368560 matches found
CVE-2024-1676
CVE-2024-1676 affects Google Chrome (Chromium core) prior to 122.0.6261.57. The vulnerability arises from an inappropriate implementation in Navigation, enabling a remote attacker to spoof the security UI via a crafted HTML page. According to the reports, the CVSS data show a network attack vecto...
CVE-2024-26816
CVE-2024-26816 affects the Linux kernel on x86 where, when CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section. Relocations in .notes were previously possible and could leak the KASLR base via /sys/kernel/notes. The fixes instruct the kernel to skip performing relocations in the .n...
CVE-2023-40105
CVE-2023-40105 affects the Android framework (ActivityManagerService), specifically in backupAgentCreated. The root cause is a missing permission check in this path, enabling local information disclosure. The impact is high confidentiality loss with no integrity or availability impact described, ...
CVE-2024-25841
CVE-2024-25841 affects PrestaShop via the So Flexibilite module from Common-Services. The vulnerability allows a guest (authenticated customer) to perform a Cross Site Scripting (XSS) injection in versions earlier than 4.1.26. Root cause details are not provided beyond the XSS in this module. The...
CVE-2023-42951
CVE-2023-42951 pertains to Apple’s Safari in iOS 17.1 and iPadOS 17.1. The issue stems from improved handling of caches, and can cause a user to be unable to delete browsing history items. Multiple sources (Apple security notes, NVD entry, Red Hat advisory) confirm the vulnerability is addressed ...
CVE-2023-40112
CVE-2023-40112 describes a likely out-of-bounds read in the printer subsystem: the function ippSetValueTag in ipp.c performs a missing bounds check, potentially allowing local disclosure of past print jobs or other print-related data. Exploitation is described as local (no remote access) with no ...
CVE-2024-26809
CVE-2024-26809 is a Linux kernel vulnerability in netfilter nft_set_pipapo logic. The issue arises when destroying set elements: clone path may destroy elements twice because it did not always use a current view of the lookup table. The root cause is that destruction could proceed without the lat...
CVE-2021-23017
CVE-2021-23017 affects nginx's resolver. A security issue arises from an off-by-one in ngx_resolver_copy when DNS labels are followed by a root-domain pointer, allowing a crafted UDP response to overwrite the least significant byte of the next heap chunk metadata. This can lead to a worker proces...
CVE-2023-52381
The CVE-2023-52381 entry corresponds to a script injection vulnerability in Huawei HarmonyOS/EMUI mail module. The CNVD CNVD-2024-31083 document confirms an in-component script injection that can allow an attacker to execute arbitrary code on affected systems. The NVD/NVD-derived description simi...
CVE-2023-42843
CVE-2023-42843 is described as an inconsistent UI issue leading to address bar spoofing. Connected advisories confirm affected WebKitGTK/WebKitGTK4 components across Debian (webkit2gtk), AlmaLinux (webkitgtk4), Fedora (webkit2gtk4.0), and Amazon Linux 2 (webkitgtk4) with fixes in package update...
CVE-2024-21726
Summary (CVE-2024-21726): In Joomla! ecosystems (CMS and Framework), inadequate content filtering in the filter code can allow cross-site scripting (XSS) in multiple components. The CVE is documented with a CVSS v3.1 base score of 6.5 (Network, Low/Low impacts except Confidentiality: Low, Availab...
CVE-2024-22369
CVE-2024-22369 is a deserialization of untrusted data vulnerability in Apache Camel SQL Component, related to unsafe deserialization in the JDBCAggregationRepository. Affected versions include Camel 3.0.0–3.21.3, 3.22.0–3.22.0, 4.0.0–4.0.3, and 4.1.0–4.3.x (per the advisory). The issue could allo...
CVE-2024-7254
CVE-2024-7254 describes a stack overflow DoS in parsers when handling untrusted Protocol Buffers data with deeply nested SGROUP/group structures. The root cause is unbounded recursion when parsing unknown fields (DiscardUnknownFieldsParser) or Java Protobuf Lite against nested groups or map field...
