Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2020/04/07 7:5 a.m.•43 views

CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. Mitigation Mitigation provided by DigitalOcean: Mitigation relies on the HAProx...

6.1CVSS0.7AI score0.01525EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/04/05 11:9 a.m.•43 views

CVE-2019-14815

A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware mwifiex could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. A patch ha...

7.8CVSS4.6AI score0.00488EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/05 5:17 a.m.•43 views

CVE-2019-11049

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations...

9.8CVSS3.3AI score0.04218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/05 5:3 a.m.•43 views

CVE-2019-11041

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

7.1CVSS3.1AI score0.0442EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/04/04 11:25 p.m.•43 views

CVE-2020-7053

A use-after-free flaw was found in the Linux kernel’s GPU driver functionality when destroying GEM context. A local user could use this flaw to crash the system or potentially escalate their privileges. Mitigation In case of dedicated graphic card presence and i915 GPU is not being used, you can...

7.8CVSS1.5AI score0.00617EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/04 11:5 a.m.•43 views

CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to crash the QEMU process,...

7.7CVSS2.6AI score0.04018EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/02 2:8 p.m.•43 views

CVE-2019-15666

A flaw was found in the Linux kernel. When xfrm policy removal occurs a system crash could occur. These policy changes generally occur through the ip command or a netlink socket...

6.7CVSS2.3AI score0.0173EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/04/02 8:57 a.m.•43 views

CVE-2017-16645

The imspcugetcdcuniondesc function in drivers/input/misc/ims-pcu.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service imspcuparsecdcdata out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...

7.2CVSS7AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2020/04/02 8:14 a.m.•43 views

CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

7.5CVSS2.1AI score0.10911EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/03/31 8:0 p.m.•43 views

CVE-2019-9458

A flaw was found in the Linux kernel's video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation. Mitigation To mitigate this issue, prevent modules v4l2-common, v4l2-dv-timings from being loaded if not...

7CVSS1.8AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/30 8:1 p.m.•43 views

CVE-2020-10698

A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the nolog flag when...

3.3CVSS0.7AI score0.00268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/30 6:31 p.m.•43 views

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

7.5CVSS6AI score0.08411EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/03/30 8:18 a.m.•43 views

CVE-2019-11070

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...

6.5CVSS1.6AI score0.03294EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/29 1:58 p.m.•43 views

CVE-2018-20657

The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service memory consumption, as demonstrated by cxxfilt, a related issue to CVE-2018-12698...

7.5CVSS3.5AI score0.0669EPSS
Exploits2References2
RedhatCVE
RedhatCVE
•added 2020/03/06 1:31 p.m.•43 views

CVE-2019-2978

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

4.3CVSS4.5AI score0.03284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/03 7:41 p.m.•43 views

CVE-2019-20485

A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon indefinitely, resulti...

5.8CVSS5.9AI score0.00813EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/03/02 11:41 a.m.•43 views

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

7.1CVSS7.2AI score0.06617EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/02/14 1:55 p.m.•43 views

CVE-2018-14612

An issue was discovered in the btrfs filesystem code in the Linux kernel. An invalid NULL pointer dereference in btrfsrootnode when mounting a crafted btrfs image is due to a lack of chunk block group mapping validation in btrfsreadblockgroups in the fs/btrfs/extent-tree.c function and a lack of...

7.1CVSS2.4AI score0.0259EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2020/01/22 4:10 a.m.•43 views

CVE-2020-1702

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...

4.3CVSS2.3AI score0.00688EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2020/01/17 3:33 a.m.•43 views

CVE-2019-13233

A vulnerability was found in the arch/x86/lib/insn-eval.c function in the Linux kernel. An attacker could corrupt the memory due to a flaw in use-after-free access to an LDT entry caused by a race condition between modifyldt and a BR exception for an MPX bounds violation...

7CVSS2.7AI score0.00469EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/01/14 9:43 p.m.•43 views

CVE-2019-5108

A flaw was found in the Linux kernel’s implementation of the WiFi station handoff code. An attacker within the radio range could use this flaw to deny a valid device from joining the access point. Mitigation At this time there is no known mitigations to this issue other than to install the update...

7.4CVSS2.6AI score0.10114EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2020/01/11 9:34 a.m.•43 views

CVE-2018-13053

A flaw was found in the alarmtimernsleep function in kernel/time/alarmtimer.c in the Linux kernel. The ktimeaddsafe function is not used and an integer overflow can happen causing an alarm not to fire or possibly a denial-of-service if using a large relative timeout...

3.3CVSS2.8AI score0.00513EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2020/01/09 6:8 p.m.•43 views

CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS2.1AI score0.98567EPSS
Exploits12References3
RedhatCVE
RedhatCVE
•added 2020/01/07 11:9 p.m.•43 views

CVE-2019-17017

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

8.8CVSS1.1AI score0.02489EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2020/01/05 3:33 a.m.•43 views

CVE-2017-3641

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4CVSS1.3AI score0.03225EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2019/12/29 9:55 p.m.•43 views

CVE-2019-19319

An out-of-bounds write flaw was found in the Linux kernel’s Ext4 FileSystem in the way it uses a crafted ext4 image. This flaw allows a local user with physical access to crash the system or potentially escalate their privileges on the system. Mitigation Mitigation for this issue is either not...

