CVE-2018-3063

CVE-2018-3063 is a MySQL/MariaDB Server vulnerability in the Privileges subcomponent. Affected products include MySQL/MariaDB Server versions up to 5.5.60 and earlier. The vulnerability is exploitable by a high-privileged attacker with network access via multiple protocols and can lead to a hang ...

CVE-2015-5123

CVE-2015-5123 describes a use-after-free in the BitmapData class of the ActionScript 3 (AS3) implementation in Adobe Flash Player . The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by crafting Flash content that overrides a value...

CVE-2007-4995

CVE-2007-4995 describes an off-by-one error in the DTLS implementation of OpenSSL 0.9.8 prior to 0.9.8f that could allow a remote attacker to execute arbitrary code via unspecified vectors. Multiple connected advisories confirm this DTLS flaw and the need to upgrade OpenSSL to a fixed release (0....

CVE-2026-35385

OpenSSH before 10.3 is affected. When using scp as root with -O (legacy protocol) and without -p, a downloaded file may be installed setuid or setgid, contrary to user expectations. This could enable privilege elevation per the cited advisories. Remediation: upgrade to OpenSSH 10.3p1 or later (as...

CVE-2022-37451

Exim before 4.96 is vulnerable to an invalid free in pam_converse (auths/call_pam.c) because store_free is not used after store_malloc. The flaw is memory-management related and, per sources, can lead to denial of service. Affected product: Exim MTA; root cause: missing deallocation after allocat...

CVE-2015-0311

CVE-2015-0311 affects Adobe Flash Player on Windows/macOS up to 16.0.0.287 and Linux 11.2.202.438, described as an unspecified vulnerability that allowed remote code execution via unknown vectors. Exploitation in the wild was reported in January 2015. Connected sources confirm this is a remote-co...

CVE-2016-3393

CVE-2016-3393 affects the Graphics Device Interface (GDI/GDI+) in Windows, where improper handling of memory objects in the GDI component can enable remote code execution. The vulnerability impacts multiple Windows editions (Vista through Windows 10 variants listed in the CVE description) and is ...

CVE-2014-3523

CVE-2014-3523 corresponds to a memory leak in the WinNT MPM of Apache HTTP Server 2.4.x on Windows. Specifically, when AcceptFilter is enabled, the winnt_accept function in server/mpm/winnt/child.c can leak memory under crafted requests, leading to denial of service. The vulnerability is tied to ...

CVE-2017-0022

CVE-2017-0022 affects Microsoft XML Core Services (MSXML) across multiple Windows OS versions; vulnerability stems from improper handling of memory objects, enabling an attacker to determine whether a file exists on disk via a crafted web site. Public sources classify it as an information-disclos...

CVE-2023-43804

CVE-2023-43804 affects the Python urllib3 library, where a Cookie header may be leaked across cross-origin redirects if redirects are not disabled. The issue is resolved in urllib3 1.26.17 or 2.0.5. Affected environments are confirmed in multiple reports, including AlmaLinux and Brocade advisorie...

CVE-2020-2574

CVE-2020-2574 affects the Oracle MySQL Client (C API). Affected: MySQL Client in Oracle MySQL releases 5.6.46 and earlier, 5.7.28 and earlier, and 8.0.18 and earlier. Description in the sources: vulnerability allows an unauthenticated attacker with network access via multiple protocols to cause a...

CVE-2022-20809

Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) have a CVE-2022-20809 vulnerability in their API and web-based management interfaces that could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. The issue...

CVE-2022-26258

CVE-2022-26258 affects D-Link DIR-820L devices (firmware around 1.05B03). Multiple open‑source scanners and NVD entries describe a remote code execution (RCE) vulnerability in this model, with initial reports citing an RCE via HTTP POST to get set ccp and separate notes of an RCE via the Device N...

CVE-2014-9163

Adobe Flash Player is affected by CVE-2014-9163: a stack-based buffer overflow allows remote code execution. Affected: Windows and OS X Flash Player before 13.0.0.259 and 14.x before 15.0.0.246, and Linux Flash Player before 11.2.202.425. Root cause: stack-based overflow in vulnerable code paths;...

CVE-2012-2750

CVE-2012-2750 refers to an unspecified vulnerability in MySQL 5.5.x before 5.5.23 with unknown impact and attack vectors related to a Security Fix (Bug #59533). The description notes this may be a duplicate of CVE-2012-1689, and Oracle had not commented on that possibility as of 2012-08-16. Sever...

CVE-2008-0122

CVE-2008-0122 describes an off-by-one error in the inet_network function in libbind used by ISC BIND 9.4.2 and earlier. The vulnerability affects those BIND versions (and is used in libc on FreeBSD 6.2–7.0-PRERELEASE), enabling context-dependent attackers to trigger memory corruption that can cau...

CVE-2026-50751

CVE-2026-50751 is a logic-flow weakness in certificate validation during the deprecated IKEv1 key exchange used by Check Point Remote Access VPN, Mobile Access, and Spark Firewall. The flaw allows an unauthenticated attacker to bypass user authentication and establish a VPN session without a vali...

