Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2021/08/25 8:0 p.m.•43 views

CVE-2021-39152

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

8.5CVSS4AI score0.11468EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2021/08/24 10:14 p.m.•43 views

CVE-2021-32777

An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...

8.6CVSS3.7AI score0.03325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/23 7:5 p.m.•43 views

CVE-2021-37750

A flaw was found in krb5. The Key Distribution Center KDC in MIT Kerberos 5 has a NULL pointer dereference via a FAST inner body that lacks a server field. An authenticated attacker could use this flaw to crash the Kerberos KDC server. The highest threat from this vulnerability is to system...

6.5CVSS2.2AI score0.02166EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/11 4:20 a.m.•43 views

CVE-2021-29984

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and...

8.8CVSS3AI score0.01386EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:51 p.m.•43 views

CVE-2021-2429

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

5.9CVSS2AI score0.41478EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:51 p.m.•43 views

CVE-2021-2441

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.0171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•43 views

CVE-2021-2387

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01611EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•43 views

CVE-2021-2383

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.02588EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•43 views

CVE-2021-2352

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

6.8CVSS2AI score0.02831EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 6:33 p.m.•43 views

CVE-2021-32815

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denia...

5.5CVSS2.1AI score0.01104EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 5:25 p.m.•43 views

CVE-2021-26423

An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...

7.5CVSS1.7AI score0.03858EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/07/07 7:42 p.m.•43 views

CVE-2021-31615

A flaw has been identified in bluetooth. Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet...

5.3CVSS4.7AI score0.00402EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/08 2:51 p.m.•43 views

CVE-2018-25015

A flaw was found in the Linux kernel. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.6AI score0.00569EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2021/06/01 2:19 p.m.•43 views

CVE-2021-33623

A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

7.5CVSS2.2AI score0.02901EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•43 views

CVE-2021-3489

A flaw out of bound memory write in the Linux kernel BPF subsystem was found in the way user writes to BPF ring buffer too fast, so larger buffer than available memory could be allocated. A local user could use this flaw to crash the system or possibly escalate their privileges on the system...

7.8CVSS7.8AI score0.0055EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/04/21 7:21 p.m.•43 views

CVE-2021-21643

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS0.7AI score0.01082EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/30 2:11 p.m.•43 views

CVE-2021-29264

A flaw was found in the Linux kernel. The Freescale Gianfar Ethernet driver allows attackers to cause a system crash due to a negative fragment size calculated in situations involving an RX queue overrun when jumbo packets are used and NAPI is enabled. The highest threat from this vulnerability i...

7.1CVSS4.3AI score0.00272EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/12 10:3 a.m.•43 views

CVE-2021-20232

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and denial of service...

9.8CVSS9.2AI score0.03444EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/03/09 11:54 p.m.•43 views

CVE-2021-21378

An authentication bypass vulnerability was found in envoyproxy/envoy. When specifying a JSON Web Token JWT authentication filter, if allowmissing is also used, this flaw allows an attacker to craft a request with a JWT token with an incorrect issuer bypassing the filter. The highest threat from...

8.2CVSS3.5AI score0.0171EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/03/01 4:3 p.m.•43 views

CVE-2021-24111

.NET Framework Denial of Service Vulnerability...

7.5CVSS2.7AI score0.0384EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/02/25 1:3 p.m.•43 views

CVE-2021-3416

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS...

6CVSS3.1AI score0.00455EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/22 9:18 p.m.•43 views

CVE-2021-22112

A flaw was found in jenkins. Unintentional persisted temporary elevated privileges in some circumstances in a user's session can occur in Spring Security. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9CVSS3.8AI score0.03197EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/02/03 8:4 p.m.•43 views

CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating...

6CVSS1.1AI score0.00323EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/01/25 11:53 a.m.•43 views

CVE-2020-0427

A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. Mitigation Mitigation for this issue is either not available or the currently availabl...

5.5CVSS1.4AI score0.00492EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/01/13 2:19 p.m.•43 views

CVE-2021-20180

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS2.5AI score0.003EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/12/18 9:59 a.m.•43 views

CVE-2020-17520

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API...

9.1CVSS2.4AI score0.01337EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/11/29 7:58 a.m.•43 views

CVE-2018-3180

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

6.8CVSS2.1AI score0.03392EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/11/13 6:12 p.m.•43 views

CVE-2020-28366

An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...

