Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
•added 2024/01/18 4:40 p.m.•42 views

CVE-2024-0690

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as...

5CVSS5AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/15 5:31 p.m.•42 views

CVE-2024-21654

A flaw was found in Rubygems.org, the Ruby community's gem hosting service. Rubygems.org users with MFA enabled are normally protected from account takeover in the case of email account takeover. However, a workaround in the forgot password form may allow an attacker to bypass the MFA requirement...

4.8CVSS7AI score0.0048EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/13 12:3 a.m.•42 views

CVE-2023-49568

A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients. Mitigation In cases where a bump to...

7.5CVSS7.3AI score0.00704EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/10 3:6 p.m.•42 views

CVE-2024-20672

A vulnerability was found in .NET due to insufficient validation of user-supplied input. This flaw allows a remote attacker to pass specially crafted input to the application and perform a denial of service DoS attack...

7.5CVSS7.1AI score0.02895EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/09 12:31 p.m.•42 views

CVE-2024-0340

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

4.4CVSS5.8AI score0.00236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/04 4:33 p.m.•42 views

CVE-2023-51779

A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause a denial of service condition or potential code execution...

7CVSS7.8AI score0.0026EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/06 1:32 a.m.•42 views

CVE-2023-42916

A flaw was found in WebKitGTK. Processing malicious web content may cause an out-of-bounds read due to an improper input validation, resulting in sensitive content leaking...

6.8CVSS6.6AI score0.17823EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/05 5:42 a.m.•42 views

CVE-2023-5332

A command injection flaw was found in Hashicorp's Consul script check configuration option. If the API is enabled and exposed through a public interface, it is possible to achieve remote code execution. Mitigation To mitigate this issue, the '-enable-script-checks' option must be removed to disab...

8.1CVSS7.1AI score0.00742EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/11/28 4:57 a.m.•42 views

CVE-2023-42364

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...

7.8CVSS6.7AI score0.00433EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/10/26 6:27 p.m.•42 views

CVE-2023-34050

A flaw was found in Spring Framework AMQP. An allowed list exists in Spring AMQP, but when no allowed list is provided, all classes could be deserialized, allowing a malicious user to send harmful content to the broker. Mitigation An application may be vulnerable if: - The SimpleMessageConverter...

4.3CVSS6.9AI score0.01537EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/10/26 3:59 p.m.•42 views

CVE-2023-46137

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

5.3CVSS6.5AI score0.00766EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/10/25 8:28 a.m.•42 views

CVE-2023-30551

A flaw was found in Rekor. Versions prior to 1.1.1 may crash due to out of memory OOM conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF...

7.5CVSS6.8AI score0.0105EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/16 10:48 a.m.•42 views

CVE-2023-22025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

3.7CVSS3.6AI score0.00883EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/11 11:12 a.m.•42 views

CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

6.5CVSS6.1AI score0.01723EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/10/09 5:57 p.m.•42 views

CVE-2023-3932

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan...

8.2CVSS8.8AI score0.00878EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/10/03 7:24 p.m.•42 views

CVE-2023-5366

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

5.5CVSS6.7AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/29 6:26 p.m.•42 views

CVE-2023-40451

A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability...

8.8CVSS8.6AI score0.00964EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/28 11:54 a.m.•42 views

CVE-2023-5197

A use-after-free vulnerability was found in net/netfilter/nftablesapi.c in the netfilter component in the Linux Kernel. This flaw can be exploited to achieve local privilege escalation. Adding and removing rules from chain bindings within the same transaction leads to a use-after-free issue...

6.6CVSS6.5AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/09/22 8:25 p.m.•42 views

CVE-2023-40167

A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...

5.3CVSS5.2AI score0.01069EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/09/06 5:6 a.m.•42 views

CVE-2023-4781

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873...

7.8CVSS7.1AI score0.00606EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/29 7:15 p.m.•42 views

CVE-2023-40857

A flaw was found in the yara library. This issue occurs due to a buffer overflow vulnerability in the exe.c component that allows a remote attacker to execute arbtirary code via the yrexecutecod function. Mitigation Mitigation for this issue is either not available or the currently available...

8.8CVSS8.9AI score0.0087EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2023/08/23 9:21 p.m.•42 views

CVE-2022-47010

A memory leak flaw was found in binutils in the prfunctiontype function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability...

5.5CVSS5.5AI score0.00403EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/23 9:21 p.m.•42 views

CVE-2022-47007

A memory leak was found in function stabdemanglev3arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service...

5.5CVSS5.4AI score0.00403EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/17 3:27 a.m.•42 views

CVE-2023-4394

A use-after-free flaw was found in btrfsgetdevargsfrompath in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information...

6.7CVSS6AI score0.00208EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/11 6:19 a.m.•42 views

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

3.1CVSS6.2AI score0.00956EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/08/07 7:19 p.m.•42 views

CVE-2023-36053

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

7.5CVSS6.7AI score0.02978EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/03 8:34 p.m.•42 views

CVE-2023-4147

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTARULECHAINID. This flaw allows a local user to crash or escalate their privileges on the system...

