CVE-2023-24535

CVE-2023-24535 is a vulnerability in the Go protobuf handling in google.golang.org/protobuf where parsing a text-format message containing a minus sign, whitespace, and no further input can cause a panic. The issue is described across multiple sources (OSV and NVD entries) with the same descripti...

CVE-2022-29144

CVE-2022-29144 : Microsoft Edge (Chromium-based) has an Elevation of Privilege vulnerability. The NVD entry rates it as CVSS v3.1 base score 7.5 (HIGH) with vectors AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. Exploitation involves no user privilege but requires user interaction, and the impact covers co...

CVE-2025-20064

CVE-2025-20064 describes improper input validation in the UEFI FlashUcAcmSmm module for Intel reference platforms, enabling local privilege escalation and potential local code execution. The vulnerability requires a privileged system software adversary, with no user interaction, and is characteri...

CVE-2025-21656

CVE-2025-21656 is a Linux kernel issue in topology printing (cpumap) where the vsnprintf-based formatting could mutate the cpumask during output, leading to inconsistent core visibility in the printed cpumap. The fix keeps the cpumask unchanged by caching it to a temporary variable before printin...

CVE-2019-8331

CVE-2019-8331 affects Bootstrap: XSS in tooltip/popover data-template attribute observed in Bootstrap 3.4.1 and 4.3.x before 4.3.1. The underlying issue is an input that can inject script into a client browser when the vulnerable template is rendered. Affected versions include Bootstrap 3.x prior...

CVE-2024-57917

CVE-2024-57917 : In the Linux kernel, the cpumask may be modified during printing of cpumap, causing mismatched lengths in kvasprintf-based formatting. The fix caches the cpumask to a temporary variable before cpumap_print_{list, cpumask}_to_buf() to keep it unchanged during printing. Impact is p...

CVE-2022-41082

CVE-2022-41082 is the RCE component of Microsoft Exchange’s ProxyNotShell chain. It relies on a deserialization gadget in the PSRP backend that an authenticated attacker can reach after exploiting CVE-2022-41040 SSRF. Successful exploitation yields code execution as NT AUTHORITY\SYSTEM on vulnera...

CVE-2020-0787

CVE-2020-0787 is a privilege-escalation flaw in Microsoft Windows BITS (Background Intelligent Transfer Service) caused by improper handling of symbolic links. The issue can allow an attacker who can run code on a vulnerable host to escalate to system-level privileges and execute arbitrary code. ...

CVE-2022-22963

CVE-2022-22963 affects Spring Cloud Function: in versions 3.1.6, 3.2.2 and older unsupported releases, routing-expression using SpEL can be crafted by a user to trigger remote code execution and access local resources. The root cause is unsafe evaluation of SpEL within the HTTP request routing he...

CVE-2020-25719

CVE-2020-25719 affects Samba AD DC and stems from how Kerberos name-based authentication handles PAC/SID data, potentially enabling domain-wide compromise if the PAC/SIDs are not strictly enforced. The description in connected documents reiterates that the flaw could allow attackers to confuse wh...

CVE-2020-15075

OpenVPN Connect for macOS is affected: installer versions 3.2.6 and older may corrupt system files via symlinks in /tmp. Root cause described as improper access to /tmp symlinks enabling modification of critical files. Public documents describe impact as potential file corruption but do not provi...

CVE-2018-10561

CVE-2018-10561 describes an authentication bypass in Dasan GPON home routers. The vulnerability allows an attacker to bypass login by appending “?images” to URLs on pages that require authentication (e.g., /menu.html?images/ or /GponForm/diag_FORM?images/), potentially granting the attacker acces...

CVE-2025-1736

CVE-2025-1736 affects PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. The issue is caused by insufficient validation of end-of-line characters in user-supplied headers, which may prevent certain headers from being sent or cause headers to be misinterpret...

CVE-2016-5387

CVE-2016-5387 affects Apache httpd prior to 2.4.25, where RFC 3875 compliance allows untrusted HTTP_PROXY data to influence outbound proxy selection via a crafted Proxy header (the httpoxy issue). Public docs indicate the issue arises from the HTTP_PROXY environment variable being exposed to appl...

CVE-2021-31166

CVE-2021-31166 : A use-after-free in Microsoft’s HTTP Protocol Stack (http.sys) enables remote code execution. The issue occurs in http!UlpParseContentCoding: a local LIST_ENTRY is built and then moved into the Request structure without nulling the local list, leaving entries dangling and allowin...

CVE-2020-8515

CVE-2020-8515 affects DrayTek Vigor2960, Vigor3900 and Vigor300B devices (various Beta firmware versions) via the cgi-bin/mainfunction.cgi endpoint. The root cause is unsafely processed shell metacharacters in POST requests, enabling remote code execution with root privileges without authenticati...

CVE-2024-57889

CVE-2024-57889 is resolved in the Linux kernel via a patch to the pinctrl-mcp23s08 driver. The issue occurred when using MCP23xxx IO expanders to receive IRQs, where regmap locking (mutex) around regmap_update_bits_base was invoked from a context that held a spinlock in __setup_irq(), leading to ...

