CVE-2022-22738

The CVE-2022-22738 entry concerns a heap-buffer-overflow caused by applying a CSS filter, potentially exploitable via memory corruption. Affected products are Mozilla Firefox/Thunderbird: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

CVE-2022-23648

CVE-2022-23648 affects containerd’s CRI implementation on Linux where specially-crafted image configurations could allow reading read-only copies of arbitrary host files and directories, potentially bypassing policy enforcement. The issue was fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users s...

CVE-2024-35255

CVE-2024-35255 is an elevation-of-privilege vulnerability described as a race-condition issue in Azure Identity Libraries and Microsoft Authentication Library. IBM’s security bulletin for IBM Cloud Pak for AIOps lists CVE-2024-35255 with a base score of 5.5 (CVSS 3.0) and CWE-362, affecting IBM R...

CVE-2023-6549

CVE-2023-6549 : A memory-buffer boundary violation in Citrix NetScaler ADC and NetScaler Gateway allows unauthenticated denial of service and an out-of-bounds memory read when the appliance is configured as a gateway or AAA virtual server. Affected versions include NetScaler ADC/Gateway 14.1 befo...

CVE-2023-44981

CVE-2023-44981 (Apache ZooKeeper) : Authorization bypass through a user-controlled SASL ID when quorum peer authentication is enabled (quorum.auth.enableSasl=true). If the instance part of the SASL ID is missing (e.g., [email protected]), authorization checks are skipped, allowing an arbitrary endp...

CVE-2023-28433

MinIO on Windows is affected by a privilege-escalation issue where the product fails to filter the backslash () character, enabling an attacker with low privileges (e.g., a limited PutObject key) to place objects across buckets and create an admin user. The concrete root cause is path separator h...

CVE-2021-4238

CVE-2021-4238 affects Masterminds GoUtils used in various IBM Cloud Pak components and Go projects. Root cause: RandomAlphaNumeric and CryptoRandomAlphaNumeric generate short strings with insufficient entropy, always including at least one digit. Reported impact: potential leakage of sensitive in...

CVE-2022-22754

CVE-2022-22754: Affects Firefox <97, Thunderbird <91.6, and Firefox ESR

CVE-2022-30618

The CVE-2022-30618 entry describes a vulnerability in Strapi where an authenticated user with access to the Strapi admin panel can view private data (e.g., email, password reset tokens) of API users when content types have relationships to API users (from: users-permissions). The leak occurs in J...

CVE-2020-3345

Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2020-3345, an HTML injection vulnerability rooted in improper parameter validation on web pages. An unauthenticated, remote attacker can entice a user to follow a crafted link that injects HTML into an affected parameter, enabling...

CVE-2013-1813

CVE-2013-1813 affects BusyBox where util-linux/mdev.c creates intermediate /dev/ directories with 0777 permissions when nesting (/dev/dir1/dir2/...), allowing local users to exploit the improper permission handling. The linked Nessus/OpenVAS entries (e.g., MiracleLinux AXSA advisory referencing B...

CVE-2011-4451

WikkaWiki 1.3.1 and 1.3.2 are affected by a remote PHP code injection vulnerability in the spam-logging path when spam_logging is enabled. The issue allows an attacker to supply PHP code via the User-Agent header in addcomment requests to write to the spamlog_path file. Vendor disputes this issue...

CVE-2008-0075

CVE-2008-0075 is an IIS remote code execution vulnerability in Microsoft Internet Information Services 5.1–6.0, caused by a buffer overflow when handling HTML-encoded ASP pages. An attacker could pass crafted input to ASP pages to execute arbitrary code on the target, with the Worker Process Iden...

CVE-2025-41115

CVE-2025-41115 affects Grafana Enterprise/Cloud SCIM provisioning in Grafana 12.x+ when enableSCIM is true and user_sync_enabled is enabled. A vulnerability in user identity handling allows a malicious SCIM client to provision a user with a numeric externalId, potentially overriding internal user...

CVE-2018-9375

CVE-2018-9375 affects Google Android’s UserDictionaryProvider.java, enabling a confused deputy to add/delete words in the user dictionary and cause local privilege escalation without extra execution privileges. Public sources (Android Pixel/Nexus bulletin) list this as a local, low-ex Complexity ...

CVE-2024-37341

CVE-2024-37341 is a Microsoft SQL Server Elevation of Privilege vulnerability. Connected docs confirm the issue affects SQL Server components and was patched via KB5046062 (security update for SQL Server 2016 SP3 Azure Connect Feature Pack). The update lists SQL Server builds such as SQLServer201...

CVE-2023-6378

CVE-2023-6378 involves a serialization vulnerability in the logback receiver component of logback version 1.4.11 that allows an attacker to mount a Denial-of-Service by sending poisoned data. The published entries consistently describe a DoS impact without other confidentiality or integrity effec...

CVE-2023-38162

Technical details for CVE-2023-38162 are not publicly available in the provided documents. Monitor for updates.

