CVE-2021-20310

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from thi...

CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

CVE-2020-24586

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received fragments be cleared from memory after reconnecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using...

CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This ca...

CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-3450

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

CVE-2020-27171

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error with a resultant integer underflow affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information...

CVE-2021-28660

rtwwxsetscan in drivers/staging/rtl8188eu/osdep/ioctllinux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -ssid array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/ unfinished work; however, system integrators may...

CVE-2020-12362

Integer overflow in the firmware for some IntelR Graphics Drivers for Windows before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access...

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

CVE-2020-14323

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service...

CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e...

CVE-2020-11077

In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...

CVE-2019-11048

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleanin...

CVE-2020-1983

A use after free vulnerability in ipreass in ipinput.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service...

CVE-2020-11008

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260GHSA-qm7j-c969-7j4q. The fix for that bug still left the door open for an exploit where some credential is leaked but...

CVE-2020-6418

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...

CVE-2019-20096

In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b...

CVE-2019-19536

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peakusb/pcanusbpro.c driver, aka CID-ead16e53c2f0...

CVE-2019-19377

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfsqueuework in fs/btrfs/async-thread.c...

CVE-2019-14897

A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service system crash or, possibly execute arbitrary code, when a STA works in IBSS mode allows connecting stations together without the use of ...

CVE-2019-12523

An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers,...

CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

CVE-2019-5481

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3...

CVE-2018-20976

An issue was discovered in fs/xfs/xfssuper.c in the Linux kernel before 4.18. A use after free exists, related to xfsfsfillsuper failure...

CVE-2019-11360

A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to at least crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to addparamtoargv in xshared.c...

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

CVE-2019-7397

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c...

CVE-2019-3819

A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user "root" can cause a system lock up and a denial of service. Versions from v4.18 and newe...

CVE-2018-20677

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...

CVE-2018-18025

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file...

CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...

CVE-2018-13053

The alarmtimernsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktimeaddsafe is not used...

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...

CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2018-2602

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: I18n. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the...

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

CVE-2017-16544

In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...

CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

CVE-2017-1000112

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append. However in between two send calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In...

CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

CVE-2011-5325

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink...

CVE-2016-10228

The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service...

CVE-2016-10148

The wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a getplugindata call before checking the updateplugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to...

CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

CVE-2016-3672

The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDRNORANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid...