368463 matches found
CVE-2024-56539
CVE-2024-56539 refers to a Linux kernel issue where mwifiex memcpy() would write across a field due to a one-element array, triggering a field-spanning write warning in mwifiex_config_scan(). The fix replaces the one-element array with a flexible-array member in struct mwifiex_ie_types_wildcard_s...
CVE-2023-48777
Elementor Website Builder is affected by CVE-2023-48777: Unrestricted file upload to RCE via template import in versions 3.3.0–3.18.1. Exploitation requires Contributor-level access (Authenticated). The root cause involves handle_elementor_upload saving uploaded files to a temporary location befo...
CVE-2024-57888
Technical details for CVE-2024-57888 are not publicly available in the provided documents. Monitor vendor advisories and kernel commit references for remediation context and updates.
CVE-2025-21647
The CVE-2025-21647 vulnerability affects the Linux kernel’s sched: sch_cake path, where an underflow in per-host bulk flow counters could cause out-of-bounds memory access. A fix adds bounds-checking around all accesses to per-host bulk flow counters via helper functions, moving flow mode checks ...
CVE-2024-53214
CVE-2024-53214 concerns the Linux kernel VFIO/PCI logic for hiding PCIe extended capabilities. The issue occurred when hiding the first-in-list capability (unknown or hidden on purpose) by zeroing the capability ID/version while preserving Next, which is safe in general but failed if cap_id excee...
CVE-2024-53172
CVE-2024-53172 (Linux kernel, UBI fastmap) : The issue arises in the fast attaching path where alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache', triggering a kernel WARNING "kmem_cache_create_args". The root cause is duplicate slab cache names during fastmap at...
CVE-2022-0138
CVE-2022-0138 describes a deserialization of untrusted data issue in Airspan/Mimosa MMP stack. Affected: MMP (all versions before v1.0.3), PTP C-series (versions before v2.8.6.1), and PTMP C-series and A5x (versions before v2.5.4.1). Root cause: a deserialization function that does not validate o...
CVE-2022-0507
The CVE-2022-0507 entry concerns a SQL injection vulnerability in the Pandora API used by Pandora FMS. Multiple connected sources indicate the issue affects Pandora FMS versions up to OUM 759 (NG line), and that an attacker with authenticated IP can inject SQL. The root cause details are not full...
CVE-2021-35685
CVE-2021-35685 is a duplicate of CVE-2022-21371 and is treated as rejected/withdrawn by the CVE Numbering Authority per its description. Connected sources confirm an active vulnerability entry under CVE-2022-21371, which affects Oracle WebLogic Server (Web Container) and lists affected versions 1...
CVE-2024-57915
CVE-2024-57915 is rejected by the CVENA and is not an active vulnerability entry.
CVE-2024-56705
CVE-2024-56705 concerns the Linux kernel where ia_css_3a_statistics_allocate() fails to check the allocation result of the rgby_data memory, potentially triggering the assertion at ia_css_s3a_hmem_decode() if rgby_data allocation fails. The public technical details in connected sources indicate t...
CVE-2025-21704
CVE-2025-21704 affects the Linux kernel USB CDC-ACM (cdc_acm) path. The root cause is improper handling of fragmented control transfers: if the first fragment is smaller than struct usb_cdc_notification, computing expected_size can underflow as fragments arrive, leading to memory corruption when ...
CVE-2024-56788
CVE-2024-56788 concerns the Linux kernel’s net: ethernet oa_tc6 implementation. The vulnerability is a race between two skb pointers used for TX: ongoing_tx_skb (being processed) and waiting_tx_skb (queued). The SPI thread moves data from ongoing_tx_skb to the next TX, then may assign NULL to ong...
CVE-2021-30369
CVE-2021-30369 entry is rejected/not used per initial description.
CVE-2022-1397
CVE-2022-1397 affects Easy!Appointments (GitHub: alextselegidis/easyappointments). The vulnerability is an API privilege escalation arising from inadequate authorization checks: the API validates existence of a user but not their permissions, allowing a low-privileged user (e.g., provider) to cre...
CVE-2022-0859
CVE-2022-0859 affects McAfee Enterprise ePolicy Orchestrator (ePO) versions prior to 5.10 Update 13. The vulnerability allows a local attacker who is on the server hosting ePO (administrators) and who knows the SQL password to point the ePO server to an arbitrary SQL server during the restoration...
CVE-2024-53183
CVE-2024-53183 concerns a Linux kernel vulnerability: in uml/net handling, the code previously used drvdata during device release, but drvdata may not exist at release time. The fix is to retrieve the uml_net instance with container_of() instead of drvdata, preventing a crash when removing a netw...