CVE-2022-29241

CVE-2022-29241 affects Jupyter Server (backend for Jupyter web apps) prior to 1.17.1. If notebook_server is started with root_dir containing the starting user’s home directory, an authenticated user can leak the start-time access token via the REST API by guessing/brute-forcing the server PID. Th...

CVE-2020-7656

CVE-2020-7656 affects jQuery versions prior to 1.9.0. The vulnerability arises from the load method failing to strip certain ), enabling cross‑site scripting. Public materials describe PoC/exploitation and public advisories/patch guidance (e.g., upgrade to 1.9.0+). The CVE is documented with an o...

CVE-2021-28359

Technical details for CVE-2021-28359 are not present in the provided documents. Public sources in Connected Documents do not specify affected products/versions or fixes. Monitor for updates.

CVE-2013-3587

CVE-2013-3587 (BREACH) concerns TLS/SSL data compression leaks where compressed HTTPS responses reveal plaintext by observing size differences. The linked documents confirm this is a BREACH-type issue affecting HTTPS with HTTP compression, not tied to a single product. Mitigations documented incl...

CVE-2009-1891

CVE-2009-1891 affects the Apache HTTP Server mod_deflate in 2.2.x (notably 2.2.11 and earlier). The issue causes CPU consumption DoS by compressing large files even after the client connection closes. Public advisories across distributions confirm the flaw and its remediation via updated packages...

CVE-2020-3441

Cisco Webex Meetings and Cisco Webex Meetings Server are affected by CVE-2020-3441, a information-disclosure vulnerability caused by insufficient protection of sensitive participant information. An unauthenticated, remote attacker could browse the Webex roster and obtain details such as email and...

CVE-2020-7068

CVE-2020-7068 affects PHP’s phar_parse_zipfile when processing PHAR archives. The flaw allows a use-after-free on freed memory, potentially causing a crash or information disclosure. Affected versions: PHP 7.2.x below 7.2.33, 7.3.x below 7.3.21, and 7.4.x below 7.4.9. Remediation details present ...

CVE-2019-10744

CVE-2019-10744 affects lodash versions lower than 4.17.12 and enables Prototype Pollution via defaultsDeep, by injecting a constructor payload to modify Object.prototype. IBM X-Force lists a base3.1 score of 9.1 (CRITICAL) and confirms the prototype pollution impact. Remediation: upgrade lodash t...

CVE-2024-0107

CVE-2024-0107 is an out-of-bounds read in the NVIDIA GPU Display Driver for Windows user-mode layer. Public findings (Talos TALOS-2024-1956) describe exploitation via a malformed shader in the NVIDIA GPU Compiler Driver, affecting NVIDIA GPU Driver versions such as 551.61 and 31.0.15.5161, with p...

CVE-2022-22215

CVE-2022-22215 describes a Denial of Service in Junos OS and Junos OS Evolved due to a missing release of file descriptors/handles after a gRPC connection ends. The root cause is that /var/run/.env files may not be deleted when a gRPC session terminates, potentially exhausting inodes. Affected pr...

CVE-2024-48310

The CVE-2024-48310 entry concerns AutoLib Software Systems OPAC v20.10, where multiple API keys are exposed in the source code (e.g., main.js) allowing potentially unauthorized access to the backend API or other sensitive information. Affected component: API keys embedded in the codebase; exploit...

CVE-2024-51545

CVE-2024-51545 affects ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02. The issue is a username enumeration vulnerability that allows access to application-level username add, delete, modify and list functions. Root cause details are not fully specified in the ...

CVE-2022-23457

CVE-2022-23457 affects ESAPI (OWASP Enterprise Security API) Java legacy. The default implementation of Validator.getValidDirectoryPath(String, String, File, boolean) before version 2.3.0.0 may treat the input string as a child of the specified parent directory, potentially bypassing control-flow...

CVE-2015-4620

Vulnerability CVE-2015-4620 affects ISC BIND when configured as a DNSSEC-validating recursive resolver. name.c in BIND 9.7.x–9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2 can crash the server (assertion failure and daemon exit) after crafting zone data and issuing a query for a name in that z...

CVE-2013-5704

CVE-2013-5704 concerns the Apache HTTP Server mod_headers trailer-header bypass vulnerability. The issue arises when a client places headers in the trailer portion of a chunked request, potentially bypassing RequestHeader unset directives and allowing header manipulation after header processing. ...

CVE-2021-30005

CVE-2021-30005 affects JetBrains PyCharm prior to 2020.3.4. The issue stems from PyCharm's initial project handling where, on first open, PyCharm would auto-activate a virtual environment found in the project, enabling an attacker to place a malicious venv in a VCS repository. A PoC demonstrates ...

CVE-2016-4171

CVE-2016-4171 is an unspecified memory-corruption vulnerability in Adobe Flash Player 21.0.0.242 and earlier that allows remote code execution. The vulnerability was leveraged in the wild in June 2016. Affected product: Flash Player. Root cause and exact vectors are not detailed in the provided d...