CVE-2024-0016
CVE-2024-0016 is an Android/Bluetooth-related issue described as an out-of-bounds read caused by a missing bounds check. It could lead to disclosure of paired device information without any user interaction or privileges. The connected documents confirm the vulnerability exists in multiple locati...
CVE-2023-42953
CVE-2023-42953 is an Apple ecosystem vulnerability describing a permissions issue that could allow an app to access sensitive user data. The connected sources specify remediation in updated versions across multiple Apple platforms: tvOS 17.1, watchOS 10.1, iOS 17.1, iPadOS 17.1, and macOS Sonoma ...
CVE-2023-42946
CVE-2023-42946: Apple platform information-disclosure issue where an app may leak sensitive user data. Affected products include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. Root cause described as improved redaction of sensitive information; public details consistently ...
CVE-2024-22778
HackMD CodiMD versions before 2.5.2 are vulnerable to Denial of Service. Affected software: HackMD CodiMD prior to 2.5.2. Root cause and impact: DoS vulnerability with CWEs not specified in the documents; CVSSv3.1 base score 7.5 (Network exploitation, Low attack complexity, No privileges, No user...
CVE-2022-20648
CVE-2022-20648 affects Cisco StarOS Software’s Redundancy Configuration Manager (RCM). A debug service incorrectly listens to/accepts incoming connections, enabling an unauthenticated, remote attacker to connect to the debug port, execute commands, and view confidential debugging information. Cis...
CVE-2024-1669
CVE-2024-1669 affects Blink in Google Chrome and is fixed by upgrading to Chrome 122.0.6261.57. The vulnerability is an out-of-bounds memory access in Blink that could be triggered by a crafted HTML page, allowing a remote attacker to access memory. The CVE is documented with a high severity in t...
CVE-2024-21722
The issue CVE-2024-21722 affects Joomla! CMS: the MFA management views did not properly terminate existing user sessions when a user’s MFA methods were modified. The root cause is insufficient session expiration tied to MFA changes, which can allow previously authenticated sessions to persist aft...
CVE-2023-42834
CVE-2023-42834 affects Apple platforms (iOS 17.1, iPadOS 17.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.1, watchOS 10.1). The issue is a privacy flaw caused by improved handling of files, which may allow an app to access sensitive user data. Fixed in the indicated OS versions:...
CVE-2024-26282
CVE-2024-26282 affects Firefox for iOS prior to version 123. A cross-site scripting vector exists when using an AMP URL with a canonical element: an attacker could execute JavaScript from an opened bookmarked page, potentially compromising cookies and site integrity. Root cause involves AMP URL h...
CVE-2011-5257
Classipress (WordPress theme) before 3.1.5 is affected by multiple XSS vulnerabilities via twitter_id and facebook_id widget parameters, and similar stored XSS risk via POST facebook_id/twitter_id in user profiles (
CVE-2023-42823
CVE-2023-42823 affects Apple platforms (iOS/iPadOS/watchOS/macOS/tvOS). The issue arises from logging sanitization that allows an app to access user-sensitive data via log entries. Affected versions include iOS 16.7.2 and 17.1, iPadOS 16.7.2 and 17.1, watchOS 10.1, tvOS 17.1, macOS Sonoma 14.1, m...
CVE-2024-37032
CVE-2024-37032 affects Ollama before 0.1.34. The vulnerability stems from improper validation of the digest format (sha256, 64 hex digits) when resolving the model path, causing incorrect handling of inputs in TestGetBlobsPath (fewer or more than 64 hex digits, or a leading ../). This can enable ...
CVE-2021-47013
CVE-2021-47013 concerns a use-after-free in Linux kernel’s net:emac/emac-mac path, specifically emac_mac_tx_buf_send. The issue arises when emac_tx_fill_tpd() errors cause skb to be freed (dev_kfree_skb(skb)), yet skb->len is still read by netdev_sent_queue(skb->len). The description states...
