Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
•added 2022/06/20 5:1 a.m.•42 views

CVE-2022-31625

A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote...

8.1CVSS5.8AI score0.03437EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/06/13 5:7 p.m.•42 views

CVE-2021-38578

A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data...

9.8CVSS8.8AI score0.00995EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/06/06 11:27 p.m.•42 views

CVE-2022-26719

A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...

8.8CVSS6.3AI score0.00911EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/26 12:29 p.m.•42 views

CVE-2022-1462

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user to crash the...

6.3CVSS6.3AI score0.00334EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/05/21 12:16 a.m.•42 views

CVE-2019-13207

nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dnameconcatenate function in dname.c...

9.8CVSS3.9AI score0.02026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2022/05/21 12:7 a.m.•42 views

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

6.1CVSS3.6AI score0.04327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/20 11:28 p.m.•42 views

CVE-2020-4047

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

6.8CVSS4.6AI score0.03625EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/20 10:58 p.m.•42 views

CVE-2020-11462

An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion XEE payload to the XMLRPC based RPC2 interface. The...

7.5CVSS2.4AI score0.01251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/20 10:58 p.m.•42 views

CVE-2017-12628

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...

7.8CVSS2.7AI score0.00759EPSS
Exploits4References1
RedhatCVE
RedhatCVE
•added 2022/05/20 10:29 p.m.•42 views

CVE-2021-28714

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

6.5CVSS0.4AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2022/05/14 11:39 a.m.•42 views

CVE-2020-10969

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality. Mitigation The following conditions are needed for an exploit, we recommend avoidi...

8.8CVSS3.3AI score0.03473EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/06 5:9 p.m.•42 views

CVE-2022-21414

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01366EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/06 4:54 p.m.•42 views

CVE-2022-21452

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.01252EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/05/06 1:59 a.m.•42 views

CVE-2022-29167

A regular expression denial of service ReDoS was found in Hawk in its header parsing functionality. The issue arises from inadequate input validation in the Hawk.utils.parseHost function when processing untrusted input with regular expressions. This flaw allows an attacker to send a specially...

7.5CVSS7.1AI score0.01028EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/05/03 8:25 p.m.•42 views

CVE-2022-29917

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we...

9.8CVSS1.6AI score0.01005EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/04/26 10:20 p.m.•42 views

CVE-2021-22135

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...

5.3CVSS1.6AI score0.01162EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/26 4:34 p.m.•42 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS1.7AI score0.00303EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/18 6:9 a.m.•42 views

CVE-2022-1184

A use-after-free flaw was found in fs/ext4/namei.c:dxinsertblock in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options...

5.5CVSS6.3AI score0.0028EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/04/14 10:38 p.m.•42 views

CVE-2022-27445

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/sqlwindow.cc, impacting availability...

7.5CVSS3.9AI score0.02174EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/04/13 9:22 a.m.•42 views

CVE-2022-29046

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS2.1AI score0.02435EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/04/12 8:0 p.m.•42 views

CVE-2022-21803

A flaw was found in the nconf library when setting the configuration properties. This flaw allows an attacker to provide a crafted property, leading to prototype object pollution...

7.5CVSS3.8AI score0.01753EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/04/01 5:2 p.m.•42 views

CVE-2022-1205

A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality. This flaw allows a local user to crash the system...

5.1CVSS3AI score0.00355EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2022/03/29 9:52 a.m.•42 views

CVE-2022-1050

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition...

8.8CVSS5.5AI score0.00374EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/23 6:11 p.m.•42 views

CVE-2022-0759

A flaw was found in kubeclient, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate it wrongly returns VERIFYNONE. Ruby applications that leverage...

8.3CVSS2.6AI score0.00905EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/03/18 3:34 p.m.•42 views

CVE-2019-7282

A vulnerability was found in rsh. The vulnerability occurs due to bypass restrictions via the filename of . or an empty filename. This flaw allows an attacker to modify the permissions of the target directory on the client-side...

5.9CVSS5.4AI score0.02067EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/03/04 12:19 a.m.•42 views

CVE-2022-0841

A flaw was found in npm-lockfile, where npm-lockfile v2 did not sanitize the only parameter before invoking sensitive command execution API with the input. This issue leads to a command injection vulnerability...

10CVSS3AI score0.02675EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/25 8:0 p.m.•42 views

CVE-2022-24614

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor...

