CVE-2023-32435

CVE-2023-32435 is a memory corruption vulnerability in WebKit-based components affecting Apple platforms. The connected sources specify that processing web content could lead to arbitrary code execution and that the issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, and ...

CVE-2021-3468

CVE-2021-3468 affects the Avahi package: versions 0.6 through 0.8 contain a flaw where the event signaling termination of a client connection on the Avahi Unix socket is mishandled in client_work, allowing a local attacker to trigger an infinite loop. The primary impact is availability, with the ...

CVE-2024-20328

CVE-2024-20328 affects the ClamAV VirusEvent feature, where unsafe handling of file names can allow a local attacker to inject and execute arbitrary commands with the privileges of the application service account (local vector, low complexity). The root cause is command-line sequence processing s...

CVE-2020-1967

CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...

CVE-2008-3317

Maian Search 1.1 and earlier are affected by an authentication bypass in admin/index.php: remote attackers can gain admin access by sending an arbitrary search_cookie cookie. This is caused by improper validation of the cookie, enabling bypass without exploiting other components. The vulnerabilit...

CVE-2022-41125

CVE-2022-41125 affects Windows CNG Key Isolation Service (Windows Cryptographic Next Generation). The underlying issue is an Elevation of Privilege in that service, enabling an authenticated attacker to gain SYSTEM privileges. Patch guidance is to install the Microsoft updates for this CVE (per M...

CVE-2022-25863

The CVE concerns gatsby-plugin-mdx vulnerable to Deserialization of Untrusted Data when passing input to the gray-matter component. Affected ranges include versions before 2.14.1, from 3.0.0 up to before 3.15.2. The issue arises from default configurations that do not sanitize input, allowing unt...

CVE-2019-8255

CVE-2019-8255 affects Adobe Brackets up to version 1.14. It is a command-injection vulnerability that could allow arbitrary code execution on successful exploitation. CVSSv3.1 base score 9.8 (CRITICAL). The supplied documents do not specify a patched version or remediation steps.

CVE-2017-15944

CVE-2017-15944 affects Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6. The issue enables remote code execution via vectors involving the management/web interface, and public advisories describe a chain of bugs that can be exploited to gai...

CVE-2023-36728

CVE-2023-36728 is a Denial-of-Service vulnerability impacting Microsoft SQL Server components. Public references in the supplied documents describe DoS impact from a malformed TDS packet/login handling that can lead to unavailability or undefined behavior, as cited in the October 2023 security up...

CVE-2022-27593

Summary of CVE-2022-27593 (QNAP Photo Station): Affected product is QNAP NAS with the Photo Station app. The vulnerability is an externally controlled reference to a resource (local file inclusion) that could allow an attacker to modify system files. Fixed in multiple versions across QTS releases...

CVE-2012-5627

CVE-2012-5627 affects Oracle MySQL and MariaDB where the salt is not changed during multiple executions of the CHANGE_USER command within the same MySQL/MariaDB connection. This allows remote authenticated users to more easily brute-force passwords. Affected versions include MySQL/MariaDB: 5.5.x ...

CVE-2023-22067

CVE-2023-22067 affects Oracle Java SE CORBA and related components (Oracle Java SE: 8u381/8u381-perf; Oracle GraalVM for JDK: 17.0.x, 20.0.2; plus Hotspot-backed Java deployments). The issue allows unauthenticated network access via CORBA to compromise data integrity (unauthorized updates) and is...

CVE-2022-41328

CVE-2022-41328 (Fortinet FortiOS path traversal) : A path traversal vulnerability in Fortinet FortiOS 7.2.0–7.2.3, 7.0.0–7.0.9, and pre-6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands (CWE-22). The issue is documented across mult...

CVE-2020-9934

CVE-2020-9934 describes a local macOS/TCC bypass via environment-variable poisoning. The root issue is how tccd expands HOME/USER home paths to locate the TCC.db, enabling an attacker with local access to plant a malicious TCC database and alter an app’s entitlements (e.g., microphone/camera) wit...

CVE-2024-11320

CVE-2024-11320 affects Pandora FMS versions 700 through 777.4, where a misconfiguration in the LDAP authentication mechanism enables a command injection that can lead to remote code execution on the server. The Nuclei/NVD entries consistently describe arbitrary command execution via LDAP command ...

CVE-2024-27289

CVE-2024-27289 affects the Go pgx PostgreSQL driver. Before 4.18.2, a SQL injection can occur when using the non-default simple protocol with a minus immediately before a numeric placeholder and a second placeholder for a string on the same line, with both values user-controlled. The issue is fix...

CVE-2022-21587

CVE-2022-21587 : An unauthenticated remote code execution in Oracle Web Applications Desktop Integrator (Upload) affects Oracle E-Business Suite 12.2.3–12.2.11. The vulnerability permits network-access via HTTP to compromise the Web Apps Desktop Integrator and can lead to full takeover, with CVSS...

