59600 matches found
CVE-2023-20593
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information...
CVE-2022-28735
The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...
CVE-2023-38427
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemblenegcontexts...
CVE-2023-25732
When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2023-2459
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2021-43612
In lldpd before 1.0.13, when decoding SONMP packets in the sonmpdecode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets...
CVE-2023-28879
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...
CVE-2022-41724
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...
CVE-2023-0240
There is a logic error in iouring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the ioprepasyncwork function the assumption that the last iograbidentity call cannot return false is not true, and in this case the function will use...
CVE-2022-36760
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...
CVE-2022-42255
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering...
CVE-2021-44854
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...
CVE-2022-34480
Within the lginit function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox 102...
CVE-2022-40962
Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...
CVE-2022-42856
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this iss...
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
CVE-2021-46854
modradius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters...
CVE-2022-42799
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...
CVE-2022-3657
Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2022-3652
Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-3527
Removed by vendor...
CVE-2021-36369
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2...
CVE-2022-3049
Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page...
CVE-2022-22637
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior...
CVE-2022-22624
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2022-1972
Removed by vendor...
CVE-2021-43565
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
CVE-2022-38749
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...
CVE-2022-1247
An issue found in linux-kernel that leads to a race condition in roseconnect. The rose driver uses roseneigh-use to represent how many objects are using the roseneigh. When a user wants to delete a roseroute via roseioctl, the rose driver calls rosedelnode and removes neighbours only if their...
CVE-2022-2991
A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and...
CVE-2022-2609
Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions...
CVE-2022-2607
Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions...
CVE-2022-38150
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...
CVE-2022-2157
Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...
CVE-2022-1486
Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...
CVE-2022-25858
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions...
CVE-2022-31156
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...
CVE-2022-2264
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0...
CVE-2022-34835
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the doi2cmd function...
CVE-2022-32545
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...
CVE-2022-26364
x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...
CVE-2022-1966
Removed by vendor...
CVE-2022-1934
Use After Free in GitHub repository mruby/mruby prior to 3.2...
CVE-2022-30295
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...
CVE-2022-30292
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sqreservestack call...
CVE-2022-30284
Removed by vendor...
CVE-2021-42528
XMP Toolkit 2021.07 and earlier is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...
CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
CVE-2022-1441
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diSTboxread to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is controllable ...