7.5CVSS7.9AI score0.02244EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/11/12 3:24 p.m.•43 views

CVE-2020-25696

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

7.6CVSS3.6AI score0.02586EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/11/11 1:23 a.m.•43 views

CVE-2020-12321

A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation. Mitigation To mitigate these vulnerabilities on the operating system level, disab...

8.8CVSS1.3AI score0.0097EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/10/23 9:3 p.m.•43 views

CVE-2020-14798

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS2.3AI score0.02684EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/10/05 5:26 a.m.•43 views

CVE-2017-10355

It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...

5.3CVSS2AI score0.16181EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2020/09/15 6:0 p.m.•43 views

CVE-2020-8927

A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a "one-shot" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB. Mitigation This flaw can be mitigated by using...

6.5CVSS1.6AI score0.03217EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/09/07 9:49 a.m.•43 views

CVE-2020-3894

A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory...

2.6CVSS2.4AI score0.01107EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2020/08/18 7:29 p.m.•43 views

CVE-2019-0230

A flaw was found in Apache Struts frameworks. When forced, struts2 performs double evaluation of attributes' values assigned to certain tags attributes such as ID so it is possible to pass a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted...

7.5CVSS3.3AI score0.97399EPSS
Exploits15References3
RedhatCVE
RedhatCVE
•added 2020/07/31 7:43 p.m.•43 views

CVE-2020-5411

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

6.8CVSS3AI score0.01856EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/31 1:44 p.m.•43 views

CVE-2020-16135

A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicabili...

4.3CVSS1AI score0.04105EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2020/07/16 6:9 p.m.•43 views

CVE-2020-15780

A flaw was found in how the ACPI table loading through acpiconfigfs was handled when the kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerability is to data confidentiality and integrity as wel...

7.2CVSS2.3AI score0.01314EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2020/07/15 9:39 a.m.•43 views

CVE-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS2.9AI score0.04044EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/07/10 9:51 a.m.•43 views

CVE-2020-8617

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

4.3CVSS3.3AI score0.93422EPSS
Exploits5References4
RedhatCVE
RedhatCVE
•added 2020/07/02 9:50 a.m.•43 views

CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba...

4CVSS2.2AI score0.02659EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/06/23 11:25 a.m.•43 views

CVE-2020-10769

A buffer over-read flaw was found in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash...

5.5CVSS1.4AI score0.00491EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/06/03 2:52 a.m.•43 views

CVE-2020-12406

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code...

9.3CVSS2.5AI score0.0102EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/06/01 2:20 p.m.•43 views

CVE-2019-20806

A NULL pointer dereference flaw was found in tw5864handleframe function in drivers/media/pci/tw5864/tw5864-video.c in the TW5864 Series Video media driver. The pointer 'vb' is assigned, but not validated before its use, and can lead to a denial of service. This flaw allows a local attacker with...

4.4CVSS2.1AI score0.00384EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/05/28 3:51 a.m.•43 views

CVE-2019-15924

A flaw was found in the way the fm10k driver in the Linux kernel reacted to memory-related errors during driver initialization. This flaw allows a local attacker to cause a denial of service and crash the system. Mitigation To mitigate this issue, prevent module fm10k from being loaded. Please se...

5.5CVSS3.6AI score0.00524EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/04/17 7:33 a.m.•43 views

CVE-2020-11868

A flaw was found in the Network Time Protocol NTP, where a security issue exists that allows an off-path attacker to prevent the Network Time Protocol daemon ntpd from synchronizing with NTP servers not using authentication. A server mode packet with a spoofed source address sent to the client nt...

7.5CVSS7.5AI score0.02081EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/14 10:3 p.m.•43 views

CVE-2020-2830

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl...

5CVSS2.6AI score0.04948EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/14 10:3 p.m.•43 views

CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS1.4AI score0.02879EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/09 12:23 p.m.•43 views

CVE-2019-17133

A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code...

9.8CVSS4.2AI score0.06652EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/08 9:46 p.m.•43 views

CVE-2018-19364

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to for example a use-after-free outcome...

5.5CVSS1.9AI score0.0053EPSS
Exploits0References2
Total number of security vulnerabilities5000