7.8CVSS6.1AI score0.0056EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/07/24 7:41 a.m.•42 views

CVE-2020-25969

gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest...

5.3CVSS7.6AI score0.00876EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/07/20 8:30 a.m.•42 views

CVE-2023-22058

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

4.4CVSS5.5AI score0.01485EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/07/19 7:37 a.m.•42 views

CVE-2023-38197

A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body...

7.5CVSS6.1AI score0.01076EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/04/11 5:59 p.m.•42 views

CVE-2023-1989

A use-after-free flaw was found in btsdioremove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdioremove with an unfinished job may cause a race problem which leads to a UAF on hdev devices. Mitigation This flaw can be mitigated by preventing the affected Generic Bluetooth SDIO...

7CVSS6.7AI score0.00387EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/04 9:43 p.m.•42 views

CVE-2023-1260

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...

8CVSS7.6AI score0.01569EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/04 6:13 p.m.•42 views

CVE-2021-28235

A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges...

9.8CVSS8.9AI score0.01605EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/21 9:44 a.m.•42 views

CVE-2022-30704

A flaw was found in hw. Improper initialization in the IntelR TXT SINIT ACM for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access. Mitigation Please contact the hardware vendor for more updates...

7.2CVSS6.5AI score0.00212EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/03/09 12:15 a.m.•42 views

CVE-2023-1175

A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yankcopyline function of the register.c file. This flaw allows illegal memory access when using virtual editing as "startspaces" goes negative. An attacker can trick a user into opening a specially...

5.3CVSS6.7AI score0.00438EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/03/01 8:29 p.m.•42 views

CVE-2023-25173

A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some...

7.3CVSS7.7AI score0.00542EPSS
Exploits1References8
RedhatCVE
RedhatCVE
•added 2023/02/27 6:30 p.m.•42 views

CVE-2023-1078

An out-of-bounds memory access flaw was found in the Linux kernel's RDS Reliable Datagram Sockets protocol due to triggering rdsmessageput. This could allow a local user to crash the system or potentially escalate their privileges on the system...

7.8CVSS7.2AI score0.00251EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/02/16 9:32 a.m.•42 views

CVE-2023-25744

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...

8.8CVSS2.8AI score0.00668EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/16 9:30 a.m.•42 views

CVE-2023-25735

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy...

8.8CVSS2.2AI score0.00716EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/02/08 6:56 p.m.•42 views

CVE-2023-23455

A denial of service flaw was found in atmtcenqueue in net/sched/schatm.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate a TCACTSHOT condition rather than valid classification results. Mitigation Th...

4.2CVSS6.1AI score0.00268EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/07 5:28 p.m.•42 views

CVE-2023-0216

A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. This may result in an application crash which could lead to a denial of service. The TLS implementati...

7.5CVSS7.2AI score0.01846EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/01/25 5:36 a.m.•42 views

CVE-2021-26391

A flaw was found in hw. Insufficient verification of multiple header signatures while loading a Trusted Application TA may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. Mitigation Please contact AMD for more updates on this flaw...

6.4CVSS4AI score0.00172EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/24 3:35 a.m.•42 views

CVE-2023-0456

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...

7.4CVSS3.4AI score0.0064EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/01/18 7:5 p.m.•42 views

CVE-2022-44033

A use-after-free flaw was found in the Linux Kernel. This issue occurs due to a race between cm4040open and readerdetach in drivers/char/pcmcia/cm4040cs.c when a physically proximate attacker removes a PCMCIA device while calling open. Mitigation This flaw can be mitigated by preventing the...

6.4CVSS2.4AI score0.00323EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/01/17 4:35 p.m.•42 views

CVE-2022-47950

A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api...

7.7CVSS2.6AI score0.01001EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/01/13 7:34 p.m.•42 views

CVE-2022-46456

A buffer over-read was found in NASM. The issue occurs when a specially crafted file is processed by NASM when using the dbg output file format, causing the application to crash and disclose a limited amount of information...

6.1CVSS2.1AI score0.00357EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/12/27 2:4 p.m.•42 views

CVE-2022-47946

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in iosqpollwaitsq in fs/iouring.c allows an attacker to crash the kernel, resulting in denial of service. finishwait can be skipped. An attack can occur in some situations by forking a process and then quickly...

5.5CVSS4.4AI score0.00373EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/12/16 4:0 p.m.•42 views

CVE-2022-37966

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability...

8.1CVSS4.2AI score0.02772EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/12/12 4:35 p.m.•42 views

CVE-2022-3520

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

9.8CVSS2.6AI score0.01002EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/12/09 5:4 a.m.•42 views

CVE-2022-3190

A vulnerability was found in Wireshark. This issue occurs due to an Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark, leading to a denial of service via packet injection or crafted capture file...

5.5CVSS6.1AI score0.01754EPSS
Exploits1References4
Total number of security vulnerabilities5000