368571 matches found
CVE-2008-4300
CVE-2008-4300 affects a specific ActiveX control in adsiis.dll used by Microsoft Internet Information Services (IIS). The vulnerability allows remote attackers to cause a denial of service (browser crash) by sending a long string as the second argument to the GetObject method. The description not...
CVE-2000-1200
CVE-2000-1200 affects Windows NT where remote attackers can enumerate domain users by obtaining the domain SID with the LsaQueryInformationPolicy policy function through a null session, then using that SID to list users. Connected findings consolidate that attackers can enumerate the host/local u...
CVE-2026-28780
CVE-2026-28780 is a heap-based buffer overflow in Apache HTTP Server’s mod_proxy_ajp (via ajp_msg_check_header()). Reports across Debian, FreeBSD/vuxml, Alpine, and NC SC advisories confirm impact on versions up to 2.4.66 and a fix in 2.4.67 . The issue allows memory corruption and can contribute...
CVE-2022-3190
The CVE describes an infinite loop in the F5 Ethernet Trailer protocol dissector of Wireshark. Affected releases include Wireshark 3.6.0–3.6.7 and 3.4.0–3.4.15, where processing crafted captures or packet injections can cause a denial of service. Connected advisories corroborate the issue and ind...
CVE-2022-31000
The CVE concerns solidus_backend, the admin interface of the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 are affected by a cross-site request forgery (CSRF) that lets an attacker change the state of an order’s adjustments if they know the order number, with the actio...
CVE-2021-3752
Mode C: CVE-2021-3752 is a Linux kernel use-after-free vulnerability in the Bluetooth L2CAP path caused by a race between connect and disconnect. The flaw can allow a local attacker to crash the system or escalate privileges. Connected documents confirm this CVE is discussed in Debian advisories ...
CVE-2021-1544
CVE-2021-1544 describes an information-disclosure vulnerability in the Cisco Webex Meetings client’s logging mechanism. An authenticated, local attacker could access files containing logged actions and potentially view sensitive data, including meeting content and transcriptions. Public sources i...
CVE-2021-29450
CVE-2021-29450 affects WordPress: an authenticated user with at least contributor privileges could exploit a block in the WordPress editor to expose password-protected posts and pages. The issue has been patched in WordPress 5.7.1, with older affected versions addressed via minor releases. Remedi...
CVE-2020-14179
CVE-2020-14179 affects Atlassian Jira Server/Data Center versions before 8.5.8 and 8.6.0 through 8.11.1. The vulnerability is an information disclosure in the /secure/QueryComponent!Default.jspa endpoint, allowing remote, unauthenticated attackers to view custom field names and custom SLA names. ...
CVE-2018-5745
CVE-2018-5745 affects BIND's managed-keys feature, causing an assertion failure (and possible server exit) when a trust anchor is rolled over to an unsupported key algorithm. Affected: BIND 9 series (various 9.9.x–9.13.x branches and preview releases). Impact: potential denial of service by crash...
CVE-2014-2667
CVE-2014-2667: Race condition in Python’s Lib/os.py _get_masked_mode when exist_ok is true across Python 3.2–3.5. The issue allows local users to bypass intended file permissions by exploiting a separate application vulnerability before the process umask is set. Connected OpenVAS entries corrobor...
CVE-2023-50782
CVE-2023-50782 affects the python-cryptography library across multiple Linux distributions. The underlying issue is a Bleichenbacher timing/PKCS#1 v1.5 RSA decryption handling flaw that could allow a remote attacker to decrypt TLS RSA-exchange messages, potentially exposing confidential data. Aff...
CVE-2023-5090
CVE-2023-5090: A flaw in Linux kernel KVM (svm_set_x2apic_msr_interception) enables direct access to host x2apic MSRs when a guest resets its APIC, potentially causing denial of service. Connected advisories (Astra Linux, IBM Guardium bulletin, Amazon ALAS) reference this CVE as part of Linux ker...
CVE-2023-44488
CVE-2023-44488 affects VP9 in libvpx prior to 1.13.1, where widths are mishandled during encoding, causing a crash. The CVE is documented across multiple sources including the libvpx 1.13.1 release and related advisories (e.g., ALAS2-2025-2960, CBLMariner). The issue is tied to libvpx’s handling ...
CVE-2022-30616
Summary: CVE-2022-30616 affects IBM Robotic Process Automation and IBM RPA for Cloud Pak/Service, with versions prior to 21.0.3 vulnerable. A privileged user could elevate privileges to platform administrator by manipulating APIs. Impact: high (privilege escalation) with CVSS base scores in the h...
CVE-2022-31102
Argo CD (GitOps for Kubernetes) is affected by a cross-site scripting (XSS) vulnerability in versions 2.3.0–2.3.6 and 2.4.0–2.4.4 that allows arbitrary JavaScript in the /auth/callback page when SSO is enabled. Exploitation requires access to the API server’s encryption key, a method to inject a ...