CVE-2021-31010

CVE-2021-31010 is a sandbox-bypass vulnerability affecting Apple platforms, reported in Core Telephony on macOS Catalina. It involves a deserialization issue that may bypass sandbox restrictions. The issue is fixed in Security Update 2021-005 Catalina (and related updates for iOS 12.5.5, iOS 14.8...

CVE-2019-11477

CVE-2019-11477 (SACK Panic) is a Linux kernel TCP vulnerability where crafted SACK blocks can trigger an integer overflow, potentially causing a kernel crash and DoS. CVE-2019-11478/11479 describe related DoS via SACK handling and low MSS. In practice, Arista discloses affected products (EOS, Clo...

CVE-2024-49738

CVE-2024-49738 is documented across multiple sources as a vulnerability in Google Android involving the function writeInplace in Parcel.cpp. The issue is described as a possible out-of-bounds write in this function, which could enable local escalation of privilege with no additional execution pri...

CVE-2024-8650

CVE-2024-8650 affects GitLab CE/EE. Versions: 15.0 up to but not including 17.4.6; 17.5 up to but not including 17.5.4; 17.6 up to but not including 17.6.2. The issue allows non-member users to view unresolved threads marked as internal notes in public project merge requests. Root cause or code-l...

CVE-2022-22980

CVE-2022-22980 is a SpEL injection flaw in Spring Data MongoDB where @Query/@Aggregation queries containing parameter placeholders can be exploited if input isn’t sanitized. Public advisories (VMware/Spring/TENABLE, IBM, Red Hat, OSV) confirm remote code execution risk and provide fixes: upgrade ...

CVE-2013-6357

CVE-2013-6357 affects the Apache Tomcat Manager application and can enable CSRF to hijack administrator sessions for actions that manipulate deployments via POST requests (notably undeploy via /manager/html/undeploy?path=). It targets Tomcat 5.5.25 and earlier. The description notes that the vend...

CVE-2024-8936

The CVE-2024-8936 issue affects Schneider Electric Modicon M340 family devices (including M340, MC80, Momentum Unity M1E) via an improper input validation in the Modbus handling. The root cause is insufficient input validation that enables a MITM scenario, after which a crafted Modbus function ca...

CVE-2023-32369

CVE-2023-32369 is a macOS SIP bypass triggered by environment-variable poisoning (PERL5OPT and BASH_ENV) that can enable arbitrary action by tampering with system processes during Migration Assistant flow. Microsoft’s writeups detail how systemmigrationd and related components can be coerced to r...

CVE-2022-25168

CVE-2022-25168 affects Apache Hadoop's FileUtil.unTar(File, File) API, which does not escape the input file name before passing it to the shell. This enables command injection. In Hadoop, this vulnerability has been identified in the InMemoryAliasMap.bootstrap transfer path (local user context), ...

CVE-2019-0221

CVE-2019-0221 affects Apache Tomcat across multiple major lines (Tomcat 9.0.0.M1–9.0.0.17, 8.5.0–8.5.39, 7.0.0–7.0.93). The underlying issue is that the SSI printenv command echoes user-provided data without escaping, enabling cross-site scripting (XSS). SSI is disabled by default and intended fo...

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

CVE-2013-2596

CVE-2013-2596 is an integer overflow in the Linux kernel’s fb_mmap implementation (fbmem.c) up to version 3.8.9. It enables a local user to map kernel memory via /dev/graphics/fb0 mmap2, gaining privileges (Motochopper demonstration). Connected advisories (e.g., CentOS RHSA-2016:0450, F5 SOL11353...

CVE-2026-40175

CVE-2026-40175 – Axios : Multiple connected sources confirm a vulnerability in Axios prior to 1.15.0 and 0.3.1 where a specific “Gadget” attack chain enables Prototype Pollution that can be escalated to Remote Code Execution or Full Cloud Compromise (e.g., via AWS IMDSv2 bypass). Public PoCs and ...

CVE-2020-13154

Zoho ManageEngine Service Plus (on-premises) before 11.1 build 11112 is affected. Affected component: getFileProtectionSettings in AjaxServlet allows low-privilege authenticated users to disclose the File Protection password. Root cause details are not expanded beyond the information Disclosure d...

CVE-2019-5736

CVE-2019-5736 affects runc as shipped in Docker before 18.09.2 and other products, enabling a container to overwrite the host runc binary via /proc/self/exe and gain host root. Root cause: file-descriptor mishandling in runc leading to command execution as root inside a container. Affected versio...

CVE-2013-4352

CVE-2013-4352 affects Apache HTTP Server (httpd) 2.4.x, specifically the mod_cache cache_storage.c: the cache_invalidate path in forward proxy caching can trigger a NULL pointer dereference, crashing the httpd and causing a Denial of Service. Public disclosures tie this to Apache httpd 2.4.6; mul...

