8694 matches found
Important: libwmf
Issue Overview: It was discovered that libwmf did not correctly process certain WMF Windows Metafiles with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code...
Low: php56
Issue Overview: A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or...
Important: xorg-x11-server
Issue Overview: Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...
Important: java-1.6.0-openjdk
Issue Overview: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discover...
Medium: php55
Issue Overview: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a...
Low: kernel
Issue Overview: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the CAPSYSADMIN capability for a 1 XFSIOCATTRLISTBYHANDLE or 2...
Medium: kernel
Issue Overview: The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCMCREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to 1 Avahi or 2 NetworkManager. Affected...
Medium: kernel
Issue Overview: A flaw was found in the way the Linux kernel's Event Poll epoll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. A malicious Network File System version 4 NFSv4 server could return a crafted reply to a...
Critical: php
Issue Overview: A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and argument...
Medium: python-jinja2
Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...
Medium: httpd
Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP Response splitting in multiple modules in Apache HTTP Server allows an...
Important: kernel
Issue Overview: A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. CVE-2023-0590 When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 "Packet Too...
Important: tomcat8
Issue Overview: Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts...
Important: curl
Issue Overview: An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code. When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its default behavior is to pass the hostname to the proxy and allow it to perform the...
Medium: flac
Issue Overview: Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. CVE-2020-22219 Affected Packages: flac Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this F...
Medium: nerdctl
Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...
Low: libcap
Issue Overview: libcap is vulnerable to a denial of service caused by the error handling in wrappthreadcreate function, which will cause memory to be leaked in the case of an error. CVE-2023-2602 Affected Packages: libcap Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...
Medium: ruby
Issue Overview: A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
Important: kernel
Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...
Medium: openssl11
Issue Overview: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in...
Important: python-lxml
Issue Overview: Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link scheme to the cleanhtml function. CVE-2014-3146 An issue was discovered in lxml before 4.2.5...
Important: bcel
Issue Overview: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllab...
Important: kernel
Issue Overview: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges. CVE-2022-2318 Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text...
Medium: vim
Issue Overview: A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. CVE-2022-0393 A flaw was found in vim. Th...
Medium: glibc
Issue Overview: A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunixcreate in the sunrpc's svcunix.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its path argument onto the stack without validating its length, whic...
Important: kernel
Issue Overview: A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the...
Medium: golang
Issue Overview: A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196 A flaw was found in golang. A panic can be triggered by an attacker in a privileged netwo...
Important: qt5-qtimageformats
Issue Overview: A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2018-25011 A flaw was found in libwebp in versions before 1.0.1. An unitialized...
Medium: busybox
Issue Overview: decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. CVE-2021-28831 Affected Packages: busybox Issue Correction: Run yum update busybox or yum update...
Critical: samba
Issue Overview: A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. CVE-2020-14318 A null pointer dereference flaw was fou...
Medium: kernel
Issue Overview: A buffer overflow due to a singed-unsigned comparsion was found in hidpprocessreport in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a...
Critical: thunderbird
Issue Overview: Mozilla: Buffer overflow in WebGL bufferdata on Linux CVE-2019-11693 Mozilla: Use-after-free in XMLHttpRequest CVE-2019-11691 Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then...
Important: java-1.7.0-openjdk
Issue Overview: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network...
Critical: java-1.8.0-openjdk
Issue Overview: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with netwo...
Critical: java-1.8.0-openjdk
Issue Overview: Unbounded memory allocation during deserialization in Container AWT, 8189989 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161...
Important: java-1.8.0-openjdk
Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter JMX, 8186998 It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass...
Medium: qemu-kvm
Issue Overview: Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to...
Important: openvpn
Issue Overview: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVE-2017-7508 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a...
Low: kernel
Issue Overview: The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a...
Medium: tomcat8
Issue Overview: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource,...
Critical: java-1.7.0-openjdk
Issue Overview: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883,...
Important: java-1.8.0-openjdk
Issue Overview: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Ja...
Important: java-1.6.0-openjdk
Issue Overview: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Ja...
Medium: php-ZendFramework
Issue Overview: The 1 ZendLdap class in Zend before 1.12.9 and 2 Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. CVE-2014-8088 The 1.12.9, 2.2.8,...
Critical: nss
Issue Overview: Use-after-free vulnerability in the CERTDestroyCertificate function in libnss3.so in Mozilla Network Security Services NSS 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors...
Important: java-1.6.0-openjdk
Issue Overview: An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execut...
Medium: php54
Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. Affected Packages: php54 Issue Correction:...
Medium: libjpeg-turbo
Issue Overview: An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan SOS JPEG markers or Define Huffman Table DHT JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv-len is a multiple of 4, then dstlen / 4 can write past the destination array which leads to stack corruption. This construct is necessary to clean th...
Important: php73
Issue Overview: A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.1...