CVE-2022-22739

CVE-2022-22739 describes a vulnerability where malicious websites could lure users into launching a program to handle an external URL protocol. Public references in the provided documents indicate affected products are Mozilla Firefox (Firefox ESR < 91.5, Firefox < 96) and Thunderbird (

CVE-2022-31023

CVE-2022-31023 affects Play Framework prior to 2.8.16. The issue arises when verbose error pages are shown in production due to DefaultHttpErrorHandler being used or misconfigured, potentially exposing sensitive information via exception stacks in error messages. The problem is rooted in how Play...

CVE-2022-25315

CVE-2022-25315 affects libexpat (Expat) with an integer overflow in storeRawNames in versions before 2.4.5. Public sources (e.g., AlmaLinux ALAS2-2022-1779, AlmaLinux ALSA-2022-7811, CentOS/Red Hat advisories) indicate the issue has been addressed in later expat releases (upgrades to 2.4.5+; 2.4....

CVE-2017-14226

CVE-2017-14226 affects libwpd 0.10.1, where WP1/WP5/WP42StylesListener implementations mishandle iterators, causing a heap-based buffer over-read in WPXTable.cpp (WPXTableList) that can enable remote denial of service against LibreOffice apps prior to 5.3.7. Public reports across multiple distrib...

CVE-2023-46136

CVE-2023-46136 affects Werkzeug (WSGI library). A crafted multipart upload starting with CR/LF followed by many data bytes can cause the parser to append to an internal buffer and exhaust CPU, leading to DoS. This has been patched in version 3.0.1. IBM/PowerVC and QRadar bulletins referencing the...

CVE-2023-4068

CVE-2023-4068: Type Confusion in V8 affects Chromium/Google Chrome; vulnerable component is V8, leading to remote arbitrary read/write via crafted HTML pages. Root cause: type confusion. Impact per sources: high; exploit details not provided. Remediation: upgrade Chromium/Chrome to 115.0.5790.170...

CVE-2022-32964

CVE-2022-32964 involves OMICARD EDM where the API function has insufficient input validation, enabling an unauthenticated remote attacker to inject arbitrary SQL commands. The impact, as stated, includes access, modification, deletion of database data, or disruption of service, with confidentiali...

CVE-2022-21426

CVE-2022-21426 affects Oracle Java SE and GraalVM Enterprise Edition, with vulnerable components in Java SE (JAXP, Libraries, Serialization) and GraalVM CE surface. Public advisories list affected versions including Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 and GraalVM CE: 20.3.5, 21.3.1,...

CVE-2018-1000828

CVE-2018-1000828 affects FrostWire desktop, version

CVE-2018-7536

CVE-2018-7536 affects Django: vulnerable in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The issue is a denial-of-service caused by catastrophic backtracking in two regular expressions used by django.utils.html.urlize() (one regex in 1.8.x). The urlize() function underpins...

CVE-2016-8864

CVE-2016-8864 affects ISC BIND DNS server. A denial-of-service can be triggered by processing responses containing a DNAME answer in db.c/resolver.c during recursive queries, causing an assertion failure and named exit. Affected are BIND 9.x releases listed in the advisory (pre-9.9.9-P4, pre-9.10...

CVE-2015-0240

The CVE-2015-0240 issue affects the Samba smbd Netlogon code and allows remote code execution via crafted Netlogon packets using the ServerPasswordSet RPC. Affected Samba versions: 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5, due to an uninit...

CVE-2025-0411

CVE-2025-0411 — 7-Zip MoTW bypass : Multiple connected documents confirm a local-vector vulnerability where double-nested archives fail to propagate the Mark-of-the-Web to extracted files, allowing a crafted archive to execute arbitrary code in the user’s context after interaction (opening/extrac...

CVE-2024-35255

CVE-2024-35255 is an elevation-of-privilege vulnerability described as a race-condition issue in Azure Identity Libraries and Microsoft Authentication Library. IBM’s security bulletin for IBM Cloud Pak for AIOps lists CVE-2024-35255 with a base score of 5.5 (CVSS 3.0) and CWE-362, affecting IBM R...

CVE-2023-4504

CVE-2023-4504 affects the OpenPrinting CUPS stack and its libppd component, caused by a failure to validate the length of an attacker-crafted PPD PostScript document. This leads to a heap-based buffer overflow, with potential for code execution as described in the fixed release notes. The vulnera...

CVE-2022-30065

CVE-2022-30065 concerns a use-after-free in the Busybox 1.35-x awk applet, due to a flaw in the copyvar function that can trigger denial of service and potentially code execution when processing a crafted awk pattern. Public details consistently name Busybox as affected and describe the issue as ...

CVE-2021-37714

CVE-2021-37714 affects jsoup (Java HTML parser) versions prior to 1.14.2. When parsing untrusted HTML/XML, the parser may loop, slow down, or throw exceptions, enabling a denial-of-service condition. A fix is available in jsoup 1.14.2. Workarounds include rate-limiting parsing input, capping inpu...