CVE-2023-1579

CVE-2023-1579 is a heap-based buffer overflow in GNU binutils’ binutils-gdb/bfd/libbfd.c (function bfd_getl64 ). The connected documents confirm this is triggered when processing input, enabling a potential local attacker to cause a crash or execute arbitrary code, as reflected by the CVSS vector...

CVE-2022-24823

CVE-2022-24823 affects Netty’s io.netty:netty-codec-http prior to 4.1.77.Final, describing an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders handle uploads and temporary disk storage is enabled, local information can be disclosed via the system temporary directory. This affe...

CVE-2020-7061

CVE-2020-7061 is a PHP issue: when PHP 7.3.x below 7.3.15 and 7.4.x below 7.4.3 extract PHAR files on Windows using the phar extension, one byte could read past the allocated buffer, potentially enabling information disclosure or a crash. Public documentation consistently ties this to PHAR extrac...

CVE-2023-27113

CVE-2023-27113 affects pearProjectApi v2.8.10, with a SQL injection vulnerability in project.php reachable via the organizationCode parameter. The issue’s root cause is a SQL injection in that parameter, exposing potential impacts to confidentiality, integrity, and availability as reflected by CV...

CVE-2024-40711

CVE-2024-40711 is a deserialization vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. The CVE is supported by multiple sources and exploit activity: PoCs and reported in the wild (AVLEONOV) with references to ransomware groups; CISA KEV and CISA Known ...

CVE-2024-3651

CVE-2024-3651 affects the kjd/idna Python package (python-idna) and specifically the idna.encode() path in version 3.6. The issue arises when processing crafted input strings, causing quadratic growth in CPU load and resulting in a denial of service. Connected sources (Astra Linux, CIRCL, CBLMari...

CVE-2023-36730

CVE-2023-36730 affects the Microsoft SQL Server ODBC Driver. The vulnerability is described as a Remote Code Execution issue in the ODBC Driver component; root cause details are not explicitly provided in the documents beyond the vulnerability family. Microsoft’s October 2023 security updates (KB...

CVE-2023-43785

CVE-2023-43785 affects libX11 with a boundary condition in _XkbReadKeySyms(), allowing a local user to trigger an out-of-bounds read of memory. The issue is documented across multiple advisories (Red Hat, AlmaLinux, Ubuntu Cloud Foundry USN) with related fixes in libX11; exploitation details are ...

CVE-2023-2975

OpenSSL’s AES-SIV implementation has a bug where empty associated data is not authenticated, potentially allowing misordering/removal of empty AD entries. The issue is CVE-2023-2975. Multiple advisories (AlmaLinux ALAS2023-2023-306 and Broadcom/Brocade updates) confirm patches are available; reme...

CVE-2023-21704

CVE-2023-21704 is a vulnerability in the Microsoft ODBC Driver for SQL Server that enables remote code execution. Microsoft’s security update KB5021126 addresses CVE-2023-21704 as part of a CU/patch bundle, updating the ODBC driver component used by SQL Server connectivity. The documented impact ...

CVE-2021-33624

CVE-2021-33624 affects the Linux kernel prior to 5.12.13, where the eBPF verifier in kernel/bpf/verifier.c could mispredict branches (e.g., due to type confusion), allowing an unprivileged BPF program to read arbitrary kernel memory locations via a side-channel attack. Several connected advisorie...

CVE-2020-36242

The CVE refers to the Python cryptography package prior to 3.3.2. The issue arises from certain sequences of update() calls when symmetrically encrypting very large (multi-GB) payloads, which can trigger an integer overflow and buffer overflow, as demonstrated by the Fernet class. This affects cr...

CVE-2019-11709

CVE-2019-11709 involves memory safety bugs reported in Mozilla Firefox (67) and Firefox ESR (60.7). Some bugs show memory corruption and could potentially be exploited to run arbitrary code. Affected versions include Firefox ESR < 60.8, Firefox < 68, and Thunderbird

CVE-2018-14333

Summary of CVE-2018-14333 (TeamViewer) : TeamViewer versions up to 13.1.1548 store a password in Unicode format inside the TeamViewer.exe process memory, between the memory delimiters [00 88] and [00 00 00]. This memory storage could let an attacker on an unattended, still-running TeamViewer sess...

CVE-2016-2108

CVE-2016-2108 : OpenSSL’s ASN.1 implementation allows remote attackers to execute arbitrary code or cause a denial of service via a crafted ASN.1 ANY field, due to a buffer underflow/memory corruption when deserializing data. Affected: OpenSSL versions prior to 1.0.1o (and prior to 1.0.2c in the ...

CVE-2025-10158

CVE-2025-10158 affects rsync across multiple distros. The issue is a potential out-of-bounds read on a heap buffer triggered by a negative array index when a malicious client acts as the receiver of an rsync transfer. Exploitation requires at least read access to the remote rsync module. Publicly...