CVE-2021-36160

CVE-2021-36160 affects Apache HTTP Server mod_proxy_uwsgi. A crafted request URI-path can cause mod_proxy_uwsgi to read beyond allocated memory, triggering a DoS. The issue is reported for Apache httpd versions 2.4.30–2.4.48. Public sources in connected documents corroborate the impact as an out-...

CVE-2020-3452

CVE-2020-3452 affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) web services. The issue is due to improper input validation of URLs in HTTP requests, enabling unauthenticated, remote attackers to perform directory traversal and read files from the web services filesystem (enable...

CVE-2024-53197

CVE-2024-53197 is an Linux kernel vulnerability in the USB audio driver (ALSA usb-audio). A malformed USB device can report a bNumConfigurations value larger than the initial allocation in usb_get_configuration, enabling out-of-bounds accesses later (e.g., during usb_destroy_configuration). The i...

CVE-2024-57791

CVE-2024-57791 affects the Linux kernel net/smc component. The vulnerability arises when draining clc data: the length field in smc_clc_msg_hdr, sourced from the network, may be trusted and if it exceeds buflen in smc_clc_wait_msg, a deadloop can occur. The connected documents describe the patch ...

CVE-2023-52436

CVE-2023-52436 affects the Linux kernel in the f2fs file system. The issue arises when setting an extended attribute (xattr) because the xattr list was not guaranteed to be zeroed in unused space; the fix explicitly terminates the xattr list to avoid relying on zeroed unused space. The descriptio...

CVE-2023-52455

Mode C: CVE-2023-52455 relates to the Linux kernel IOMMU handling where a 0-length IOVA region in the iommu-addresses property could lead to IOVA rbtree corruption and display IOMMU mapping failures when framebuffer is absent. The documented fix adds a kernel check to skip IOVA reservation when t...

CVE-2021-22204

CVE-2021-22204 : ExifTool versions 7.44 and later are vulnerable to arbitrary code execution when parsing a malicious image due to improper neutralization of user data in the DjVu file format. Several connected sources confirm this remote code execution vector within ExifTool’s handling of DjVu c...

CVE-2008-4770

CVE-2008-4770 affects RealVNC VNC Viewer components (CMsgReader::readRect) and allows remote code execution via crafted RFB protocol data. Affected editions include VNC Free Edition 4.0–4.1.2, Enterprise E4.0–E4.4.2, and Personal P4.0–P4.4.2, with exploitation tied to encoding type handling in th...

CVE-2024-56681

In CVE-2024-56681, the Linux kernel vulnerability concerns the crypto/bcm driver: the ahash_hmac_init function did not account for errors from the underlying ahash_init, potentially returning OK when the init failed (e.g., -ENOMEM). The issue is fixed by adding an error check to ensure ahash_hmac...

CVE-2022-28733

CVE-2022-28733 is a real grub2 vulnerability: an integer underflow in grub_net_recv_ip4_packets when processing IPv4 packets can cause a small rsm->total_len to wrap, potentially triggering a write past the end of a memory buffer. Public advisories (Debian DSA, Red Hat/NVD references) and vend...

CVE-2025-29787

CVE-2025-29787 (zip crate) : In affected versions (1.3.0 up to before 2.3.0), the archive extraction path validation is bypassed for earlier symbolic links, allowing a crafted archive to overwrite arbitrary files when extracted. Impact includes potential overwrite of critical files and possible c...

CVE-2021-1732

CVE-2021-1732 is a Windows Win32k local privilege escalation vulnerability. The root cause is a flaw in how the WndExtra field is handled as an offset, enabling an out-of-bounds write that grants SYSTEM privileges. Public exploit activity exists in multiple GitHub repos that demonstrate a local p...

CVE-2024-9468

CVE-2024-9468 is a memory corruption vulnerability in Palo Alto Networks PAN-OS that allows an unauthenticated attacker to crash PAN-OS via a crafted data-plane packet, causing a denial-of-service and maintenance-mode state. Affected: PAN-OS software (data plane handling). Root cause: memory corr...

CVE-2023-34362

MOVEit Transfer CVE-2023-34362 is a SQL injection vulnerability in the MOVEit Transfer web app that allows an unauthenticated attacker to access MOVEit databases. Affected versions include 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), with all ...

CVE-2021-30661

CVE-2021-30661 is a use-after-free vulnerability in WebKit Storage that could lead to arbitrary code execution when processing malicious web content. Affected: WebKit/WebKitGTK/WebKit Storage components on Apple platforms (Safari/WebKit on macOS/iOS/iPadOS, and WebKitGTK implementations) as descr...

CVE-2021-27765

The CVE-2021-27765 entry relates to BigFix components packaged with InstallShield. Concrete details from connected documents show that BigFix Server API installer (and related BigFix Console/Client installers) use InstallShield and are affected by CVE-2021-41526, which involves InstallScript acti...