CVE-2024-57893
CVE-2024-57893 : Linux kernel ALSA: seq: oss — race in SysEx message processing can cause out-of-bounds access. Connected docs confirm the issue and state a mutex-based serialization fix was introduced to protect SysEx packets in the OSS sequencer, effectively addressing the race between 6-byte S...
CVE-2021-35684
CVE-2021-35684 is a duplicate of CVE-2022-21306. The connected CVE-2022-21306 describes a vulnerability in Oracle WebLogic Server (Fusion Middleware Core) affecting 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. It allows unauthenticated remote exploitation via standard ports (T3), potentiall...
CVE-2025-21662
CVE-2025-21662: In the Linux kernel, net/mlx5: Fix variable not being completed when function returns. The issue could cause a hang of the issuing task if cmd_alloc_index() fails and cmd_work_handler() does not complete ent->slotted before returning. Affected component is mlx5_core/mlx5e, with...
CVE-2022-2107
CVE-2022-2107: MiCODUS MV720 GPS tracker API server uses a hard-coded master password, enabling unauthenticated login and direct SMS-command control of trackers (impersonating owners, accessing/modifying data, and potentially steering vehicles). Device IDs are sequential, aiding targeting. Public...
CVE-2024-52003
CVE-2024-52003 – Traefik : Traefik versions 2.11.14 and 3.2.1 fix a vulnerability where an attacker can inject the untrusted X-Forwarded-Prefix header. The issue, as described, arises from the header handling by the HTTP reverse proxy/load balancer, enabling an external source to influence reques...
CVE-2019-3309
CVE-2019-3309 is rejected/not used per the Initial Description; this entry does not represent an active vulnerability.
CVE-2024-53198
CVE-2024-53198 : In the Linux kernel, the xenbus_dev_probe() path could leak resources if drv->probe() allocated resources but the error path returned without releasing them. The fix introduces a fail_remove block (before fail_put) to ensure proper resource release when (err) is true, mirrorin...
CVE-2025-21701
CVE-2025-21701 : In the Linux kernel, a race existed between device unregistration and ethnl operations (ethnl_set_channels, ethtool checks) that could occur when a network device is being unregistered while its channels are modified. The issue arose because unregister_netdevice_many_notify could...
CVE-2006-20001
CVE-2006-20001 affects Apache HTTP Server 2.4.54 and earlier. The issue is triggered by a crafted If: header that can read memory or write a single zero byte in heap memory beyond the header value, potentially crashing the process. Industry advisories confirm the vulnerability in Apache httpd and...
CVE-2024-53690
CVE-2024-53690 (Linux kernel) describes a nilfs2 inode handling flaw where a deleted inode could be mis-reused, leading to inode duplication and i_nlink underflow during rmdir. The fix involves guarding against deleted inodes by verifying i_nlink in nilfs_iget() and reclaiming the inode when its ...
CVE-2021-34987
This CVE (CVE-2021-34987) concerns Parallels Desktop 16.5.1 (49187) where the HDAudio virtual device contains a buffer overflow due to improper validation of user-supplied data length before copying to a fixed-length buffer. The vulnerability enables local privilege escalation and arbitrary code ...
CVE-2022-0916
CVE-2022-0916 affects Logitech Options. The issue is that the OAuth 2.0 state parameter was not properly validated, enabling potential CSRF during authentication/authorization. Documents show vulnerability details and CVSS metrics but do not provide a concrete patch/version or remediation guidanc...
CVE-2022-46283
This CVE-2022-46283 entry is rejected/not used as stated in the Description.
CVE-2025-26793
CVE-2025-26793 affects Hirsch Enterphone MESH Web GUI. The default credentials (username: freedom, password: viscount) are not forced to be changed during initial configuration, and changing them is cumbersome. Attackers may use the Internet-facing endpoint mesh.webadmin.MESHAdminServlet to gain ...
CVE-2024-56566
The CVE-2024-56566 issue affects the Linux kernel mm/slub code. If alloc_consistency_checks fails during slab allocation, objects in that slab can be marked as used and the slab removed from the partial list, but later freeing an object could trigger remove_full() on a slab that is neither in the...
CVE-2024-53153
CVE-2024-53153 in the Linux kernel describes a crash condition for Qualcomm PCIe endpoints when PERST# is asserted and the host disables refclk. The issue arises because endpoint cleanup functions (e.g., dw_pcie_ep_cleanup() and pci_epc_deinit_notify()) previously ran during PERST# assert, while ...
CVE-2022-1186
The WordPress plugin Be POPIA Compliant (vulnerable up to 1.1.5) exposes site visitors’ emails and usernames to unauthenticated users via an API route. Root cause cited in multiple sources is insufficient access controls on the API route (no restrictions on sensitive data exposure). No exploit de...