CVE-2021-47068
The CVE-2021-47068 entry concerns the Linux kernel NFC LLCP paths (llcp_sock_bind/llcp_sock_connect). Root cause: a refcount leak in bind/connect was fixed but introduced a use-after-free when the same local is bound to two sockets. The vulnerability is tied to the NFC LLCP implementation in the ...
CVE-2023-52380
CVE-2023-52380 is an improper access control vulnerability affecting the Huawei HarmonyOS/EMUI mail module. The root cause is insufficient access controls in the mail component, potentially allowing information disclosure. Public documents enumerate HarmonyOS/EMUI mail as affected, with no explic...
CVE-2023-52378
CVE-2023-52378 relates to Huawei HarmonyOS/EMUI WMS (WindowManagerServices) with an incorrect service logic root cause in the WMS module. The connected CNVD/CNNVD entries describe a privilege control type vulnerability and a business logic error that can lead to usability issues or functional exc...
CVE-2023-52361
The CVE-2023-52361 entry corresponds to Huawei HarmonyOS VerifiedBoot module authentication errors. Multiple sources (NVD, CNVD, CNNVD) describe a vulnerability in the VerifiedBoot component that can compromise system integrity (I = High) with no confidentiality or availability impact, and with n...
CVE-2021-47017
The CVE-2021-47017 vulnerability is in the Linux kernel's ath10k_htc_send_bundle path, where a use-after-free could occur if bundle_skb is freed by dev_kfree_skb_any(bundle_skb) but later accessed via bundle_skb->len. The patch mitigates this by updating skb_len after freeing bundle_skb. Affec...
CVE-2021-47005
CVE-2021-47005 affects the Linux kernel PCI Express endpoint subsystem. The vulnerability arises from get_features() returning NULL in pci_epc_ops, leading to a NULL pointer dereference in pci_epf_test_alloc_space. The fix adds a NULL check for the pci_epc_feature pointer in pci_epf_test_bind and...
CVE-2024-21725
CVE-2024-21725 describes an XSS vulnerability due to inadequate escaping of email addresses in various Joomla! components. Affected product: Joomla! CMS (web components referencing mail address outputs). Root cause: inadequate escaping of email addresses. Impact (as stated in sources): cross-site...
CVE-2023-49100
TF-A before 2.10 has CVE-2023-49100: a read-out-of-bounds in the SDEI service due to insufficient validation of the x1 parameter in sdei_interrupt_bind, passing to plat_ic_get_interrupt_type and bypassing plat_ic_is_sgi checks. A compromised Normal World (Linux) can issue arbitrary SMC calls, con...
CVE-2020-36787
CVE-2020-36787 describes a Linux kernel clock-handling flaw for Aspeed video engine on AST2500/AST2600 SoCs. The issue arises from reset sequencing of the video engine when enabling eclk and vclk, potentially causing improper reset and sporadic DMA transfers that can corrupt memory and trigger ke...
CVE-2023-42855
The CVE-2023-42855 entry concerns iOS 17.1 / iPadOS 17.1. The issue arises from a design/logic flaw that could allow an attacker with physical access to silently persist an Apple ID on a device that has been erased. Apple’s description indicates this was addressed by improved state management and...
CVE-2023-5388
CVE-2023-5388 concerns an NSS timing attack during RSA decryption that could leak private data. Connected entries confirm affected software: Mozilla Firefox (including ESR) and Thunderbird, with vulnerable builds prior to Firefox 124 and Thunderbird 115.9.x. Root cause is a timing side-channel in...
CVE-2022-48828
CVE-2022-48828: Linux kernel NFSD ia_size underflow fix. ia_size is loff_t (signed 64-bit) while NFSv3/v4 file sizes are unsigned 64-bit, allowing a client to send values > S64_MAX. decode_fattr4() can dump a full u64 into ia_size, causing underflow when the value exceeds S64_MAX. The patch co...