CVE-2010-4816

CVE-2010-4816 affects FreeBSD 8.0, 6.3, 4.9 and OpenBSD 4.6. The issue is a null pointer dereference in ftpd/popen.c that may enable remote denial of service of the ftpd service. The sources indicate a network-accessible trigger with availability impact, but do not provide exploitation details or...

CVE-2018-20406

CVE-2018-20406 affects Python’s pickle handling: an integer overflow in Modules/_pickle.c when resizing with a large LONG_BINPUT can cause memory exhaustion. The issue is triggered when serializing tens-to-hundreds of gigabytes of data via pickle. Affected Python versions include older 3.x branch...

CVE-2014-8439

CVE-2014-8439 describes a dereferenced memory pointer vulnerability in Adobe Flash Player (and related AIR components) that could allow remote code execution. The initial entry lists multiple affected branches: Flash Player versions prior to 13.0.0.258, 14.x, and 15.x before 15.0.0.239 on Windows...

CVE-2025-1217

CVE-2025-1217 affects PHP’s http stream wrapper: folded headers parsed incorrectly during HTTP response handling, which may cause misinterpretation of headers and MIME types. Public advisories reference fixes in PHP 8.1.x up to 8.1.32, 8.2.x up to 8.2.28, 8.3.x up to 8.3.19, and 8.4.x up to 8.4.5...

CVE-2019-13638

CVE-2019-13638 affects GNU patch up to version 2.7.6. It enables OS shell command injection when processing a crafted patch file containing an ed-style diff payload with shell metacharacters; the ed editor need not be present on the target system. Multiple connected advisories confirm vulnerable ...

CVE-2022-39324

Grafana prior to versions 8.5.16 and 9.2.8 is affected by CVE-2022-39324, where a malicious user can craft a snapshot URL to mislead other users via an attacker-injected originalUrl. The vulnerability arises from a web proxy-related query editing, causing the Open original dashboard button to poi...

CVE-2018-4990

Adobe Acrobat and Reader (various 2015–2018 era builds) contain a Double Free vulnerability in the JavaScript engine that could allow arbitrary code execution in the context of the current user when exploited. Affected versions include 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2...

CVE-2023-22515

CVE-2023-22515 affects Atlassian Confluence Data Center and Server. The issue is a broken access control vulnerability that enables an unauthenticated attacker to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected, and ins...

CVE-2019-18196

Summary (CVE-2019-18196): A DLL sideloading vulnerability in the Windows Service component of TeamViewer allows potential code execution via a service restart when a malicious DLL is placed in the TeamViewer directory. Affected TeamViewer versions and fixes include: up to 11.0.133222 (fixed in 11...

CVE-2015-0310

CVE-2015-0310 is an Adobe Flash Player ASLR bypass vulnerability that allows discovery of memory addresses, bypassing ASLR with implications across affected platforms. Connected advisories confirm remediation by upgrading Flash Player to version 11.2.202.440 (RHSA-2015:0094; OpenSUSE openSUSE-SU-...

CVE-2016-3351

CVE-2016-3351 is a information-disclosure vulnerability affecting Microsoft Internet Explorer (IE) 9–11 and Microsoft Edge. The issue arises from improper handling of objects in memory by affected scripting engines, which could allow a remote attacker to detect or obtain sensitive files on the us...

CVE-2007-4559

Summary (fact-grounded) : The connected advisory describes a directory traversal vulnerability in Python's tarfile extraction path as used by Keras’ get_file() in keras.utils.get_file(), where extractall() is called without a security filter. The root cause is a PATH_MAX symlink resolution bug th...

CVE-2023-38546

CVE-2023-38546 affects libcurl/curl (curl_easy_duphandle path). Root cause: when duplicating an easy handle with cookies enabled, the cookie state is cloned without cookies; if source hadn’t loaded cookies from disk, the clone may load cookies from a file named none in the program’s CWD, enabling...

CVE-2021-4197

CVE-2021-4197 is a Linux kernel vulnerability in the cgroup process migration permission checks. A local attacker could escalate privileges due to incorrect permission validation for cgroup-associated processes (affecting both cgroup v1 and v2). The issue is described across multiple sources as a...

CVE-2022-4450

Summary (CVE-2022-4450): OpenSSL’s PEM_read_bio_ex() and wrappers PEM_read_bio()/PEM_read() are vulnerable. If a PEM file is crafted to trigger a 0-byte payload, PEM_read_bio_ex() may return a failure while its header buffer has already been freed; freeing that buffer again can cause a use-after-...

CVE-2021-41184

CVE-2021-41184 describes an XSS in jQuery-UI before 1.13.0 where untrusted input passed to the of option of the .position() utility could lead to code execution. The connected documents confirm the issue affects jQuery-UI embedded in other software (e.g., OTRS/IU contexts) and state the fix is to...