CVE-2020-13936

CVE-2020-13936 affects Apache Velocity, where modifying Velocity templates can bypass the sandbox and allow remote code execution with the container’s privileges. Engine versions affected include up to 2.2; IBM and related advisories flag this as a Velocity sandbox bypass leading to arbitrary cod...

CVE-2020-14789

CVE-2020-14789 affects Oracle MySQL Server (component: Server: FTS). Vulnerability details in connected advisories show it impacts MySQL 5.7.31 and prior and 8.0.21 and prior, with an attacker having network access via multiple protocols and high privileges able to cause a hang or crash (DoS) of ...

CVE-2019-13345

CVE-2019-13345 : XSS in the cachemgr.cgi web module of Squid through 4.7, exploitable via the user_name or auth parameter. Connected advisories confirm multiple distributions issue fixes and recommended upgrades (e.g., Debian DSA-4507, CentOS/RHEL advisories, ALAS-2 entries). The exposure is limi...

CVE-2010-4652

ProFTPD (with mod_sql) is affected by CVE-2010-4652: a heap-based buffer overflow in sql_prepare_where in contrib/mod_sql.c can be triggered by a crafted username containing substitution tags, leading to a crash or potential arbitrary code execution. The issue is in ProFTPD versions prior to 1.3....

CVE-2025-55752

CVE-2025-55752 describes a Relative Path Traversal in Apache Tomcat introduced by a fix for bug 60013, allowing manipulation of the request URI to bypass protections for /WEB-INF/ and /META-INF/ and, if PUTs are enabled, potentially upload of malicious files leading to remote code execution. Affe...

CVE-2025-32463

CVE-2025-32463 affects the sudo utility prior to 1.9.17p1. The vulnerability arises when /etc/nsswitch.conf is sourced from a user-controlled directory via the --chroot option, enabling local users to obtain root access. Connected sources also describe related behavior where a sudoers entry that ...

CVE-2023-20900

CVE-2023-20900 is a vulnerability in Open VMware Tools (open-vm-tools) where a malicious actor with Guest Operation Privileges may elevate to a higher privilege via a more-privileged Guest Alias in the VM. The connected documents confirm Open VM Tools is affected and describe a SAML token signatu...

CVE-2022-29912

The CVE-2022-29912 issue concerns the handling of SameSite cookies in reader mode. Affected products include Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox

CVE-2022-26655

CVE-2022-26655 affects Pexip Infinity 27.x prior to 27.3, where improper input validation in the client API allows remote attackers to trigger a software abort via a gateway call into Teams. Affected product/component: Pexip Infinity (27.x line). Root cause: input validation flaw in the client AP...

CVE-2019-5436

CVE-2019-5436 affects curl/libcurl with a heap buffer overflow in the TFTP receiving code (tftp_receive_packet). Exploitation can lead to DoS or arbitrary code execution. Upstream fix released in curl 7.65.0; advisories from CentOS, Arch Linux, Debian, and others document the vulnerability and re...

CVE-2024-10979

CVE-2024-10979 affects PostgreSQL PL/Perl: incorrect control of environment variables (e.g., PATH) by an unprivileged database user can enable arbitrary code execution. Affected PostgreSQL versions include pre-17.1, pre-16.5, pre-15.9, pre-14.14, pre-13.17, and pre-12.21. Remediation is via vendo...

CVE-2024-37341

CVE-2024-37341 is a Microsoft SQL Server Elevation of Privilege vulnerability. Connected docs confirm the issue affects SQL Server components and was patched via KB5046062 (security update for SQL Server 2016 SP3 Azure Connect Feature Pack). The update lists SQL Server builds such as SQLServer201...

CVE-2024-35091

CVE-2024-35091 affects J2EEFAST v2.7.0 via SysTenantMapper.xml findPage, where missing input-validation enables SQL injection. Root cause: lack of external-input SQL validation in the findPage function. Impact: potential exposure of sensitive database data; CVSS v3.1 base score 9.8 (NETWORK, HIGH...

CVE-2024-26590

Summary (CVE-2024-26590) : In the Linux kernel, the EROFS filesystem’s per-file compression format handling could become inconsistent when a crafted image uses an algorithm type not listed in sbi->available_compr_algs. This could trigger a NULL pointer dereference if the corresponding decompre...

CVE-2022-0336

Samba AD DC CVE-2022-0336: SPN checks can be bypassed when re-adding a previously present SPN, enabling a write-enabled attacker to impersonate services or cause DoS by matching an existing SPN. Some advisories note no patch for certain releases (e.g., Samba 4.12.5-7), while others indicate an up...

CVE-2022-33980

CVE-2022-33980 affects Apache Commons Configuration (versions 2.4–2.7). The vulnerability arises in the default interpolation lookups, where interpolation of the form ${prefix:name} can trigger lookups such as script , dns , and url . These lookups could enable arbitrary code execution or contact...

CVE-2021-45463

GEGL load_cache in GEGL before 0.4.34 allows shell expansion via a crafted path in a constructed command, caused by using the system() execution path in magick-load. This can lead to arbitrary command execution or impact availability/integrity depending on the environment; reports reference vulne...

