CVE-2018-0735

CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...

CVE-2018-1000807

CVE-2018-1000807 concerns Python-pyOpenSSL before 17.5.0, with a CWE-416 Use-After-Free in X509 object handling that can lead to denial of service or remote code execution. The vulnerability is reported as fixed in 17.5.0. Connected sources (SUSE-SU-2024:1626-1; SUSE-SU-2024:3749-1; OSV entries) ...

CVE-2018-1115

CVE-2018-1115 affects PostgreSQL deployments using the adminpack extension, where pg_catalog.pg_logfile_rotate() does not enforce the same ACLs as pg_rotate_logfile. This could allow an attacker who can connect to a database with adminpack loaded to trigger log rotation, bypassing intended access...

CVE-2023-38133

CVE-2023-38133 affects WebKit/WebKitGTK components and is documented across multiple advisories. The issue involves processing web content that may disclose sensitive information. Fixes are implemented in Apple platforms (iOS 15.7.8 / 16.6, iPadOS 15.7.8 / 16.6, tvOS 16.6, watchOS 9.6, macOS Vent...

CVE-2022-26387

The CVE-2022-26387 issue is a Mozilla add-on verification weakness. A time-of-check/time-of-use (TOCTOU) bug could allow the add-on file to be altered after Firefox/Thunderbird signatures were checked but before user confirmation, leaving the user exposed. Affected products and versions per conne...

CVE-2022-29081

CVE-2022-29081 affects Zoho ManageEngine products: Access Manager Plus (before 4302), Password Manager Pro (before 12007), and PAM360 (before 5401). The issue is an access-control bypass on certain REST API endpoints (SSOutAction, SSLAction, LicenseMgr, GetProductDetails, GetDashboard, FetchEvent...

CVE-2020-15522

CVE-2020-15522 affects Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2/1.0.2.1, and BC-FNA before 1.0.1.1. The issue is a timing side-channel in the EC math library that can reveal information about a private key when an attacker observes timing across multiple d...

CVE-2021-23337

CVE-2021-23337 (Lodash) affects Lodash versions prior to 4.17.21, vulnerable to Command Injection via the template function. Affected component: lodash.template; root cause: unsafe template evaluation. Impact per document: potential code execution with privileges of the running environment. Mitig...

CVE-2018-12207

CVE-2018-12207 describes an issue where improper invalidation of page-table updates by a privileged guest can cause a Denial of Service on the host on Intel processors. The vulnerability stems from how the guest VM handles translations in the MMU/TLB when paging structures change, potentially exp...

CVE-2019-6974

CVE-2019-6974 affects the Linux kernel KVM subsystem: a race in kvm_ioctl_create_device() mishandles reference counting, enabling a local user with access to /dev/kvm to cause a use-after-free, potentially crashing the guest or escalating privileges. The issue is fixed in kernel 4.20.8 and relate...

CVE-2005-2258

CVE-2005-2258 describes a remote file inclusion vulnerability in the Squito Gallery 1.33 product, specifically in the photolist.inc.php component. The underlying issue is a vulnerability in the photoroot parameter that allows an attacker to execute arbitrary code on the server. Affected software ...

CVE-2002-0482

PCI Netsupport Manager (before v7) is affected by a directory traversal vulnerability in web extensions that allows an attacker to read arbitrary files via .. in an HTTP GET request. The issue arises from insufficient validation of path input in the web extension context, enabling access to files...

CVE-2025-37727

CVE-2025-37727 affects Elasticsearch. The vulnerability involves insertion of sensitive information into log files when auditing requests to the reindex API, potentially leading to confidentiality loss under specific preconditions. The CVSS 3.1 score is 5.7 (Medium) with attack vector Adjacent, c...

CVE-2025-22224

CVE-2025-22224 refers to a TOCTOU race condition in VMware ESXi/Workstation that can cause an out-of-bounds write. IBM’s security bulletin ties this to Broadcom VMware ESXi vulnerabilities and details that a local admin within a VM can exploit the vulnerability to run code in the host’s VMX proce...

CVE-2018-9379

The CVE-2018-9379 issue affects the Media framework component MiniThumbFile.java on Google Pixel/Nexus devices. Description from multiple sources states a confused-deputy path could allow viewing thumbnails of deleted photos, causing local information disclosure without additional privileges and ...

CVE-2023-22490

Git prior to 2.39.4–2.39.4 etc. versions 2.30.8–2.39.2 (and 2.31.7, 2.32.6, 2.33.7, 2.34.7, 2.35.7, 2.36.5, 2.37.6, 2.38.4, 2.39.2) can be tricked via local clone optimization when cloning from a non-local transport, allowing potential data exfiltration through manipulating the $GIT_DIR/objects p...

CVE-2021-2388

CVE-2021-2388 affects Java SE Hotspot and GraalVM Enterprise Edition across several versions (Java SE 8u291, 11.0.11, 16.0.1; GraalVM EE 20.3.2, 21.1.0) and is exploitable via network access with multistream protocols; attacks require user interaction. Multiple connected advisories confirm affect...