CVE-2024-26957
CVE-2024-26957 relates to the Linux kernel’s s390/zcrypt subsystem, where reference counting on zcrypt card objects was fixed to prevent a use-after-free of the zcrypt_card during hot-plug/probe/remove cycles. The issue could allow freeing a zcrypt card object while it is still in use, as demonst...
CVE-2021-47009
CVE-2021-47009 relates to the Linux kernel KEYS: trusted subsystem. The issue is a memory leak in the object td where two error return paths failed to free td, leading to leaked memory. The fix changes control flow to return via an error path that securely frees td with kfree. The description als...
CVE-2021-46987
CVE-2021-46987: Linux kernel/btrfs deadlock when cloning inline extents with qgroups. Root cause: while cloning, a transaction flush can occur with destination iotree range locked and delalloc flush needing the same range, potentially deadlocking. This occurs specifically when qgroups reserve met...
CVE-2021-47022
The CVE-2021-47022 issue concerns the Linux kernel driver for mt76 mt7615. The vulnerability is a memory leak that occurs in the mt7615 unregister path, specifically relating to the order of cleanup calls: mt7615_tx_token_put() should be invoked before mt76_free_pending_txwi(). A patch fixes meml...
CVE-2023-52583
The CVE-2023-52583 entry describes a Linux kernel issue in the ceph component where dget() usage could lead to a deadlock due to incorrect lock ordering between dentry and its parent. The dead code path was never used because the parent directory is always supplied by callers, so the fix removes ...
CVE-2021-47003
CVE-2021-47003 concerns the Linux kernel’s dmaengine idxd path. A null pointer dereference could occur when code calls idxd_cmd_exec with a null status pointer; a later assignment to *status could dereference a null. The fix is to perform a null check on status before the assignment, preventing t...
CVE-2024-25197
CVE-2024-25197 affects Open Robotics ROS2 and Nav2 Humble; it is a NULL pointer dereference in isCurrent() within /src/layered_costmap.cpp. Affected components and exact root cause are described across multiple sources (ROS2/Nav2 humble). The CVSS metric indicates a network-exposed, low-privilege...
CVE-2021-47042
CVE-2021-47042: Linux kernel drm/amd/display fixes a memory leak in dc_link_construct() by freeing local data after use. The description includes stack backtrace and memory object details; no connected documents with exploit specifics are provided, monitor for updates and apply upstream fix when ...
CVE-2017-7668
CVE-2017-7668: Apache httpd contains a buffer over-read in ap_find_token() caused by strict HTTP parsing changes in 2.2.32 and 2.4.24. A remote attacker can craft headers to crash the httpd process or have ap_find_token() return an incorrect value. Affected distributions have addressed this by up...
CVE-2010-0425
CVE-2010-0425 affects Apache HTTP Server on Windows with ISAPI module mod_isapi (DLLs in 2.0.37–2.0.63, 2.2.0–2.2.14, and 2.3.x before 2.3.7). Root cause: mod_isapi may unload an ISAPI DLL before request processing finishes, causing memory corruption. Impact: remote code execution or denial of se...
CVE-2021-46998
Summary: CVE-2021-46998 affects the Linux kernel, specifically the enic driver path in ethernet/enic. A use-after-free occurs in enic_hard_start_xmit when an error in enic_queue_wq_skb() frees a skb via dev_kfree_skb(skb), but skb_tx_timestamp(skb) may still access it. Root cause: freed skb used ...
CVE-2021-47030
CVE-2021-47030 affects the Linux kernel MT76/MT7615: a memory leak in the mt7615_coredump_work path has been fixed (similar to the mt7921_coredump_work fix). The fix addresses a local-impact leak with HIGH availability impact; no exploitation details are provided in the supplied documents, and up...