CVE-2021-21290
CVE-2021-21290 relates to Netty before 4.1.59.Final, where an insecure temp file in Unix-like systems could lead to local information disclosure when uploads are stored on disk via multipart decoders. The Unix temp dir is shared among users, and files created with File.createTempFile may have ins...
CVE-2020-9488
CVE-2020-9488 affects the Apache Log4j2 SMTP appender. The issue is improper validation of the SSL/TLS certificate when the host name does not match, potentially allowing a man-in-the-middle to intercept SMTPS traffic and leak log messages. The concrete remediation is to upgrade to affected relea...
CVE-2018-10903
The CVE-2018-10903 issue affects python-cryptography versions >=1.9.0 and
CVE-2025-64756
CVE-2025-64756 is a command-injection vulnerability in glob's -c/--cmd handling. The IBM bulletins show this CVE affecting IBM Maximo Application Suite components (e.g., Visual Inspection) and related bundles, with remediation by upgrading the affected glob component to 10.5.0 or 11.1.0 (patches ...
CVE-2025-9867
CVE-2025-9867 : The connected documents confirm a vulnerability in Google Chrome on Android before version 140.0.7339.80, described as an inappropriate implementation in Downloads that allowed a remote attacker to perform UI spoofing via a crafted HTML page. The impact is UI spoofing with a mediu...
CVE-2024-37891
CVE-2024-37891 affects urllib3 (Python HTTP client) across multiple distributions (e.g., python3-urllib3, python3.13-pip, python-pip, etc.). The issue: when not using urllib3’s ProxyManager proxy support, a configured Proxy-Authorization header could be sent, and urllib3 may not strip it on cross...
CVE-2023-50447
Summary: CVE-2023-50447 affects Pillow up to 10.1.0, enabling Arbitrary Code Execution via the environment parameter in PIL.ImageMath.eval. This is a separate issue from CVE-2022-22817 (expression parameter). What’s affected: Pillow library in Python projects (Pillow versions up to 10.1.0). Root ...
CVE-2023-21954
CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...
CVE-2023-23454
CVE-2023-23454 affects the Linux kernel cbq_classify (net/sched/sch_cbq.c) up to version 6.1.4, enabling a local attacker to trigger a slab-out-of-bounds read via type confusion (non-negative values may be misinterpreted as TC_ACT_SHOT), causing denial of service. Connected advisories reference s...
CVE-2022-22756
CVE-2022-22756 describes a drag-and-drop image object that could be turned into an executable script, enabling arbitrary code execution when clicked. Affected products and versions include Firefox <97, Thunderbird <91.6, and Firefox ESR
CVE-2022-41881
Netty CVE-2022-41881 concerns a StackOverflowError when parsing malformed crafted messages due to infinite recursion in the HAProxyMessageDecoder. The issue affects Netty versions before 4.1.86.Final and can lead to denial of service through resource exhaustion. The vulnerability is fixed in 4.1....
CVE-2022-34776
The CVE-2022-34776 entry concerns the Tabit giftcard system, where several web APIs expose sensitive user data without authorization. Affected component is the web API layer that returns health statements, prior bills for a restaurant, and drinking/smoking habits, with each API URL including Mong...
CVE-2020-7676
CVE-2020-7676 is an AngularJS XSS vulnerability. AngularJS prior to 1.8.0 allows cross-site scripting due to regex-based HTML sanitization that may revert to unsanitized code; wrapping option elements in select can alter parsing and lead to unsanitized content being rendered. Connected documents ...
CVE-2020-9548
CVE-2020-9548 affects Cloudera Data Platform Private Cloud Base (IBM) 7.1.9. It is a deserialization vulnerability in FasterXML jackson-databind 2.x up to 2.9.10.3/4 where interaction between serialization gadgets and typing (relating to br.com.anteros.dbcp.AnterosDBCPConfig) can lead to remote c...
CVE-2019-18874
CVE-2019-18874 affects the Python module psutil (python-psutil). The issue is a double free caused by refcount mishandling in loops that convert system data into Python objects, as reported up to version 5.6.5 (and referenced in later advisories noting fixes in newer releases). Connected sources ...
CVE-2018-5743
CVE-2018-5743 affects BIND in multiple releases (notably 9.9.0–9.14.0, including some 9.11/9.13 branches). The flaw allows the named process to exceed its configured limit on simultaneous TCP connections, risking exhaustion of file descriptors and potentially affecting associated log/zone file ma...
CVE-2019-3820
Technical details about CVE-2019-3820 are not publicly available in the provided Connected documents. The description mentions physical access and GNOME lock screen behavior. No remediation or affected versions are confirmed here. Monitor for updates from official advisories.
CVE-2017-16642
CVE-2017-16642 is a PHP core timelib_meridian parsing bug in ext/date/lib/parse_date.c causing out-of-bounds reads. Affected are PHP versions before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11. The issue can leak information from the interpreter if attackers supply crafted date strings. Th...