CVE-2020-28018

Exim 4 before 4.94.2 is affected by a Use-After-Free in smtp_reset when TLS/OpenSSL is in use, enabling remote code execution via crafted TLS/SMTP sequences. The flaw centers on a freed gstring buffer in tls_write(), which can be referenced after smtp_reset frees pool memory, potentially leaking ...

CVE-2018-1336

CVE-2018-1336 applies to Apache Tomcat . It is caused by an overflow in the UTF-8 decoder when handling supplementary characters, which can trigger an infinite loop and cause a Denial of Service. Affected software ranges include Tomcat 9.0.0.M9–9.0.7, 8.5.0–8.5.30, 8.0.0.RC1–8.0.51, and 7.0.28–7....

CVE-2004-2320

Technical details for CVE-2004-2320 are not publicly available in the provided documents. Monitor for updates from official advisories.

CVE-2025-53803

CVE-2025-53803 affects the Windows Kernel. Reported as: error message generation could disclose sensitive information to an authorized local attacker. According to the available connected sources, the vulnerability is categorized under Windows Kernel with a documented impact of accessing sensitiv...

CVE-2025-29923

CVE-2025-29923 affects the Go Redis client library (go-redis). Prior to versions 9.5.5, 9.6.3, and 9.7.3, the client may return out-of-order responses when a timeout occurs during the CLIENT SETINFO phase at connection establishment, especially if identity transmission is enabled or timeouts are ...

CVE-2024-34156

CVE-2024-34156 affects Go’s Decoder.Decode when processing messages with deeply nested structures, leading to a panic from stack exhaustion. The issue is tied to the Go standard library (golang) and has been discussed in Go-related advisories and public postings (e.g., the follow-up to CVE-2022-3...

CVE-2021-46938

CVE-2021-46938 affects the Linux kernel in the device-mapper (dm-mq) path for request-based mapped devices. When loading a device-mapper table, if the allocation/initialization of blk_mq_tag_set for the device fails, a subsequent dev_remove can trigger a double free during cleanup because the poi...

CVE-2024-22195

CVE-2024-22195 affects Jinja2: the xmlattr filter can accept keys/values that bypass escaping, enabling possible XSS via HTML attribute injection. Public notes show affected packages including python-jinja2 and jinja2, with fixes in 3.1.4 (e.g., Astra Linux entry indicates 3.1.4 as the patch). De...

CVE-2023-36799

CVE-2023-36799 is a Denial of Service vulnerability in .NET Core/Visual Studio using .NET Kestrel that could be triggered remotely via crafted content, with an in-wild impact described as availability loss (I: High) and no confidentiality or integrity impact per the CVSS vector. Public advisories...

CVE-2023-29402

CVE-2023-29402 affects the golang package; the root cause is the go command generating unexpected code at build time when using cgo, occurring especially with untrusted modules whose directories contain newline characters in their names. The impact is outlined as potential unexpected behavior in ...

CVE-2023-25193

CVE-2023-25193 affects HarfBuzz up to 6.0.0, where hb-ot-layout-gsubgpos.hh can trigger O(n^2) growth by consecutive marks when looking back for base glyphs during mark attachment. Public references in the provided documents confirm the vulnerability and its association with HarfBuzz, but no expl...

CVE-2022-40897

CVE-2022-40897 affects Python setuptools (PyPA) prior to 65.5.1, enabling a Regular Expression Denial of Service (ReDoS) via HTML in crafted PackageIndex content (package_index.py). Affected component is setuptools; impact is DoS with potential availability disruption. Remediation shown across mu...

CVE-2022-29847

CVE-2022-29847 affects Progress IPSWITCH WhatsUp Gold versions 21.0.0–21.1.1 and 22.0.0. An unauthenticated attacker can invoke an API transaction to relay encrypted WhatsUp Gold user credentials to an arbitrary host. Impact: credential exposure via API, enabling unauthorized access. Exploitation...

CVE-2019-19501

VeraCrypt 1.24 is affected by a Local Privilege Escalation via VeraCryptExpander.exe. The issue arises when an elevated process opens a browser homepage, enabling an attacker with limited admin privileges to hijack registry keys in HKCU (for multiple browsers) and run a malicious script, ultimate...

CVE-2019-16519

CVE-2019-16519 affects ESET Cyber Security 6.7.900.0 for macOS. The vulnerability arises from abusing an undocumented feature in scheduled tasks, enabling a local attacker to execute unauthorized commands as root. The description is repeated across NVD and multiple vendor/ national vulnerability ...

CVE-2015-4599

CVE-2015-4599 affects PHP’s SoapFault::__toString in ext/soap/soap.c. The issue arises from a type confusion when processing unexpected data types, enabling remote attackers to obtain sensitive information, trigger a denial of service (application crash), or possibly execute arbitrary code. Affec...