CVE-2020-0436
CVE-2020-0436 entry is rejected/withdrawn and does not represent an active vulnerability.
CVE-2024-56616
CVE-2024-56616 (Linux kernel) affects drm_dp_mst sideband handling. The MST sideband message body length check was fixed to require at least 1 byte (accounting for the message CRC). Without this, a header with a valid header CRC but body length 0 could trigger memory corruption in drm_dp_sideband...
CVE-2024-53219
CVE-2024-53219 affects the Linux kernel virtiofs direct IO path when inserting a large module (e.g., 10 MB) with virtio-fs cache disabled. The root cause is a kernel memory allocation/IO path: kernel_read_file reads the module into a 10 MB vmalloc buffer, fuse_direct_io passes a 10 MB block as a ...
CVE-2023-52367
CVE-2023-52367 describes an improper access control vulnerability in the media library module, observed in Huawei HarmonyOS and EMUI. The root cause is access-control failure, with CVSS 3.1 indicating a local exploit could enable high-impact outcomes to integrity and availability, and no privileg...
CVE-2022-1517
Illumina Local Run Manager (LRM) software, affected versions 1.3–3.1, contains CVE-2022-1517 (execution with unnecessary privileges). An unauthenticated attacker could upload and execute code remotely at the OS level, potentially tampering with settings, software, data, or APIs and interacting ov...
CVE-2022-1708
CVE-2022-1708 affects CRI-O and causes memory or disk exhaustion on the node when handling large output from ExecSync. The vulnerability arises from CRI-O reading the entire command output after execution, which can exhaust node resources and impact availability. Connected advisories indicate aff...
CVE-2025-67887
CVE-2025-67887 afecta 1C-Bitrix with the Translate Module up to 25.100.500. The root cause is unvalidated archive contents during extraction/upload, allowing an attacker with SOURCE/WRITE to upload a PHP file and a crafted .htaccess, then execute code on the server. Impact is remote code executio...
CVE-2022-1999
CVE-2022-1999 affects GitLab CE/EE, all versions before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1. under certain conditions, an unprivileged user could change a labels description via the REST API. The issue is documented across multiple feeds (NVD, OSV, Nessus plugins) with consistent ...
CVE-2022-1505
The RSVPMaker WordPress plugin has an unauthenticated SQL Injection in rsvpmaker-api-endpoints.php (and related ~rsvpmaker-email.php) due to insufficient escaping/parameterization. Affects versions up to 9.2.6 per CVE-2022-1505; impact is disclosure of database data. Connected sources reiterate t...
CVE-2024-8377
This CVE ID is rejected/not used and does not represent an active vulnerability entry.
CVE-2019-15846
Exim CVE-2019-15846 affects Exim 4.92.x prior to 4.92.2, where a trailing backslash in SMTP processing enables remote code execution as root. Published advisories (e.g., ALAS-2019-1277/1310) confirm the issue and urge upgrading to Exim 4.92.2 or newer. Remediation: upgrade Exim to 4.92.2+ or appl...
CVE-2018-0802
CVE-2018-0802 is a Microsoft Office memory corruption/remote code execution vulnerability in the Equation Editor, triggered by crafted OLE/embedded objects in Office documents. Affected products include Office 2007, 2010, 2013, and 2016; the issue arises from the way Office handles in-memory obje...
CVE-2024-53190
The CVE 2024-53190 entry describes a Linux kernel issue in the Realtek RTLWiFi driver, where the efuse read path (read_efuse/read_efuse_byte during rtl8192cu probe) could loop up to 10k times on failure, causing extended system hang. The mitigated behavior is to drastically reduce retry attempts ...
CVE-2018-19052
The CVE-2018-19052 issue affects lighttpd’s mod_alias_physical_handler (mod_alias.c): when a configured alias lacks a trailing '/' but the target path has one, there is potential directory traversal to the parent of the alias target. Public advisories confirm this vulnerability across multiple di...
CVE-2021-34473
CVE-2021-34473 is part of the ProxyShell chain affecting on-premises Microsoft Exchange Server. The vulnerability arises from pre-auth path confusion that bypasses ACLs, enabling pre-auth remote code execution when combined with CVE-2021-34523 and CVE-2021-31207 in the same exploit chain. Exploit...
CVE-2022-2884
CVE-2022-2884 affects GitLab CE/EE with authenticated remote code execution via the Import from GitHub API endpoint. Affected versions span from 11.3.4 up to 15.1.5, and also include 15.2.x (up to 15.2.3) and 15.3.x (up to 15.3.1), according to the vulnerability description. Public exploit activi...