Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2022/04/30 1:9 p.m.•43 views

CVE-2021-36221

A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability. Mitigation Mitigation for this issue is either not available or the...

5.9CVSS1.3AI score0.03128EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/29 12:59 p.m.•43 views

CVE-2022-24736

A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process. Mitigation If Lua scripting is not being used, this vulnerability can be mitigated...

5.5CVSS2.3AI score0.01498EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/04/14 10:38 p.m.•43 views

CVE-2022-27448

An assertion failure was found in the MariaDB Server. This issue is via, 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc, affecting availability...

7.5CVSS3.8AI score0.02151EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/06 2:53 p.m.•43 views

CVE-2022-1196

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash...

6.5CVSS2AI score0.00718EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/31 8:47 p.m.•43 views

CVE-2022-1199

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability...

7.5CVSS3.1AI score0.0155EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/23 9:3 p.m.•43 views

CVE-2022-24771

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...

7.5CVSS3.7AI score0.00717EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/16 8:56 p.m.•43 views

CVE-2022-0635

An assertion check flaw was found in BIND, with a refactoration of RFC 8198 Aggressive Use of the DNSSEC-Validated Cache feature synth-from-dnssec. The repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:querydname, which results in...

7.5CVSS2.1AI score0.01285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/03/15 6:45 p.m.•43 views

CVE-2022-0865

A reachable assertion failure was found in libtiff's JBIG functionality. This flaw allows an attacker who can submit a crafted file to an application linked with libtiff and using the JBIG functionality, causes a crash via an assertion failure, leading to a denial of service. The exact mechanism...

6.5CVSS6.4AI score0.01478EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/15 5:44 a.m.•43 views

CVE-2022-26878

A memory leak problem was found in the virtbtrxhandle in drivers/bluetooth/virtiobt.c in the Linux kernel. This flaw allows a local attacker to cause a denial of service on the reception of packets with an invalid packet type. Mitigation Mitigation for this issue is either not available or the...

5.5CVSS2AI score0.00317EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2022/03/09 12:42 p.m.•43 views

CVE-2022-26387

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox...

7.5CVSS2.3AI score0.00657EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/15 10:11 p.m.•43 views

CVE-2021-45402

A memory leak flaw was found in the Linux kernel’s BPF subsystem in the way a user triggers the checkaluop function of the BPF verifier. This flaw allows a local user to obtain unauthorized memory access or potentially crash the system. Mitigation The default Red Hat Enterprise Linux kernel...

5.5CVSS1.8AI score0.00416EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2022/02/14 9:55 a.m.•43 views

CVE-2021-45444

A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. This occurs because of recursive PROMPTSUBST expansion...

7.8CVSS4.4AI score0.0198EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/02/03 4:26 p.m.•43 views

CVE-2021-43616

A flaw was found in npm. The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation and makes it easier for attackers to install malware that was supposed to have been blocked...

9.8CVSS2.8AI score0.02534EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/24 6:5 p.m.•43 views

CVE-2022-20617

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

8.8CVSS1.9AI score0.02277EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/18 9:49 p.m.•43 views

CVE-2022-21365

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5.3CVSS4.7AI score0.03486EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/18 11:44 a.m.•43 views

CVE-2021-23436

A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could execute arbitrary code on the system...

9.8CVSS4.1AI score0.02293EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2022/01/13 6:54 a.m.•43 views

CVE-2019-11737

If a wildcard '' is specified for the host in Content Security Policy CSP directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox 69...

5.3CVSS1.3AI score0.00546EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/12 11:22 p.m.•43 views

CVE-2021-43415

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

8.8CVSS3.5AI score0.01182EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/10 2:25 p.m.•43 views

CVE-2021-30897

A flaw was found in the resource timing API specification and its implementation in WebKitGTK. A malicious web site could use this flaw to trigger a cross-domain data exfiltration...

6.5CVSS2.1AI score0.01661EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/06 8:37 p.m.•43 views

CVE-2021-46142

An invalid pointer operations flaw was found in uriparser's uriNormalizeSyntax function. An attacker with local network access could pass a specially crafted unknown input causing that application to crash...

5.5CVSS5AI score0.01095EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/12/21 4:29 p.m.•43 views

CVE-2021-4149

A vulnerability was found in btrfsalloctreeb in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service DOS due to a deadlock problem. Mitigation Mitigation for this issue is either not...

5.5CVSS2.3AI score0.004EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2021/12/14 6:18 p.m.•43 views

CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

4.3CVSS1.5AI score0.01773EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/22 5:0 p.m.•43 views

CVE-2021-4001

A race condition was found in the Linux kernel's ebpf verifier between bpfmapupdateelem and bpfmapfreeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege capsysadmin or capbpf can modify the frozen mapped address space. Mitigation Mitigation for...

