CVE-2024-26929

Removed by vendor...

CVE-2022-48651

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...

CVE-2024-3566

A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...

CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some IntelR AtomR Processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-48624

closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...

CVE-2024-20921

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

CVE-2024-1283

Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2024-22667

Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions...

CVE-2023-52355

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64 API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB...

CVE-2023-40547

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

CVE-2024-0751

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

CVE-2024-0222

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-51713

makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...

CVE-2023-39326

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

CVE-2023-6346

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-5825

Removed by vendor...

CVE-2023-46862

An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an iouring/fdinfo.c iouringshowfdinfo NULL pointer dereference can occur...

CVE-2023-46136

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk b...

CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

CVE-2023-44488

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding...

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

CVE-2023-4244

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Due to a race condition between nftables netlink control plane transaction and nftset element garbage collection, it is possible to underflow the reference...

CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

CVE-2023-4128

Removed by vendor...

CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information...

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

CVE-2023-38427

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemblenegcontexts...

CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-2459

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2021-43612

In lldpd before 1.0.13, when decoding SONMP packets in the sonmpdecode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets...

CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

CVE-2022-41724

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

CVE-2023-0240

There is a logic error in iouring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the ioprepasyncwork function the assumption that the last iograbidentity call cannot return false is not true, and in this case the function will use...

CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

CVE-2022-42255

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering...

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

CVE-2022-34480

Within the lginit function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox 102...

CVE-2022-42856

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this iss...

CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

CVE-2021-46854

modradius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters...

CVE-2022-3652

Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2022-3657

Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

CVE-2022-3527

Removed by vendor...

CVE-2021-36369

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2...

CVE-2022-3049

Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-22624

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2022-1972

Removed by vendor...

CVE-2021-43565

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

CVE-2022-38749

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...