Lucene search
K
RedhatcveMost viewed

206321 matches found

RedhatCVE
RedhatCVE
added 2024/01/15 5:31 p.m.42 views

CVE-2024-21654

A flaw was found in Rubygems.org, the Ruby community's gem hosting service. Rubygems.org users with MFA enabled are normally protected from account takeover in the case of email account takeover. However, a workaround in the forgot password form may allow an attacker to bypass the MFA requirement...

4.8CVSS7AI score0.0048EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/01/13 12:3 a.m.42 views

CVE-2023-49568

A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients. Mitigation In cases where a bump to...

7.5CVSS7.3AI score0.00704EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/01/09 12:31 p.m.42 views

CVE-2024-0340

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

4.4CVSS5.8AI score0.00236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/01/04 4:33 p.m.42 views

CVE-2023-51779

A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause a denial of service condition or potential code execution...

7CVSS7.8AI score0.0026EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/12/13 10:29 p.m.42 views

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Mitigation Mitigation for this issue is either not available or the...

7.5CVSS6.5AI score0.02454EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/11/28 4:57 a.m.42 views

CVE-2023-42364

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...

7.8CVSS6.7AI score0.00433EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/10/26 6:27 p.m.42 views

CVE-2023-34050

A flaw was found in Spring Framework AMQP. An allowed list exists in Spring AMQP, but when no allowed list is provided, all classes could be deserialized, allowing a malicious user to send harmful content to the broker. Mitigation An application may be vulnerable if: - The SimpleMessageConverter...

4.3CVSS6.9AI score0.01537EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/10/26 3:59 p.m.42 views

CVE-2023-46137

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

5.3CVSS6.5AI score0.00766EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/10/03 7:24 p.m.42 views

CVE-2023-5366

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

5.5CVSS6.7AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/09/29 6:26 p.m.42 views

CVE-2023-40451

A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability...

8.8CVSS8.6AI score0.00964EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/09/28 11:54 a.m.42 views

CVE-2023-5197

A use-after-free vulnerability was found in net/netfilter/nftablesapi.c in the netfilter component in the Linux Kernel. This flaw can be exploited to achieve local privilege escalation. Adding and removing rules from chain bindings within the same transaction leads to a use-after-free issue...

6.6CVSS6.5AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/09/22 8:25 p.m.42 views

CVE-2023-40167

A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...

5.3CVSS5.2AI score0.01069EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/09/15 11:24 a.m.42 views

CVE-2023-41915

OpenPMIx PMIx is vulnerable to a race condition during execution of library code with UID 0, which allows attackers to obtain ownership of arbitrary files...

8.1CVSS7.9AI score0.01121EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/08/29 7:15 p.m.42 views

CVE-2023-40857

A flaw was found in the yara library. This issue occurs due to a buffer overflow vulnerability in the exe.c component that allows a remote attacker to execute arbtirary code via the yrexecutecod function. Mitigation Mitigation for this issue is either not available or the currently available...

8.8CVSS8.9AI score0.0087EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2023/08/07 7:19 p.m.42 views

CVE-2023-36053

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

7.5CVSS6.7AI score0.02978EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/07/20 8:30 a.m.42 views

CVE-2023-22058

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

4.4CVSS5.5AI score0.01485EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/04/11 5:59 p.m.42 views

CVE-2023-1989

A use-after-free flaw was found in btsdioremove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdioremove with an unfinished job may cause a race problem which leads to a UAF on hdev devices. Mitigation This flaw can be mitigated by preventing the affected Generic Bluetooth SDIO...

7CVSS6.7AI score0.00387EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/04/04 9:43 p.m.42 views

CVE-2023-1260

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...

8CVSS7.6AI score0.01569EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/03/21 9:44 a.m.42 views

CVE-2022-30704

A flaw was found in hw. Improper initialization in the IntelR TXT SINIT ACM for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access. Mitigation Please contact the hardware vendor for more updates...

7.2CVSS6.5AI score0.00212EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/02/15 6:59 a.m.42 views

CVE-2023-0361

A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send ...

7.4CVSS7.2AI score0.01403EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/02/08 6:56 p.m.42 views

CVE-2023-23455

A denial of service flaw was found in atmtcenqueue in net/sched/schatm.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate a TCACTSHOT condition rather than valid classification results. Mitigation Th...

4.2CVSS6.1AI score0.00268EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/01/25 5:36 a.m.42 views

CVE-2021-26391

A flaw was found in hw. Insufficient verification of multiple header signatures while loading a Trusted Application TA may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. Mitigation Please contact AMD for more updates on this flaw...

6.4CVSS4AI score0.00172EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/01/24 3:35 a.m.42 views

CVE-2023-0456

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...

7.4CVSS3.4AI score0.0064EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/01/18 7:5 p.m.42 views

CVE-2022-44033

A use-after-free flaw was found in the Linux Kernel. This issue occurs due to a race between cm4040open and readerdetach in drivers/char/pcmcia/cm4040cs.c when a physically proximate attacker removes a PCMCIA device while calling open. Mitigation This flaw can be mitigated by preventing the...

6.4CVSS2.4AI score0.00323EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/01/17 4:35 p.m.42 views

CVE-2022-47950

A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api...

7.7CVSS2.6AI score0.01001EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/12/12 4:35 p.m.42 views

CVE-2022-3520

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

9.8CVSS2.6AI score0.01002EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/12/09 5:4 a.m.42 views

CVE-2022-3190

A vulnerability was found in Wireshark. This issue occurs due to an Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark, leading to a denial of service via packet injection or crafted capture file...

