22107 matches found
Windows Telephony Service Remote Code Execution Vulnerability
...
Windows Telephony Service Remote Code Execution Vulnerability
...
Windows BitLocker Information Disclosure Vulnerability
...
Secure Boot Security Feature Bypass Vulnerability
...
Windows Digital Media Elevation of Privilege Vulnerability
...
Windows Digital Media Elevation of Privilege Vulnerability
...
GDI+ Remote Code Execution Vulnerability
...
Windows Installer Elevation of Privilege Vulnerability
...
Secure Boot Security Feature Bypass Vulnerability
...
Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability
...
Windows Digital Media Elevation of Privilege Vulnerability
...
Windows Telephony Service Remote Code Execution Vulnerability
...
Visual Studio Remote Code Execution Vulnerability
...
Pam: libpam: libpam vulnerable to read hashed password
...
runc can be confused to create empty files/directories on the host
...
Azure Marketplace SaaS Resources Information Disclosure Vulnerability
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network...
Microsoft Purview Information Disclosure Vulnerability
A Server-Side Request Forgery SSRF vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network...
Non-linear parsing of case-insensitive content in golang.org/x/net/html
...
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
...
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
...
iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.
...
Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library
...
Denial of Service via crafted zip file in jaraco/zipp
...
`rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
...
Arbitrary command execution through gitRepo volume
...
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
...
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
...
ssl fails to validate incorrect extened key usage
...
Chromium: CVE-2024-12695 Out of bounds write in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2024-12694 Use after free in Compositing
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2024-12693 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2024-12692 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability
...
Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
...
Unbounded memory buffering in SelectorSocketTransport.writelines()
...
Pam: improper hostname interpretation in pam_access leads to access control bypass
...
Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root
...
REXML denial of service vulnerability
...
wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types.
...
Reachable assertion in avahi_alternative_host_name
...
Reachable assertion in avahi_dns_packet_append_record
...
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
...
net: explicitly clear the sk pointer, when pf->create fails
...
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
...
virtio_pmem: Check device status before requesting flush
...
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.
...
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
...
Reachable assertion in avahi_rdata_parse
...
Reachable assertion in avahi_escape_label
...
Apache Arrow R package: Arbitrary code execution when loading a malicious data file
...