CVE-2021-3672

CVE-2021-3672 affects the c-ares library. A missing input validation check for host names returned by DNS can lead to domain hijacking, impacting confidentiality, integrity, and availability. Connected documents confirm this across multiple vendors/distributions (Astra Linux, AlmaLinux, Red Hat a...

CVE-2019-2737

CVE-2019-2737 affects the MySQL Server component (subcomponent Pluggable Auth) of Oracle MySQL. Affected versions are 5.6.44 and prior, 5.7.26 and prior, and 8.0.16 and prior. An attacker with network access via multiple protocols and high privileges can cause the server to hang or crash (availab...

CVE-2025-27591

CVE-2025-27591 – Below privilege escalation : Prior to v0.9.0, the Below service creates a world-writable directory at /var/log/below and writes a world-writable log file, enabling local unprivileged users to perform a symlink attack (e.g., replacing error_root.log with a link to /etc/passwd). Th...

CVE-2023-43786

CVE-2023-43786 affects libX11 with an infinite loop in PutSubImage(), enabling local denial of service via resource exhaustion. Public advisories show fixes across libX11 packages (e.g., newer libX11 1.6.7-era releases in AL/AlmaLinux advisories). No explicit exploit details are provided in the c...

CVE-2023-36794

CVE-2023-36794 is a Visual Studio/.NET remote code execution vulnerability. Affects Windows applications using Microsoft.DiaSymReader.Native.amd64.dll when reading corrupted PDB files, potentially enabling code execution. Affected: .NET 6.0 and .NET 7.0 runtimes and Visual Studio environments; pa...

CVE-2022-22742

CVE-2022-22742 is confirmed in connected records as an out-of-bounds memory access in Firefox/Thunderbird when inserting text in edit mode. Affected products include Firefox ESR < 91.5, Firefox < 96, and Thunderbird

CVE-2019-14901

CVE-2019-14901 is a heap overflow in the Marvell WiFi driver (mwifiex) of the Linux kernel, affecting all 3.x/4.x prior to 4.18.0. It can allow a remote attacker to crash the system (DoS) or potentially execute code with root privileges, impacting confidentiality and integrity. Public advisories ...

CVE-2019-2698

CVE-2019-2698 affects Oracle Java SE (subcomponent 2D) with affected Java SE versions 7u211 and 8u202; exploitation could allow takeover of Java SE via network access without authentication. CVSSv3.1 base score 8.1. Affected openjdk/openjdk-based packages (e.g., java-1.8.0-openjdk) and Oracle Jav...

CVE-2023-36796

CVE-2023-36796 is a .NET Framework RCE vulnerability in DiaSymReader.dll triggered when reading a corrupted PDB file. It affects .NET Framework 3.5 and 4.8.1 on Windows Server/Windows OS configurations described in KB5029918. Mitigation: apply the corresponding cumulative update (KB5029918) or th...

CVE-2023-28433

MinIO on Windows is affected by a privilege-escalation issue where the product fails to filter the backslash () character, enabling an attacker with low privileges (e.g., a limited PutObject key) to place objects across buckets and create an admin user. The concrete root cause is path separator h...

CVE-2022-22737

The CVE-2022-22737 entry is supported by connected advisories showing a race condition in constructing audio sinks that can lead to a use-after-free and potentially exploitable crash in Mozilla Firefox ESR < 91.5, Firefox < 96, and Thunderbird

CVE-2021-25217

CVE-2021-25217 affects ISC DHCP (DHCP client/server) across multiple branches (notably 4.1-ESV-R16, 4.4.0–4.4.2; other 4.0/4.3 may be affected but untested). The vulnerability is a stack-based buffer overrun in parsing statements with colon-separated hex digits in config or lease files, potential...

CVE-2018-0734

CVE-2018-0734 (OpenSSL) describes a timing side-channel in the DSA signature algorithm that could enable private key recovery. The initial entry notes fixes in OpenSSL releases 1.1.1a (and 1.1.0j, 1.0.2q) for affected branches. Connected advisories (CloudLinux, Arch Linux, Amazon/Linux distributi...

CVE-2017-3735

OpenSSL vulnerability CVE-2017-3735: Parsing of an X.509 IPAddressFamily extension can trigger a one-byte overread, leading to erroneous certificate text display. Affects OpenSSL in all versions prior to 1.0.2m and 1.1.0g, with the issue present since 2006. The initial description indicates this ...

CVE-2016-9840

CVE-2016-9840 affects zlib 1.2.8 in inftrees.c where improper pointer arithmetic can lead to out-of-bounds memory handling. Connected advisories show related issues in the same zlib code path (CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) and describe potential crash or arbitrary-code outcomes in ...

CVE-2025-41115

CVE-2025-41115 affects Grafana Enterprise/Cloud SCIM provisioning in Grafana 12.x+ when enableSCIM is true and user_sync_enabled is enabled. A vulnerability in user identity handling allows a malicious SCIM client to provision a user with a numeric externalId, potentially overriding internal user...