CVE-2023-36742

Microsoft Visual Studio Code is affected by CVE-2023-36742 through vulnerable pre-1.82.1 builds. Connected documents describe a remote code execution scenario in VS Code where a user must open a malicious project; a crafted dependencies entry in package.json causes npm to execute scripts locally,...

CVE-2023-28260

CVE-2023-28260 is a .NET DLL Hijacking remote code execution vulnerability. The connected sources identify affected software as .NET 6.0 and .NET 7.0 runtimes/applications, with exploitation arising when a runtime DLL is loaded from an unexpected location. Affected versions include .NET 7.0 up to...

CVE-2022-22668

CVE-2022-22668 affects Apple's platforms, describing a logic issue that could allow a malicious app to leak sensitive user information. According to the primary description, the vulnerability is fixed in iOS 15.4, iPadOS 15.4, and macOS Monterey 12.3, indicating a platform-wide fix in these versi...

CVE-2021-3450

CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...

CVE-2020-15257

The CVE describes a privilege-escalation issue in containerd where access controls on the shim API socket allowed a container in the same network namespace to run new processes with elevated privileges. Affected releases are containerd before 1.3.9 and before 1.4.3; the vulnerability stems from e...

CVE-2019-2805

CVE-2019-2805 affects the MySQL/MariaDB Server parser (and related Server components). Affected versions include MySQL/MariaDB 5.6.44 and earlier, 5.7.26 and earlier, and 8.0.16 and earlier. It is exploitable over the network and can cause the MySQL Server to hang or crash (DoS). Multiple connect...

CVE-2019-12614

CVE-2019-12614 affects Linux kernels up to 5.1.6 in the PowerPC pseries dlpar.c: a NULL pointer dereference triggered by unchecked kstrdup of prop->name can allow a local attacker to crash the system via a crafted request. The issue is confirmed in the initial description and corroborated by c...

CVE-2018-8034

CVE-2018-8034 concerns missing host name verification over TLS in the WebSocket client of Apache Tomcat. The issue affects multiple Tomcat branches and versions (7.0.35–7.0.88, 8.0.0.RC1–8.0.52, 8.5.0–8.5.31, 9.0.0.M1–9.0.9). Impact: an attacker on the local network could bypass host name verific...

CVE-2021-46917

CVE-2021-46917 is a Linux kernel vulnerability tied to the dmaengine: idxd subsystem. The issue stems from a pre-release silicon erratum workaround where a wq reset did not clear WQCFG registers, leaking into upstream code and risking clobbering registers on future devices. The documented fix rep...

CVE-2023-22026

CVE-2023-22026 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 5.7.42 and prior and 8.0.31 and prior. Attackers with network access via multiple protocols can exploit this to cause a hang or repeatedly crash the MySQL Server (availability impact). CVSS v3.1 base ...

CVE-2022-30034

Flower, the web UI for the Celery Python RPC framework, is affected by CVE-2022-30034 via an OAuth authentication bypass. All versions as of 2022-05-02 are vulnerable, potentially allowing an attacker to access the Flower API, discover and invoke arbitrary Celery RPC calls, or cause a denial of s...

CVE-2022-29848

CVE-2022-29848 affects Progress WhatsUp Gold 17.0.0–21.1.1 and 22.0.0. An authenticated user can invoke an API transaction that enables reading sensitive operating-system attributes from a host accessible by the WhatsUp Gold system. The Red Hat, CVE, and related references corroborate the issue a...

CVE-2022-0435

CVE-2022-0435 is a Linux kernel TIPc stack overflow issue. The vulnerability occurs in TIPc domain record handling when a peer sends a domain with more than 64 members, enabling a remote attacker with access to the TIPc network to crash the system and potentially escalate privileges. Connected ad...

CVE-2020-28469

CVE-2020-28469 affects the glob-parent package prior to v5.1.2. The flaw arises from the enclosure-regex used to validate strings ending in an enclosure that contains a path separator. The described effect is a Regular Expression Denial of Service (ReDoS) scenario. Affected software/component: gl...

CVE-2016-1000027

CVE-2016-1000027 involves remote code execution in Pivotal Spring Framework when deserializing untrusted data. Connected sources specify impact up to Spring Framework 5.3.16 (RCE via Java deserialization) and note that the vendor discourages untrusted-deserialization usage. Remediation guidance i...

CVE-2018-12130

CVE-2018-12130 : Microarchitectural Fill Buffer Data Sampling (MFBDS). Some Intel CPUs using speculative execution may leak information via fill buffers to a local attacker. Publicly referenced documents describe mitigations including microcode updates and OS/kernel mitigations (e.g., TSX/related...

CVE-2018-0886

CVE-2018-0886 denotes a CredSSP remote code execution vulnerability in Windows authentication flows (Credential Security Support Provider protocol). The core issue is how CredSSP validates requests during authentication, enabling potential code execution via an RDP-related interaction. Public adv...