CVE-2021-3493

Summary: CVE-2021-3493 is a Linux kernel overlayfs privilege-escalation issue where overlayfs does not properly validate file capabilities against user namespaces, enabling local privilege escalation on systems using unprivileged user namespaces with Ubuntu overlay patches. The vulnerability is r...

CVE-2020-9484

CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...

CVE-2015-1635

CVE-2015-1635 (HTTP.sys RCE) affects Microsoft Windows HTTP.sys on Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold/R2. The vulnerability enables remote code execution via crafted HTTP requests, caused by improper parsing in HTTP.sys. Public references i...

CVE-2006-4924

OpenSSH sshd (OpenSSH) vulnerable when using SSH protocol 1; specially crafted SSH1 packets with duplicate blocks can cause the sshd process to consume excessive CPU, enabling a denial of service. This affects OpenSSH versions prior to 4.4 and is linked to improper handling by the CRC compensatio...

CVE-2018-4878

Adobe Flash Player vulnerability CVE-2018-4878 is a use-after-free in the DRM/Primetime-related code (DRMManager initialize) that could allow remote arbitrary code execution. Affected products are Flash Player before 28.0.0.161; exploitation in the wild was reported in early 2018. Exploitation of...

CVE-2023-45802

CVE-2023-45802 describes a memory‑leak condition in HTTP/2 handling: when a client resets a stream, memory deallocation is deferred until connection close, allowing a connection to accumulate memory usage over time. Astra Linux security notes reproduce the issue description and cite a fix in Apac...

CVE-2020-5135

CVE-2020-5135 is a buffer overflow in SonicOS affecting multiple releases (Gen 6: 6.5.4.7, 6.5.1.12, 6.0.5.3; SonicOSv: 6.5.4.v; Gen 7: 7.0.0.0). The vulnerability allows a remote attacker to cause Denial of Service and potentially execute arbitrary code by sending a malicious request to affected...

CVE-2019-0232

CVE-2019-0232 affects Apache Tomcat CGI Servlet when enableCmdLineArguments is enabled, allowing remote code execution via crafted HTTP requests on Windows. Affected: Tomcat 7.0.0–7.0.93, 8.5.0–8.5.39, 9.0.0.M1–9.0.17. The vulnerability stems from how the CGI environment builds command-line param...

CVE-2019-10097

CVE-2019-10097 affects Apache HTTP Server 2.4.32–2.4.39 when mod_remoteip is configured to use a trusted intermediary proxy server via the PROXY protocol. A specially crafted PROXY header can trigger a stack buffer overflow or NULL pointer dereference, potentially crashing the server or impacting...

CVE-2024-5642

CVE-2024-5642 affects CPython 3.9 and earlier where CPython allows an empty list for SSLContext.set_npn_protocols(), an invalid value for the OpenSSL API. The underlying issue is a buffer over-read when NPN is used, related to CVE-2024-5535 (OpenSSL). The vulnerability is characterized as low sev...

CVE-2022-31107

CVE-2022-31107 is a Grafana OAuth account takeover vulnerability. It affects Grafana versions 5.3 through 9.0.3 and also 8.5.9, 8.4.10, and 8.3.10. A malicious user who can log in via a configured OAuth IdP can take over another Grafana user’s account if the attacker’s external user id and email ...

CVE-2020-11651

SaltStack Salt (CVE-2020-11651) vulnerable in Salt before 2019.2.4 and 3000 before 3000.2: the salt-master ClearFuncs class does not properly validate method calls, enabling a remote, unauthenticated user to access certain methods, retrieve user tokens from the salt-master, and potentially run ar...

CVE-2017-9805

CVE-2017-9805 affects the Apache Struts 2 REST plugin. The REST plugin uses an XStreamHandler with an XStream instance to deserialize XML without any type filtering, enabling remote code execution when processing crafted XML payloads. Affected versions are Struts 2.1.1–2.3.x before 2.3.34 and 2.5...

CVE-2024-45817

The CVE-2024-45817 entry concerns the Xen hypervisor on x86, where deadlock can occur in vlapic_error() when handling errors from the APIC status ring. The description states that error conditions are reported in a status register and that the OS may receive an interrupt for new errors; configuri...

CVE-2018-16487

CVE-2018-16487 is a prototype pollution vulnerability in lodash versions below 4.17.11, where merge/mergeWith/defaultsDeep can modify Object.prototype. IBM-focused bulletins in the Connected Documents confirm this CVE is present in IBM-related advisories and list affected IBM products (e.g., IBM ...

CVE-2020-3153

Cisco AnyConnect Secure Mobility Client for Windows is affected by CVE-2020-3153: an attacker with valid Windows credentials can exploit the installer IPC path handling to copy files to system directories with SYSTEM privileges, enabling privilege escalation (and DLL hijacking) via vpndownloader....

CVE-2024-56645

CVE-2024-56645 affects the Linux kernel CAN j1939 implementation. The fix in j1939_session_new() adds an extra skb_get() for the initial skb to match j1939_session_skb_queue() and prevent skb refcount underflow. Connected advisories (Astra Linux, AlmaLinux errata, etc.) reiterate the same, confir...