Lucene search
K
RedhatDeveloper Tools

15 matches found

CVE
CVE
added 2019/08/13 12:0 a.m.861 views

CVE-2019-9514

CVE-2019-9514 corresponds to an HTTP/2 vulnerability where an attacker floods a peer by sending HEADERS frames, causing unbounded memory growth and potential DoS. Public details in connected advisories show affected stacks include Go HTTP/2 implementations and Go-based tools, with remediation via...

7.8CVSS7.9AI score0.82813EPSS
CVE
CVE
added 2022/03/18 12:0 a.m.565 views

CVE-2022-1011

CVE-2022-1011: A use-after-free vulnerability in the Linux kernel FUSE implementation when a user triggers write(), enabling local privilege escalation. Affected component is the FUSE filesystem in the kernel; impact is unauthorized access to data from FUSE mounts and potential escalation. Connec...

7.8CVSS7.7AI score0.01169EPSS
CVE
CVE
added 2022/03/25 12:0 a.m.490 views

CVE-2022-0330

CVE-2022-0330 affects the Linux kernel i915 GPU driver. The root cause is a missing GPU TLB flush in the i915 driver, enabling a local attacker to cause a denial of service or privilege escalation by running code on the GPU. Public documents from connected sources confirm the flaw and its associa...

7.8CVSS7.7AI score0.00379EPSS
CVE
CVE
added 2019/07/30 4:19 p.m.483 views

CVE-2018-16871

A CVE-2018-16871 issue exists in the Linux kernel’s NFS implementation (all 3.x and 4.x up to 4.20). A attacker mounting an exported NFS filesystem can trigger a null pointer dereference using an invalid NFS sequence, causing a kernel panic and denying access to the NFS server; outstanding disk w...

7.5CVSS7.1AI score0.02779EPSS
CVE
CVE
added 2022/08/26 3:25 p.m.460 views

CVE-2021-3669

CVE-2021-3669 is a Linux kernel vulnerability where measuring shared memory usage does not scale with large shared memory segment counts, enabling resource exhaustion and DoS. Connected sources confirm the issue affects multiple kernel versions and distributions, with remediations following vendo...

5.5CVSS6.3AI score0.00281EPSS
CVE
CVE
added 2022/04/29 3:45 p.m.394 views

CVE-2022-1227

CVE-2022-1227 describes a privilege-escalation flaw in Podman where an attacker could publish a malicious image to a public registry; when a victim downloads it, running the user command ‘podman top’ could grant access to the host filesystem, enabling information disclosure or DoS. The issue is t...

8.8CVSS8.3AI score0.04238EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.314 views

CVE-2022-27649

CVE-2022-27649 affects Podman (and related container tooling) where containers could be started with non-empty default/inheritable Linux capabilities. The underlying issue is that default inheritable capabilities for Linux containers were not empty, allowing an attacker with access to programs po...

7.5CVSS7.2AI score0.01441EPSS
CVE
CVE
added 2022/03/04 3:55 p.m.301 views

CVE-2021-3744

CVE-2021-3744 is a memory-leak DoS in the Linux kernel: the flaw occurs in the ccp_run_aes_gcm_cmd() function (drivers/crypto/ccp/ccp-ops.c), allowing memory consumption-based denial of service. Connected advisories (Astra Linux and Amazon Linux 2 kernel updates) confirm the same root cause and n...

5.5CVSS6AI score0.00533EPSS
CVE
CVE
added 2019/10/24 9:7 p.m.295 views

CVE-2019-17596

CVE-2019-17596 affects Go (Go before 1.12.11 and 1.3.x before 1.13.2) and can cause a panic when processing network traffic that contains an invalid DSA public key, e.g., traffic between clients and servers that verify client certificates. Connected advisories show affected Go versions and explic...

7.5CVSS7.3AI score0.04693EPSS
CVE
CVE
added 2019/09/30 6:40 p.m.283 views

CVE-2019-16276

CVE-2019-16276 affects the Go programming language’s net/http handling, allowing HTTP Request Smuggling when an HTTP header contains spaces before the colon. The issue is publicly documented across multiple advisories; Go versions prior to fixes described in the connected documents are affected. ...

7.5CVSS7.5AI score0.05157EPSS
CVE
CVE
added 2022/07/06 3:6 p.m.206 views

CVE-2021-3695

CVE-2021-3695 affects grub2. A crafted 16-bit grayscale PNG image can cause an out-of-bounds write in grub2 heap, leading to heap data corruption and potentially arbitrary code execution, bypassing secure boot protections. The vulnerability requires heap-layout triage and the written values are r...

4.5CVSS7AI score0.00462EPSS
CVE
CVE
added 2022/07/06 3:6 p.m.192 views

CVE-2021-3697

CVE-2021-3697 is a grub2 JPEG handling vulnerability where crafting a JPEG image may cause a heap underflow in the JPEG reader, enabling data corruption and potentially code execution or secure-boot circumvention. It affects grub2 versions prior to the fixed release (notably legacy references to ...

7CVSS7.6AI score0.00456EPSS
CVE
CVE
added 2022/07/06 3:6 p.m.187 views

CVE-2021-3696

CVE-2021-3696 = heap out-of-bounds write during Huffman table handling in grub2’s PNG reader, causing potential heap corruption. Affected: grub2 before patch grub-2.12; implications listed as Low/Low/Low in some sources, with potential for data corruption and, in theory, arbitrary code execution ...

6.9CVSS6.8AI score0.00471EPSS
CVE
CVE
added 2019/03/13 6:0 a.m.185 views

CVE-2019-9741

CVE-2019-9741 affects Go’s net/http in Go 1.11.5, enabling CRLF injection when an attacker controls a URL parameter. The issue arises from constructing an HTTP request with http.NewRequest where a CRLF sequence can precede a header or Redis command, allowing potential header injection and related...

6.1CVSS6.3AI score0.02346EPSS
CVE
CVE
added 2017/10/05 9:0 p.m.109 views

CVE-2017-15041

The CVE-2017-15041 entry concerns Go prior to 1.8.4 and 1.9.x prior to 1.9.1, where the go get command can lead to remote code execution via crafted repository structures (example.com/pkg1 pointing to a Subversion repo and pkg1/pkg2 to a Git repo). If the Subversion repo contains a Git checkout w...

9.8CVSS9.6AI score0.08944EPSS