS2.3AI score0.01314EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2020/07/15 9:39 a.m.•43 views

CVE-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS2.9AI score0.04044EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/10 9:51 a.m.•43 views

CVE-2020-8617

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

4.3CVSS3.3AI score0.93422EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2020/07/02 9:50 a.m.•43 views

CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba...

4CVSS2.2AI score0.02659EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/06/30 10:21 p.m.•43 views

CVE-2020-15393

In the Linux kernel 4.4 through 5.7.6, usbtestdisconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770...

2.1CVSS6.1AI score0.00433EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/06/23 11:25 a.m.•43 views

CVE-2020-10769

A buffer over-read flaw was found in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash...

5.5CVSS1.4AI score0.00491EPSS
Exploits1References3
Total number of security vulnerabilities5000