7.8CVSS1AI score0.00692EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2019/12/29 9:44 p.m.•43 views

CVE-2019-12450

filecopyfallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used...

9.8CVSS2.3AI score0.02602EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/12/26 3:44 p.m.•43 views

CVE-2019-2769

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

5.3CVSS2.2AI score0.04351EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/12/22 3:41 a.m.•43 views

CVE-2017-7493

Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System9pfs support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges...

7.8CVSS2.3AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2019/12/13 10:21 p.m.•43 views

CVE-2019-19535

A flaw was found in the Linux kernel’s implementation of the Peak CANBUS USB device driver. An information leak caused by the device could allow a local attacker to possibly gain private information from uninitialized kernel memory...

4.6CVSS3.7AI score0.00504EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/12/13 6:38 p.m.•43 views

CVE-2019-19523

A flaw was found in the Linux kernel’s implementation for ADU devices from Ontrak Control Systems, where an attacker with administrative privileges and access to a local account could pre-groom the memory and physically disconnect or unload a module. The attacker must be able to access either of...

7.8CVSS0.7AI score0.00409EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/12/11 12:50 a.m.•43 views

CVE-2019-1352

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387...

9.3CVSS4AI score0.34007EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2019/12/03 3:17 p.m.•43 views

CVE-2019-14910

A flaw was found in keycloak 7.x where an invalid password is accepted for user authentication when LDAP user federation and STARTTLS is used instead of SSL/TLS from the LDAP server. This can allow an attacker to log into a system using any entry for a password authentication and still gain acces...

9.8CVSS2.3AI score0.01054EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/11/21 11:38 a.m.•43 views

CVE-2019-19060

A memory leak in the adisupdatescanmode function in drivers/iio/imu/adisbuffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-ab612b1daf41...

7.8CVSS5.5AI score0.03755EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/11/08 3:35 a.m.•43 views

CVE-2017-18270

A flaw was found in the Linux kernel in the way a local user could create keyrings for other users via keyctl commands. This may allow an attacker to set unwanted defaults, a denial of service, or possibly leak keyring information between users...

7.1CVSS3.9AI score0.00421EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2019/11/05 10:25 p.m.•43 views

CVE-2018-3183

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Scripting. Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network...

9CVSS1AI score0.02815EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2019/11/04 4:16 a.m.•43 views

CVE-2017-10285

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

9.6CVSS1.8AI score0.03143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2019/11/03 4:23 p.m.•43 views

CVE-2017-2636

A race condition flaw was found in the NHLDC Linux kernel driver when accessing nhdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. Mitigation The nhdlc kern...

7CVSS0.5AI score0.01029EPSS
Exploits2References2
RedhatCVE
RedhatCVE
•added 2019/11/02 10:22 p.m.•43 views

CVE-2017-10096

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

9.6CVSS1.7AI score0.02555EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2019/11/01 1:25 p.m.•43 views

CVE-2019-15141

WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service application crash resulting from a heap-based buffer over-read via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and...

8.1CVSS4.9AI score0.03708EPSS
Exploits2References3
RedhatCVE
RedhatCVE
•added 2019/10/23 4:20 a.m.•43 views

CVE-2019-14834

A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory lea...

4.3CVSS4.9AI score0.02664EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/10/22 12:51 p.m.•43 views

CVE-2019-14864

A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag nolog is enabled. This flaw can disclose and collect sensitive data from the system and expose it to an attacker...

6.5CVSS1.7AI score0.01857EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2019/10/17 6:52 p.m.•43 views

CVE-2019-11038

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

5.3CVSS6.4AI score0.04332EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2019/10/15 9:21 p.m.•43 views

CVE-2019-2987

Vulnerability in the Java SE product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

4.3CVSS4.5AI score0.03395EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/10/12 1:49 a.m.•43 views

CVE-2018-2637

It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions...

7.4CVSS3.1AI score0.04618EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2019/10/10 11:45 p.m.•43 views

CVE-2019-14812

A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...

9.3CVSS1.2AI score0.92499EPSS
Exploits4References2
RedhatCVE
RedhatCVE
•added 2019/10/10 5:40 p.m.•43 views

CVE-2019-11810

A flaw was found in the Linux kernel, prior to version 5.0.7, in drivers/scsi/megaraid/megaraidsasbase.c, where a NULL pointer dereference can occur when megasascreateframepool fails in megasasalloccmds. An attacker can crash the system if they were able to load the megaraidsas kernel module and...

7.8CVSS4.1AI score0.05789EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2019/10/10 10:51 a.m.•43 views

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

7.5CVSS2.7AI score0.70783EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2019/10/10 9:31 a.m.•43 views

CVE-2018-2634

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

6.8CVSS2AI score0.04532EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2019/10/10 4:23 a.m.•43 views

CVE-2017-7775

An assertion error has been reported in graphite2. An attacker could possibly exploit this flaw to cause an application crash...

9.8CVSS2.3AI score0.05216EPSS
Exploits0References2
Total number of security vulnerabilities5000