6.7CVSS5.7AI score0.00186EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/08 6:49 p.m.•43 views

CVE-2021-3928

A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Do not run...

7.8CVSS8AI score0.00591EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/10/22 10:43 a.m.•43 views

CVE-2021-3896

An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...

6.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/10/21 3:34 p.m.•43 views

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

5.3CVSS3.7AI score0.02805EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/20 6:45 p.m.•43 views

CVE-2021-35624

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS3.6AI score0.01365EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/10/13 4:42 a.m.•43 views

CVE-2021-41136

An HTTP Request Smuggling vulnerability was found in puma. When using puma with a proxy, which forwards LF characters as line endings, an attacker could use this flaw to smuggle a request through a proxy, causing the proxy to send a response back to another unknown client...

3.7CVSS2.4AI score0.01119EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/05 11:28 a.m.•43 views

CVE-2021-41611

The squid proxy package may incorrectly classify certain certificates as trusted. This can allow traffic to obtain security trust when the trust is not valid. The highest threat from this vulnerability is to confidentiality and integrity. Mitigation The only mitigation is complete denial to TLS a...

8.1CVSS2.5AI score0.02854EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/30 8:24 p.m.•43 views

CVE-2021-41799

When processing ApiQueryBacklinks, the full db table scan might be initiated what can cause resource exhaustion and in a consequence the denial of service DoS...

7.5CVSS2.5AI score0.01646EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/23 5:59 p.m.•43 views

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

8.1CVSS2.1AI score0.04719EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/09/17 6:34 p.m.•43 views

CVE-2020-21529

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a stack buffer overflow due to improper range checks. This leads to a denial of service, impacting availability of the program...

5.5CVSS4.3AI score0.01055EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/09/06 3:4 p.m.•43 views

CVE-2021-35268

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS inodes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.2AI score0.00488EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/09/02 8:1 p.m.•43 views

CVE-2021-3757

A flaw was found in immer when manipulates object attributes such as proto, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a...

9.8CVSS3.3AI score0.01651EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/08/31 5:10 p.m.•43 views

CVE-2021-37712

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

8.6CVSS2.4AI score0.0185EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/08/24 10:14 p.m.•43 views

CVE-2021-32777

An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...

8.6CVSS3.7AI score0.03325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/08/11 4:20 a.m.•43 views

CVE-2021-29984

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and...

8.8CVSS3AI score0.01386EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:50 p.m.•43 views

CVE-2021-2387

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01611EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 6:33 p.m.•43 views

CVE-2021-32815

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denia...

5.5CVSS2.1AI score0.01104EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 5:25 p.m.•43 views

CVE-2021-26423

An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...

7.5CVSS1.7AI score0.03858EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/06/08 2:51 p.m.•43 views

CVE-2018-25015

A flaw was found in the Linux kernel. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS2.6AI score0.00569EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2021/06/01 2:19 p.m.•43 views

CVE-2021-33623

A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

7.5CVSS2.2AI score0.02901EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•43 views

CVE-2021-3489

A flaw out of bound memory write in the Linux kernel BPF subsystem was found in the way user writes to BPF ring buffer too fast, so larger buffer than available memory could be allocated. A local user could use this flaw to crash the system or possibly escalate their privileges on the system...

7.8CVSS7.8AI score0.0055EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2021/05/04 8:21 p.m.•43 views

CVE-2018-25011

A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS3.3AI score0.02513EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2021/04/28 11:48 a.m.•43 views

CVE-2021-3520

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability...

9.8CVSS9.3AI score0.03216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/21 7:21 p.m.•43 views

CVE-2021-21643

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS0.7AI score0.01082EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/03/30 2:11 p.m.•43 views

CVE-2021-29264

A flaw was found in the Linux kernel. The Freescale Gianfar Ethernet driver allows attackers to cause a system crash due to a negative fragment size calculated in situations involving an RX queue overrun when jumbo packets are used and NAPI is enabled. The highest threat from this vulnerability i...

7.1CVSS4.3AI score0.00272EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/25 12:52 p.m.•43 views

CVE-2020-36193

A flaw was found in the ArchiveTar package. ArchiveTar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing "dot dot" sequences /../ to modify...

7.5CVSS4.8AI score0.70595EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/03/17 1:46 p.m.•43 views

CVE-2021-28650

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplet...

5.5CVSS3.9AI score0.00639EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/03/12 10:3 a.m.•43 views

CVE-2021-20232

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and denial of service...

9.8CVSS9.2AI score0.03444EPSS
Exploits0References5
Total number of security vulnerabilities5000