1489 matches found
Integer Overflow or Wraparound
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
Stack-based Buffer Overflow
A flaw was found in cairo's image-compositor.c in all This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input to cause a stack...
Improper Link Resolution Before File Access
When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled...
Observable Timing Discrepancy
The activerecord-sessionstore aka Active Record Session Store component for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a...
Insecure Temporary File
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root...
Observable Timing Discrepancy
Constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
Incorrect Conversion between Numeric Types
An issue was discovered in GNOME GLib If gbytearraynewtake was called with a buffer of 4GB or more on a platform, the length would be truncated modulo 232, causing unintended length truncation...
Incorrect Conversion between Numeric Types
An issue was discovered in GNOME GLib The function gbytesnew has an integer overflow on platforms due to an implicit cast from bits to bits. The overflow could potentially lead to memory corruption...
Uncontrolled Resource Consumption
In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service...
Uncontrolled Resource Consumption
The PostgreSQL adapter in Active Record suffers from a regular expression denial of service REDoS vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
Integer Overflow or Wraparound
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
Integer Overflow or Wraparound
An integer overflow issue exists in Godot Engine that can be triggered when loading specially crafted TGA image files...
Key Caching behavior in the DynamoDB Encryption Client.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...
Out-of-bounds Write
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...
Use After Free
Acrobat Reader DC versions versions 2020.013.20074 and earlier, 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current...
Regular Expression Denial of Service
The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
Incorrect Permission Assignment for Critical Resource
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control to to, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP...
Incorrect Authorization
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
Incorrect Authorization
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CSRF can expose users authentication token
Issue The /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Patches Version 3.4.5 and soon to ...
Regular Expression Denial of Service in CairoSVG
When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service REDoS. If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time...
Nil Pointer Dereference
A nil pointer dereference in the golang.org/x/crypto/ssh component enables remote attackers to cause a DoS against SSH servers...
Integer Overflow or Wraparound
DISPUTED GNOME GLib has an integer overflow, that might lead to an out-of-bounds write, in goptiongroupaddentries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls ...
Inclusion of Sensitive Information in Log Files
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl...
Inclusion of Sensitive Information in Log Files
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log...
Inclusion of Sensitive Information in Log Files
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials...
Inclusion of Sensitive Information in Log Files
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims...
Out-of-bounds Write
CImg suffers from integer overflows leading to heap buffer overflows in loadpnm that can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity...
Access of Resource Using Incompatible Type ('Type Confusion')
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Access of Resource Using Incompatible Type ('Type Confusion')
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Access of Resource Using Incompatible Type ('Type Confusion')
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Access of Resource Using Incompatible Type ('Type Confusion')
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Out-of-bounds Write
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Use After Free
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
Out-of-bounds Write
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Use After Free
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
Use After Free
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
Use After Free
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
Out-of-bounds Write
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Out-of-bounds Write
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Uncontrolled Resource Consumption
c-ares' aresparsea,aaaareply suffers from a Denial Of Service due to insufficient naddrttls validation...
SQL Injection
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection...
Uncontrolled Resource Consumption
This affects the package @absolunet/kafe It allows cause a denial of service when validating crafted invalid emails...
Deserialization of Untrusted Data
DatabaseSchemaViewer is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted .dbschema file. As a workaround, ensure .dbschema files from untrusted sources are not opened...
Out-of-bounds Write
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Out-of-bounds Write
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...