368379 matches found
CVE-2021-33157
CVE-2021-33157 affects Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware, where insufficient control flow management could allow a privileged user to escalate privileges via local access. The base CVSSv3.1 score is 7.2 (HIGH) with LOCAL access, HIGH complexity, a...
CVE-2021-33145
CVE-2021-33145 refers to an uncaught exception in Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware that may allow a privileged local escalation. Red Hat and Intel advisories corroborate the same description, with affected products including Intel® Ethernet Contr...
CVE-2021-33141
The CVE-2021-33141 issue affects Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware. The root cause is improper input validation in the firmware, which may allow an unauthenticated user to cause a denial of service via network access. The CVSS v3.1 base score is 8...
CVE-2008-6471
SQL injection vulnerability in MountainGrafix easyLink 1.1.0 affects detail.php via the cat parameter in a show action, allowing remote attackers to execute arbitrary SQL commands. This is the explicit root cause described in CVE-2008-6471. The connected records corroborate the same description f...
CVE-2025-23217
CVE-2025-23217 affects mitmweb (the web UI of mitmproxy). In versions 11.1.1 and earlier, a malicious client connected to mitmweb’s proxy server (default bind 0.0.0.0:8080) could reach mitmweb’s internal API (127.0.0.1:8081) through the proxy, enabling SSRF-style access that may lead to remote co...
CVE-2024-35796
The CVE-2024-35796 vulnerability concerns the Linux kernel net/ ll_temac code where platform_get_resource was replaced by devm_platform_ioremap_resource_byname and invoked with a 0-length name, leading to a path that ends up calling platform_get_resource_byname and dereferencing a NULL pointer in...
CVE-2025-25184
CVE-2025-25184 affects Rack (Ruby) where CRLF injection in usernames can be logged by Rack::CommonLogger when credentials are supplied via Rack::Auth::Basic. The issue enables log entry manipulation by including CRLF and whitespace in the username, potentially breaking log formats or injecting fr...
CVE-2021-39390
CVE-2021-39390 describes a Stored XSS in PartKeepr 1.4.0. The vulnerability arises in the edit module where multiple API endpoints accept a name parameter without proper sanitization/validation, allowing injection of JavaScript that can be executed in the client browser. Affected software: PartKe...
CVE-2021-33161
The CVE-2021-33161 issue concerns improper input validation in Intel Ethernet Adapters and Intel Ethernet Controller I225 Manageability firmware, enabling a privileged user to escalate privileges via local access. Affected products include Intel Ethernet Controller I225 Manageability firmware (be...
CVE-2021-43160
CVE-2021-43160 affects Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55. The vulnerability arises in the switchFastDhcp function under /cgi-bin/luci/api/diagnose, enabling remote code execution. The connected sources specify the affected product and the vulnerable component, ...
CVE-2014-0098
CVE-2014-0098 affects the Apache HTTP Server (mod_log_config) prior to version 2.4.8. The vulnerability is caused by how log_cookie is handled during truncation, allowing remote attackers to trigger a denial-of-service (segmentation fault and daemon crash). Public advisories and vendor notes (e.g...
CVE-2022-1902
CVE-2022-1902 describes a vulnerability in Red Hat Advanced Cluster Security for Kubernetes where Notifier secrets were not properly sanitized in the GraphQL API. This allows authenticated ACS users to retrieve Notifiers via GraphQL, potentially escalating privileges. CVSSv3.1 base score 8.8 (HIG...
CVE-2022-2083
CVE-2022-2083 affects the WordPress plugin “Simple Single Sign On”
CVE-2021-33142
Summary: CVE-2021-33142 affects Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware. The common issue is improper input validation in the firmware, which may allow a privileged user to cause a denial of service via local access. Connections across sources (Intel ad...
CVE-2021-41003
CVE-2021-41003 affects Aruba AOS-CX API interface across Aruba CX 6200F, 6300, 6400, 8320, 8325, 8400, and CX 8360 series. Reported as multiple unauthenticated command‑injection vulnerabilities with affected AOS-CX versions: 10.06.xxxx (<=10.06.0170), 10.07.xxxx (<=10.07.0050), 10.08.xxxx (...
CVE-2021-33158
CVE-2021-33158 affects Intel Ethernet Adapters and the Intel Ethernet Controller I225 Manageability firmware. Affected: Intel Ethernet Controller I225 Manageability firmware prior to NVM 1.87 and Intel Ethernet Adapters prior to version 29.0.1. Description from Intel advisory: improper neutraliza...
CVE-2022-0609
CVE-2022-0609 is a Google Chrome vulnerability described as a use-after-free in the Animation component, leading to potential heap corruption and remote code execution via a crafted HTML page. Affected product: Google Chrome (Animation). Vulnerable condition: use-after-free in the Chrome animatio...