5.5CVSS6.1AI score0.01754EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/12/05 1:1 p.m.42 views

CVE-2022-20154

A use-after-free flaw due to a race condition was found in the Linux kernel’s sctpdiag module. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To mitigate this issue, prevent the sctp module from being loaded. Please see...

6.4CVSS6.6AI score0.00107EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/11/29 6:26 a.m.42 views

CVE-2022-41912

An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity...

9.1CVSS5AI score0.02179EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/11/22 7:56 p.m.42 views

CVE-2022-41940

A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service...

6.5CVSS1.6AI score0.01939EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/11/18 9:55 p.m.42 views

CVE-2022-45061

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

7.5CVSS2.6AI score0.02453EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2022/11/18 12:56 p.m.42 views

CVE-2022-3595

A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sessfreebuffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier ...

5.5CVSS1.5AI score0.00274EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/11/17 9:25 p.m.42 views

CVE-2022-4055

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

7.4CVSS2.2AI score0.00652EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/11/14 6:26 a.m.42 views

CVE-2022-37598

A prototype pollution vulnerability was found in UglifyJS, stemming from the DEFNODE function in ast.js via the name variable. Exploiting this flaw involves adding or altering properties of the Object.prototype through a "proto" or constructor payload, enabling an attacker to execute arbitrary co...

9.8CVSS9.6AI score0.01347EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2022/11/14 3:56 a.m.42 views

CVE-2022-39353

A flaw was found in the xmldom package. The xmldom parses XML that is not well-formed because it contains multiple top-level elements, adding all root nodes to the childNodes collection of the Document without reporting errors or throwing. This breaks the assumption that there is only a single ro...

9.8CVSS3.7AI score0.03025EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2022/11/04 4:55 a.m.42 views

CVE-2022-44638

A flaw was found in pixman. This issue causes an out-of-bounds write in rasterizeedges8 due to an integer overflow in pixmansamplefloory. This can result in data corruption, a crash, or code execution...

7CVSS3AI score0.0144EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/11/03 9:27 p.m.42 views

CVE-2022-32287

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior...

7.5CVSS2.1AI score0.01556EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/10/31 4:25 a.m.42 views

CVE-2022-42919

A vulnerability found in Python. The flaw occurs when used with the forkserver start method on Linux. The Python multiprocessing library allows Python pickles to be deserialized from any user in the same machine's local network namespace in many system configurations, which means any user on the...

7.8CVSS8AI score0.00603EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/10/24 8:49 p.m.42 views

CVE-2022-39253

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...

5.5CVSS6.7AI score0.01336EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/10/19 9:47 a.m.42 views

CVE-2022-21618

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS2.3AI score0.02034EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/10/18 10:10 a.m.42 views

CVE-2022-3586

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to to disclose sensitive...

5.5CVSS6.4AI score0.0045EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/10/18 7:10 a.m.42 views

CVE-2022-38251

Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the System Performance Settings page under the Admin panel...

4.8CVSS2.3AI score0.0168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/09/30 5:18 p.m.42 views

CVE-2022-39955

A flaw was found in the OWASP ModSecurity Core Rule Set. A specially crafted HTTP Content-Type header field allows an encoded payload bypass detection, which may be decoded in the back-end application...

7.3CVSS1.4AI score0.01115EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/09/26 9:49 a.m.42 views

CVE-2022-41318

A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure. Mitigation Disable use of the vulnerable authentication scheme...

8.6CVSS8.2AI score0.0282EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/09/26 8:49 a.m.42 views

CVE-2022-39227

A flaw was found in python-jwt, where it was subject to Authentication Bypass vulnerability by spoofing, resulting in identity spoofing, session hijacking, or authentication bypass. This flaw allows an attacker who obtains a JWT to arbitrarily forge its contents without knowing the secret key...

9.1CVSS3.7AI score0.0366EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2022/09/22 6:18 a.m.42 views

CVE-2022-40154

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target...

7.5CVSS7.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/09/21 5:18 a.m.42 views

CVE-2022-36062

A flaw was found in Grafana. This vulnerability impacts folders/dashboards with Admin-only permissions and where role-based access control RBAC was ever enabled at least once. When RBAC is enabled, Grafana runs migrations that translate legacy access control permissions into RBAC permissions. The...

6.4CVSS4.6AI score0.00612EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/09/16 8:14 a.m.42 views

CVE-2022-35015

A heap buffer overflow vulnerability was found in advancecomp in the leuint32read function of the endianrw.h file. This flaw allows an attacker to trick a user into opening a specially crafted file that could cause an application to crash, leading to a denial of service attack...

5.5CVSS2.4AI score0.00448EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/09/09 11:13 a.m.42 views

CVE-2022-3077

A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2CSMBUSBLOCKPROCCALL case via the ioctl I2CSMBUS with malicious input data. In particular, the userspace controllable "data-block0" variable was not capped to a numbe...

6.4CVSS5.9AI score0.00225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/09/02 5:57 p.m.42 views

CVE-2022-36055

An out-of-memory panic vulnerability exists in the strvals package, which can lead to a denial of service. Applications that use functions from the strvals package in the Helm SDK can cause panic and denial of service...

6.5CVSS2.4AI score0.00874EPSS
Exploits0References3
Total number of security vulnerabilities5000