5.5CVSS3.3AI score0.00717EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/02/09 7:23 p.m.•42 views

CVE-2022-0538

A denial of service DoS flaw was found in Jenkins. This flaw allows an attacker to define custom XStream converters that do not protect against the vulnerability in CVE-2021-43859, allowing for uncontrolled resource consumption...

7.5CVSS4.5AI score0.07934EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2022/02/03 5:15 a.m.•42 views

CVE-2021-46666

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

5.5CVSS3.1AI score0.00391EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/28 2:7 p.m.•42 views

CVE-2021-4159

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating som...

4.4CVSS1.2AI score0.00236EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2022/01/26 5:38 p.m.•42 views

CVE-2022-0351

A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution...

8.4CVSS5.9AI score0.00609EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2022/01/24 5:32 p.m.•42 views

CVE-2022-22823

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

9.8CVSS2.1AI score0.03376EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2022/01/11 5:24 p.m.•42 views

CVE-2021-3998

A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

7.5CVSS1.1AI score0.01444EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/12/30 5:23 p.m.•42 views

CVE-2021-28713

A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests. A local user could use this flaw to starve the resources resulting in a denial of service. Mitigation...

6.5CVSS0.4AI score0.00332EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/22 6:19 p.m.•42 views

CVE-2021-39926

A flaw was found in Wireshark. A process failure on crafted or malformed HCIISO input can cause a denial of service via packet injection or a crafted capture file...

7.5CVSS7.4AI score0.07502EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2021/11/17 5:15 p.m.•42 views

CVE-2020-23903

A divide-by-zero flaw was found in speex within the readsamples at src/speexenc.c function. This flaw allows a malicious user to provide a crafted wav file and crash the speexenc utility, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

4.3CVSS5.2AI score0.0094EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/11/16 7:44 p.m.•42 views

CVE-2021-42381

A flaw was found in BusyBox, where it did not properly sanitize while processing a crafted awk pattern in the clrvar function, leading to possible code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.2CVSS8.2AI score0.02579EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/11/16 7:17 p.m.•42 views

CVE-2021-42380

A flaw was found in BusyBox, where it did not properly sanitize while processing a crafted awk pattern in the clrvar function, leading to possible code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.2CVSS8.2AI score0.02793EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/28 2:18 p.m.•42 views

CVE-2021-0941

An out-of-bounds OOB memory access flaw was found in net/core/filter.c in bpfskbmaxlen in the Linux kernel. A missing sanity check to the current MTU check may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal...

7.2CVSS1.7AI score0.00163EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/10/15 7:11 p.m.•42 views

CVE-2021-3875

There's an out-of-bounds read flaw in Vim's exdocmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability...

7.8CVSS4.3AI score0.0144EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:51 p.m.•42 views

CVE-2021-2370

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS2AI score0.02518EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/08/10 9:51 p.m.•42 views

CVE-2021-2422

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

4.9CVSS2AI score0.02088EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/06/11 7:14 p.m.•42 views

CVE-2021-3598

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability...

5.5CVSS1.8AI score0.00428EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/06/08 3:14 p.m.•42 views

CVE-2019-25045

A use-after-free flaw was found in the Linux kernel’s XFRM subsystem when flushing the XFRM tunnel. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...

7.8CVSS2.5AI score0.00503EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/19 6:33 p.m.•42 views

CVE-2021-3200

A flaw was found in libsolv. A buffer overflow vulnerability could cause a denial of service. The highest threat from this vulnerability is to system availability...

4.3CVSS2.7AI score0.01313EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2021/05/11 8:54 p.m.•42 views

CVE-2021-3544

Several memory leaks were found in the virtio vhost-user GPU device vhost-user-gpu of QEMU. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory i.e., free after effective lifetime...

6.5CVSS2.9AI score0.00436EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2021/05/05 7:49 p.m.•42 views

CVE-2021-3537

A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...

7.5CVSS7.1AI score0.03503EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/28 7:48 p.m.•42 views

CVE-2019-25042

A flaw was found in unbound. An out-of-bounds write in the rdatacopy function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

9.8CVSS8.8AI score0.02037EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/28 7:36 p.m.•42 views

CVE-2019-25032

A flaw was found in unbound. An integer overflow in regionalalloc function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker and can be big enough. The highest threat from this vulnerability is to data confidentiality and integrity as well as servi...

9.8CVSS3.6AI score0.02179EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2021/04/27 8:17 a.m.•42 views

CVE-2021-3514

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...

6.5CVSS2.9AI score0.01177EPSS
Exploits0References4
Total number of security vulnerabilities5000