CVE-2023-3567
CVE-2023-3567 is a use-after-free vulnerability in Linux kernel code (vc_screen.c: vcs_read in vc_screen) that can allow a local attacker to crash the system or leak kernel information. Connected advisories (Astra Linux, CIRCL sighting, and Amazon Linux advisories) confirm the same UAF issue and ...
CVE-2023-29349
CVE-2023-29349 concerns Microsoft ODBC and OLE DB components (SQL Server ODBC Driver and OLE DB Driver) enabling remote code execution. The vulnerability arises from improper handling in the ODBC/OLE DB stack, with an attack vector described as LOCAL and requiring user interaction, resulting in h...
CVE-2023-27969
CVE-2023-27969 is a use-after-free kernel vulnerability in Apple platforms. The issue could allow an app to execute arbitrary code with kernel privileges via a local attack, fixed in macOS Ventura 13.3, iOS 16.4 / iPadOS 16.4, and iOS 15.7.4 / iPadOS 15.7.4, as well as tvOS 16.4 and watchOS 9.4. ...
CVE-2022-41722
CVE-2022-41722 describes a path traversal in the Go standard library function filepath.Clean on Windows, where an invalid path like "a/../c:/b" can be transformed into a valid path "c:\b" and potentially enable directory traversal. After fix, Go converts it to the relative but invalid path ".\c:\...
CVE-2022-20952
CVE-2022-20952 concerns Cisco AsyncOS Software for Cisco Secure Web Appliance (WSA). The issue is a vulnerability in the scanning engines where malformed, encoded traffic is not detected, enabling an unauthenticated, remote attacker to bypass a configured block rule and inject traffic that should...
CVE-2022-31078
KubeEdge CloudCore Router memory exhaustion DoS vulnerability (CVE-2022-31078) affects pre-1.11.1, pre-1.10.2, and pre-1.9.4 releases. The REST handler’s HTTP response size is not limited, allowing an authenticated cloud user to trigger a large response that exhausts memory and causes CloudCore d...
CVE-2020-28015
Exim 4 before 4.94.2 is affected by CVE-2020-28015 due to Improper Neutralization of Line Delimiters. A local attacker can abuse newline characters in recipient addresses to alter the behavior of root processes. Affected product: Exim (MTA). Root cause: newline handling in recipient address enabl...
CVE-2015-5986
ISC BIND vulnerability CVE-2015-5986 arises from an incorrect boundary check in openpgpkey_61.c within named, allowing remote attackers to crash the server via a crafted DNS response. Affected products/versions: BIND 9.9.7 before 9.9.7‑P3 and 9.10.x before 9.10.2‑P4. Exploitation can cause a deni...
CVE-2025-48951
The CVE concerns Auth0-PHP in versions 8.0.0-BETA3 through 8.3.1, where insecure deserialization of cookie data enables an attacker to craft malicious cookies since the SDK processes cookie content without prior authentication. Affected ecosystems include apps using Auth0-PHP directly and those u...
CVE-2021-46923
CVE-2021-46923: Rejected reason; this CVE entry is not used.
CVE-2023-38144
CVE-2023-38144 is a Windows elevation-of-privilege flaw in the Common Log File System (CLFS) driver . The provided description confirms a local, privilege-escalation condition affecting the Windows CLFS driver, with a CVSS v3.1 base score 7.8 (LOCAL, LOW attack complexity, LOW privileges required...
CVE-2023-25153
Summary: CVE-2023-25153 affects containerd and, when importing OCI images, could allow a denial of service due to an unlimited bytes-read limit on certain files. The issue exists in versions prior to 1.6.18 and 1.5.18. Root cause: missing input size limit during image import leads to potential Do...
CVE-2021-28169
CVE-2021-28169 affects Eclipse Jetty shipped with multiple versions (<= 9.4.40, <= 10.0.2,
CVE-2021-28957
CVE-2021-28957 affects python-lxml’s Cleaner in the clean module, where disabling safe_attrs_only and forms allows the formaction attribute to bypass sanitization, enabling remote XSS. Versions before 4.6.3 are vulnerable; fixed in lxml 4.6.3. Affected: python-lxml; Issue caused by missing input ...
CVE-2020-12243
CVE-2020-12243 affects OpenLDAP’s slapd in filter.c, where LDAP search filters with nested boolean expressions can cause a denial-of-service (daemon crash). Public advisories note fixes by upgrading OpenLDAP to newer releases (e.g., 2.4.50+; related entries reference 2.4.58 in a CloudLinux adviso...
CVE-2020-1983
CVE-2020-1983 is a use-after-free in SLiRP’s ip_reass() (ip_input.c) affecting libslirp 4.2.0 and earlier, exploitable via crafted IP fragments to crash the QEMU host process (DoS). Connected advisories confirm this in QEMU SLiRP, with remediation by upgrading QEMU/libslirp to fixed releases (e.g...