CVE-2014-2653

CVE-2014-2653 affects the OpenSSH client (OpenSSH 6.6 and earlier). The issue is in the verify_host_key function in sshconnect.c, which allows a remote server to trigger skipping of SSHFP DNS RR checks by presenting an unacceptable HostCertificate. Public advisories across vendors (CentOS/RHEL, I...

CVE-2024-9680

CVE-2024-9680 is a use-after-free in the Animation timelines that enables code execution in the content process. Affected Mozilla products include Firefox and Thunderbird with the following vulnerable versions: Firefox < 131.0.2; Firefox ESR < 128.3.1; Firefox ESR < 115.16.1; Thunderbird...

CVE-2002-0640

CVE-2002-0640 describes a buffer overflow in sshd of OpenSSH 2.3.1 through 3.3 during challenge/response authentication when PAMAuthenticationViaKbdInt is used, which may allow remote code execution. The description specifies vulnerable OpenSSH versions and the impact as arbitrary code execution ...

CVE-2023-24488

CVE-2023-24488 is a cross-site scripting vulnerability affecting Citrix ADC and Citrix Gateway. Public data show that versions before 13.1 and the listed sub-versions (13.1-45.61, 13.0-90.11, 12.1-65.35) contain a flaw due to improper input/URL parameter validation that can cause script execution...

CVE-2022-24726

The CVE-2022-24726 entry affects Istio’s control plane (istiod) where a request processing error in the validating webhook, exposed publicly on TLS port 15017, can crash the control plane when a specially crafted message is processed. Affected versions have been patched in Istio releases 1.13.2, ...

CVE-2020-17527

CVE-2020-17527 affects multiple Apache Tomcat releases where HTTP/2 stream handling could cause information leakage by reusing an HTTP request header value from a previous stream for the next stream. Affected products/versions include Tomcat 10.0.0-M1–M9, 9.0.0-M1–9.0.39, and 8.5.0–8.5.59; the is...

CVE-2012-6095

CVE-2012-6095 affects ProFTPD prior to 1.3.5rc1. When using the UserOwner directive, a race condition with a symlink attack on the MKD or XMKD commands lets a local user modify ownership of arbitrary files. The vulnerability arises from insecure handling of temporary files during directory creati...

CVE-2024-9672

CVE-2024-9672 describes a reflected XSS in PaperCut NG/MF. The vulnerability arises in the product where a user must click a malicious link, enabling JavaScript payload execution in the victim’s browser. Concrete details available in the connected documents show the affected software (PaperCut NG...

CVE-2024-5798

CVE-2024-5798 concerns Vault and Vault Enterprise failing to properly validate the JWT aud/role-bound audience claims in the Vault JWT auth method, potentially allowing an invalid login when audience/claims don’t match. The issue is mitigated by upgrading to fixed releases: Vault 1.17.0, 1.16.3, ...

CVE-2023-36563

CVE-2023-36563 refers to a Microsoft WordPad Information Disclosure vulnerability. The connected materials confirm that exploitation could disclose NTLM hashes when a user opens a specially crafted file or if an attacker has access to the host, with signs of exploitation in the wild cited by Patc...

CVE-2022-22969

CVE-2022-22969 affects Spring Security OAuth (spring-security-oauth2) 2.5.x before 2.5.2 and older unsupported releases. The DoS arises when an attacker initiates multiple OAuth 2.0 Authorization Code Grant authorization requests in a client application, exhausting resources per session. Affected...

CVE-2021-38148

Obsidian up to version 0.12.11 does not require user confirmation for non-http/https URLs, per CVE-2021-38148. The root cause is a missing user consent check when handling non-http/https links, which can lead to unintended navigation or loading of external content. The CVSS data indicates high im...

CVE-2020-28599

OpenSCAD vulnerability CVE-2020-28599 exists in openscad-2020.12-RC2 due to a stack-based overflow in import_stl.cpp when parsing STL files; a crafted STL can lead to code execution. Publicly documented impact and patches indicate upgrading to OpenSCAD 2021.01 or newer (e.g., as per GLSA/Mageia a...

CVE-2023-32439

CVE-2023-32439 is a type confusion vulnerability in Apple’s WebKit used by iOS, iPadOS, macOS and Safari. The issue allows arbitrary code execution when processing malicious web content and is fixed in iOS 16.5.1/iPadOS 16.5.1, iOS 15.7.7/iPadOS 15.7.7, macOS Ventura 13.4.1, and Safari 16.5.1. Ea...

CVE-2023-2455

CVE-2023-2455 describes a vulnerability in PostgreSQL row-level security where policies can be misapplied when a query plan is reused across different roles (e.g., security definer, or a common user plan executed under multiple SET ROLEs). The issue arises when policy evaluation depends on the in...

CVE-2022-0337

CVE-2022-0337 is an information-disclosure vulnerability in Chrome’s File System Access API (window.showSaveFilePicker) caused by an inappropriate implementation. It affects Google Chrome on Windows prior to 97.0.4692.71 (and related Chromium-based browsers). Connected documents confirm that a cr...