CVE-2025-64446

CVE-2025-64446 is a high-severity relative path traversal in Fortinet FortiWeb that enables unauthenticated administrative command execution via crafted HTTP/HTTPS requests. Affected FortiWeb branches and patched versions are explicitly documented: 8.0.0–8.0.1 (fix in 8.0.2+), 7.6.0–7.6.4 (fix in...

CVE-2025-27231

CVE-2025-27231 involves leakage of the LDAP Bind password in Zabbix deployments. According to connected advisories, the issue allows a Super Admin to exfiltrate the Bind password by altering the LDAP Host to a rogue server, even though the password cannot be read after saving under normal conditi...

CVE-2024-37890

The CVE-2024-37890 entry concerns the ws WebSocket library for Node.js. In vulnerable releases, a request containing more headers than server.maxHeadersCount can crash a ws server. The issue has been fixed in [email protected] and backported to [email protected], [email protected], and [email protected]. Remediation/mitigation av...

CVE-2022-44617

The CVE-2022-44617 issue is a Denial of Service in libXpm caused by a parser loop when processing certain XPM inputs (notably width=0 with very large height). Affected packages include libXpm across multiple distributions (Linux vendors show related CVEs 44617/46285/4883). The practical impact is...

CVE-2022-0801

CVE-2022-0801 describes an issue in Google Chrome’s HTML parser where an improper implementation could bypass XSS protections via a crafted HTML page. Affected product: Google Chrome (via Chromium codebase). Root cause: insecure HTML parsing logic preceding version 99.0.4844.51. Impact: remote at...

CVE-2022-41556

CVE-2022-41556 affects lighttpd 1.4.56–1.4.66, describing a resource leak in gw_backend.c that can cause denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior, related to RDHUP mishandling in certain HTTP/1.1 chunked scenarios (mod_fastcgi also affected). T...

CVE-2021-2194

CVE-2021-2194 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.33 and earlier and 8.0.23 and earlier. The issue allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) of MySQL Server. No exploitation details are provided in the ...

CVE-2020-13575

CVE-2020-13575 affects Genivia gSOAP 2.8.107. The WS-Addressing plugin vulnerability allows a remote attacker to trigger denial of service via a specially crafted SOAP request over HTTP, with CVSS v3.1 base score 7.5 (HIGH). Public advisories confirm fixes in multiple distributions: Debian 2.8.75...

CVE-2019-13057

CVE-2019-13057 affects Cloud Pak for Security (CP4S) via OpenLDAP openldap server delegation: slapd may allow a rootDN (database admin) to be granted authorization as an identity from another database during SASL bind or RFC 4370 proxyAuthz control, enabling potential leakage of sensitive informa...

CVE-2018-4300

The CVE-2018-4300 entry concerns the CUPS web interface session cookie being easily guessable on Linux, enabling unauthorized scripted access when the web interface is enabled. Affected versions are prior to 2.2.10, and the issue is mitigated by upgrading to v2.2.10 or newer. Multiple connected s...

CVE-2008-0166

CVE-2008-0166 describes a Debian/Ubuntu OpenSSL PRNG flaw caused by removing seeding steps in md_rand.c, which left the OpenSSL PRNG predictable. Consequently, OpenSSH/OpenSSL keys generated on affected Debian-based systems (2006–2008) could be brute-forced or reproduced. Connected docs indicate ...

CVE-2023-30583

CVE-2023-30583 : In Node.js 20, the fs.openAsBlob() API can bypass the experimental permission model when the file system read restriction is enabled with --allow-fs-read, due to a missing check in fs.openAsBlob(). The description notes this as part of the experimental feature set. Remediation/fi...

CVE-2024-38202

CVE-2024-38202 describes an elevation of privilege in Windows Update that could allow a user with basic privileges to reintroduce mitigated vulnerabilities or bypass some VBS protections. The vulnerability requires an attacker to coax an Administrator or delegated user into performing a system re...

CVE-2024-28180

The CVE-2024-28180 entry describes a memory/CPU exhaustion flaw in jose’s JWE decompress logic, where Decrypt/DecryptMulti may blow up on large decompressed data. The advisory notes patches in jose upstream (versions 4.0.1, 3.0.3, 2.6.3). Connected Mariner records show this CVE being tracked acro...

CVE-2023-33010

CVE-2023-33010 is a high-severity (CVSS 3.1: 9.8) buffer overflow in the ID processing function of Zyxel firewalls (ATP, USG FLEX, USG, ZyWALL/VPN) that can be exploited without authentication to cause DoS and remote code execution. Affected firmware ranges include Zyxel ATP 4.32–5.36 Patch 1, US...

CVE-2022-0995

CVE-2022-0995 is an out-of-bounds memory write in the Linux kernel’s watch_queue event notification subsystem that can overwrite kernel state and may allow a local user to gain privileged access or cause a denial of service. Connected sources indicate affected kernel lines include 5.x series with...