CVE-2025-0633
CVE-2025-0633 is a heap-based buffer overflow in iniparser_dumpsection_ini() of iniparser, allowing read of out-of-bounds memory. Connected advisories (ALAS/ALAS2, Mageia, Debian, Fedora, Red Hat, Alpine, CIRCL) confirm iniparser as the affected package and cite a patched release; specifics vary ...
CVE-2019-7659
Genivia gSOAP 2.7.x and 2.8.x are affected by CVE-2019-7659 if a server application is built with -DWITH_COOKIES. The vulnerability exists in the C/C++ libraries libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ when built with that flag, enabling denial of service (application abort) and pos...
CVE-2024-24198
The vulnerability CVE-2024-24198 affects SmartDNS due to a misaligned address in smartdns/src/util.c within commit 54b4dc. Reported CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates high impact to availability with no confidentiality or integrity impact. The available documents do not provid...
CVE-2019-19141
The Plex Media Server CVE-2019-19141 vulnerability affects the Camera Upload feature through version 1.18.2.2029. It permits remote authenticated users to write files anywhere the Plex process user has permissions, enabling remote code execution. The described attack path includes directory trave...
CVE-2021-36260
CVE-2021-36260 is a command-injection vulnerability in the web server of Hikvision products caused by insufficient input validation. Public details in the provided docs confirm an attacker can trigger remote code execution via crafted messages to the device (no authentication required in some PoC...
CVE-2024-27028
CVE-2024-27028 is confirmed with concrete details in connected docs: the Linux kernel spi-mt65xx driver had a NULL pointer dereference in the interrupt handler during spi_transfer when tx_buf could be NULL. The fix adds a check for trans->tx_buf before use, mitigating potential crashes. Affect...
CVE-2023-24486
Citrix Workspace app for Linux is affected by a session takeover vulnerability (CVE-2023-24486) due to improper access control. An authenticated local user could gain access to another user’s Citrix Virtual Apps and Desktops session on the same machine when launching published desktops/applicatio...
CVE-2023-29542
Technical details for CVE-2023-29542 are not publicly disclosed in the provided documents. No affected products, root cause, or mitigation are specified here. Monitor for updates from the sources to obtain concrete information.
CVE-2024-29943
CVE-2024-29943 is a Firefox vulnerability: an attacker could perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. Affected product: Mozilla Firefox versions earlier than 124.0.1 (desktop; ESR has separate fixes). The root cause is an incor...
CVE-2019-14834
CVE-2019-14834 affects dnsmasq prior to 2.81 and causes a memory leak that can be exploited remotely to trigger a denial of service via DHCP response creation. Public details across multiple advisories indicate the root cause is in memory management (e.g., create_helper function and related code ...
CVE-2025-27516
CVE-2025-27516 : Jinja2 before 3.1.6 exposes a sandbox bypass via the |attr filter, allowing arbitrary Python code execution if an attacker controls template content. Affected: jinja2 versions prior to 3.1.6. Impact: execution of code in untrusted templates. Remediation: upgrade to 3.1.6 or newer...
CVE-2012-1823
CVE-2012-1823 affects PHP when run as CGI (php-cgi). The issue is that sapi/cgi/cgi_main.c mishandles query strings without an =, enabling remote code execution by passing command-line options in the query. Affected PHP versions include 5.3.x up to 5.3.12 and 5.4.x up to 5.4.2, with exploitation ...
CVE-2023-21713
CVE-2023-21713 is a Microsoft SQL Server remote code execution vulnerability. The CVE is addressed in the February 2023 security updates for SQL Server 2019/GDR (KB5021125) and related KBs, which list CVE-2023-21713 among addressed issues. The vulnerability affects SQL Server components and is mi...
CVE-2021-25636
CVE-2021-25636 affects The Document Foundation LibreOffice 7.2.x prior to 7.2.5. The issue arises from an Improper Certificate Validation in which a document can be crafted so that the signature verification process uses KeyValue data while reporting a mismatch with X509Data, undermining trust in...
CVE-2019-2725
CVE-2019-2725 is an Oracle WebLogic Server vulnerability (Web Services subcomponent) that allows unauthenticated, network-based remote code execution via HTTP. Affected versions include Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0. The root cause is deserialization of untrusted objects in Web...
CVE-2011-1002
Avahi CVE-2011-1002 affects the avahi-daemon (avahi) before 0.6.29. A remote attacker can trigger a denial of service (infinite loop) by sending an empty mDNS UDP packet to port 5353 (IPv4 or IPv6). The issue arises from an incorrect fix related to CVE-2010-2244. Public advisories and distributio...
CVE-2025-1386
CVE-2025-1386 concerns the ch-go library from github.com/ClickHouse/ch-go. The issue is a vulnerability in which, under a specific condition where a query includes large, uncompressed external data, an attacker who controls that data can smuggle another query packet into the same connection strea...
