58846 matches found
CVE-2023-2610
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532...
CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-ne...
CVE-2023-6345
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...
CVE-2021-4217
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution...
CVE-2010-4651
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. dot dot or full pathname, a related issue to CVE-2010-1679...
CVE-2013-4392
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files...
CVE-2023-3758
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately...
CVE-2024-2236
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...
CVE-2005-1119
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files...
CVE-2021-29921
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...
CVE-2022-21449
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...
CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2018-1000021
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...
CVE-2022-4968
netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected...
CVE-2022-2602
iouring UAF, Unix SCM garbage collection...
CVE-2023-45925
GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function xerrorhandler at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem an X operation silently fails...
CVE-2024-9681
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...
CVE-2013-1798
The ioapicreadindirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPICREGSELECT and IOAPICREGWINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of...
CVE-2024-23918
Improper conditions check in some IntelR XeonR processor memory controller configurations when using IntelR SGX may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2024-53589
GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD Binary File Descriptor library's handling of tekhex format files...
CVE-2017-5439
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
CVE-2014-3153
The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification...
CVE-2024-45310
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred...
CVE-2019-8835
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary...
CVE-2024-36623
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...
CVE-2022-28390
emsusbstartxmit in drivers/net/can/usb/emsusb.c in the Linux kernel through 5.17.1 has a double free...
CVE-2020-25668
A flaw was found in Linux Kernel because access to the global variable fgconsole is not properly synchronized leading to a use after free in confontop...
CVE-2019-2992
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2023-42465
Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...
CVE-2014-3470
The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...
CVE-2018-18505
An earlier fix for an Inter-process Communication IPC vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the...
CVE-2019-19532
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c,...
CVE-2018-15594
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests...
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...
CVE-2022-1471
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...
CVE-2022-27776
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...
CVE-2015-20107
In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...
CVE-2022-22719
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...
CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
CVE-2022-3445
Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-2856
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page...
CVE-2022-23457
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...
CVE-2014-6277
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...
CVE-2024-6387
A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...
CVE-2022-22720
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...
CVE-2024-31497
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...