22107 matches found
Improper (D)TLS key boundary enforcement
...
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
...
CVE-2024-5288
...
CVE-2024-5814
...
CVE-2024-2881
...
CVE-2024-1545
...
CVE-2024-50228
...
CVE-2024-1543
...
CVE-2012-2677
...
CVE-2019-14584
...
CVE-2024-1544
...
Chromium: CVE-2024-12053 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
Improper validation of IPv6 and IPvFuture addresses
...
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0 and Mbed Crypto. The PSA Crypto API mishandles shared memory.
...
Low-level invalid GF(2^m) parameters lead to OOB memory access
...
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.
...
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
...
AES-SIV implementation ignores empty associated data entries
...
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
...
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations.
...
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset the maximum negotiable TLS version is mishandled.
...
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).
...
CVE-2024-30166
...
CVE-2024-45157
...
GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
...
Conversion of a wide string to a local string that leads to a heap of out-of-bound write
...
Conversion of a wide string to a local string that leads to a heap of out-of-bound write
...
Partner.Microsoft.Com Elevation of Privilege Vulnerability
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network...
Microsoft Copilot Studio Elevation Of Privilege Vulnerability
Improper neutralization of input during web page generation 'Cross-site Scripting' in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network...
PostgreSQL PL/Perl environment variable changes execute arbitrary code
...
Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability
Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network...
Microsoft Dynamics 365 Sales Spoofing Vulnerability
...
Qualys discovered that if unsanitized input was used with the library Modules: ScanDeps
...
PostgreSQL libpq retains an error message from man-in-the-middle
...
PostgreSQL row security below e.g. subqueries disregards user ID changes
...
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization.
...
PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID
...
In GNU tar before 1.35 mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
...
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump
...
Postgresql: role pg_signal_backend can signal certain superuser processes.
...
All versions of package datatables.net are vulnerable to Prototype Pollution
...
Chromium: CVE-2024-11395 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
GNOME libsoup before 3.6.1 has an infinite loop and memory consumption. during the reading of certain patterns of WebSocket data from clients.
...
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict.
...
Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
...
An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.
...
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations
...
A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
...