CVE-2011-4448
CVE-2011-4448 affects WikkaWiki 1.3.1 and 1.3.2. The vulnerability is an SQL injection in actions/usersettings/usersettings.php via the default_comment_display parameter in an update action, caused by insufficient sanitization. This allows remote attackers to inject arbitrary SQL commands and pot...
CVE-2025-26620
CVE-2025-26620 describes a race condition in Duende.AccessTokenManagement when multiple concurrent requests for client credentials tokens use varying TokenRequestParameters. The issue can cause concurrent requests to return tokens with incorrect protocol parameters (scope, resource indicator, etc...
CVE-2021-3899
CVE-2021-3899 involves a race condition in Apport's replaced-executable detection that, with specific local configuration, could allow a local attacker to run arbitrary code as root. This vulnerability is referenced in multiple advisories (Ubuntu USN-6894-1, RH Red Hat CVE notes, and Nessus/OSV e...
CVE-2024-57883
Technical details about CVE-2024-57883 are not provided in the supplied documents. Monitor official kernel advisories and vendor security notices for affected products, scope, and fixes.
CVE-2014-0050
This CVE affects Apache Commons FileUpload (MultipartStream.java) before version 1.3.1, as used in Apache Tomcat, JBoss Web, and other products. The root cause is a crafted Content-Type header that bypasses the loop exit conditions, allowing remote attackers to trigger an infinite loop and high C...
CVE-2019-16935
The CVE-2019-16935 issue concerns the documentation XML-RPC server in Python (Lib/DocXMLRPCServer.py for Python 2.x and Lib/xmlrpc/server.py for Python 3.x). The root cause is that server_title, when set_server_title is called with untrusted input, can deliver arbitrary JavaScript to clients via ...
CVE-2022-2569
This CVE (CVE-2022-2569) affects ARC Informatique PcVue (OAuth Web Service configuration) components: PcVue 12 (before 12.0.27) and PcVue 15 (before 15.2.3). The vulnerability stems from cleartext storage of sensitive information, potentially allowing an authenticated user to access session data ...
CVE-2021-3426
CVE-2021-3426 corresponds to a vulnerability in Python’s pydoc where the getfile feature could be abused to read arbitrary files. The linked sources confirm the issue affects Python versions prior to specific releases (e.g., Python before 3.8.9, 3.9.3, and 3.10.0a7 per the CVE description) and no...
CVE-2021-1372
Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows are affected by a local information-disclosure vulnerability due to unsafe shared-memory usage. An authenticated, local attacker with access to system memory can exploit this by running a local app that reads shared memory,...
CVE-2021-25635
CVE-2021-25635 is a certificate-validation vulnerability in LibreOffice described as a Content Manipulation with Certificate Validation Attack. An attacker could enable self-signed ODF documents, then modify the signature algorithm to an invalid/unknown one; LibreOffice could display the signatur...
CVE-2024-27037
CVE-2024-27037 (Linux kernel) affects the zynq clock controller path. The kmalloc() failure in zynq_clk_setup() can yield NULL, risking a NULL pointer dereference when using snprintf() to write to that address. A patch replaces the kmalloc()-based allocation with a stack-allocated variable, preve...
CVE-2024-26584
CVE-2024-26584 is a Linux kernel TLS backlogging vulnerability where setting CRYPTO_TFM_REQ_MAY_BACKLOG on crypto_api requests can cause crypto_aead_encrypt/decrypt to return -EBUSY in valid cases. If the cryptd AES-NI queue is full, requests are enqueued to backlog and may be processed, triggeri...
CVE-2021-43161
CVE-2021-43161 affects Ruijie RG-EW Series Routers (Ruijie Networks) running ReyeeOS up to 1.55.1915 / EW_3.0(1)B11P55. The vulnerability is triggered via the doSwitchApi function in /cgi-bin/luci/api/switch, enabling Remote Code Execution. Several sources describe it as an RCE due to the path an...
CVE-2024-56633
The CVE-2024-56633 issue in the Linux kernel relates to tcp_bpf_sendmsg and the sk_mem_uncharge accounting in __SK_REDIRECT. The current approach pre-uncharges tosend bytes (msg->sg.size or apply_bytes), which can lead to under/over charging if actual sent bytes differ or if ret < 0. The ci...
CVE-2021-31207
CVE-2021-31207 is one of the ProxyShell chain affecting on-premises Microsoft Exchange Server, enabling post-auth arbitrary-file-write that can lead to remote code execution. Exploitation chains documented in FireEye and related advisories describe initial steps using Autodiscover and MAPI to lea...
CVE-2021-45966
Pascom Cloud Phone System prior to 7.20.x contains a remote code execution flaw in the management REST API: /services/apply in exd.pl does not properly filter shell metacharacters, enabling an attacker to run arbitrary code. Affected component is the /services/apply endpoint of the exd.pl script;...