41 matches found
CVE-2020-7962
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...
CVE-1999-0133
fmfls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access...
CVE-2025-6013
A flaw was found in github.com/hashicorp/vault. The LDAP authentication method fails to properly enforce multi-factor authentication when usernameasalias is enabled and a user possesses multiple Common Names CNs containing differing leading or trailing spaces. A remote attacker authenticated as a...
CVE-2025-5988
A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda...
CVE-2025-49763
A flaw was found in trafficserver. The Edge Side Includes ESI plugin lacks a limit on maximum inclusion depth, allowing a remote attacker to trigger excessive memory consumption by inserting malicious instructions. This condition occurs due to the plugin's inability to restrict the nesting of ESI...
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check...
CVE-2025-49177
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...
CVE-2025-49177
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. Mitigation Mitigation for this issue is either not available or the currently available options don't meet...
CVE-2025-49177
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...
CVE-2025-6020
A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Mitigation Disable the pamnamespace module if it is not essential for...
CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...
CVE-2025-5198
CVE-2025-5198 describes a Cross-site Scripting (XSS) flaw in Stackrox where the vulnerability can be triggered if script code is placed in a small subset of table cells, specifically when contained in the name of a Kubernetes “Role” object applied to a secured cluster. The exploit would require c...
CVE-2025-48798
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...
CVE-2025-48752
In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...
CVE-2024-34596
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner...
CVE-2025-5024
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer bei...
CVE-2016-7064
A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage...
CVE-2025-4432
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...
CVE-2025-4432 Ring: some aes functions may panic when overflow checking is enabled in ring
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...