213680 matches found
Memory corruption
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-275...
Design/Logic Flaw
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/rendererhost/websocketdispatcherhost.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging...
Memory corruption
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0305 and CVE-2014-0311...
Xxe
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...
Default configuration
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...
Design/Logic Flaw
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...
Authentication flaw
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...
Design/Logic Flaw
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema...
Design/Logic Flaw
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for a long resource record...
Integer overflow
Integer signedness error in the TIFFReadDirectory function in tifdirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion betwe...
Sql injection
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...
Code injection
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid 1 RSS or 2 Atom XML content...
Directory traversal
envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...
Code injection
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...
Design/Logic Flaw
Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...
Memory corruption
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...
Design/Logic Flaw
BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation DLV, allows remote attackers to cause a denial of service infinite loop via a query for an RRSIG record whose answer is not in the cache, which causes BI...
Format string
Format string vulnerability in the msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.3109 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request...
Design/Logic Flaw
The Safe aka Safe.pm module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended 1...
Input validation
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET...
Sql injection
The nfslock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service BUG and system crash by locking a file on an NFS filesystem and then changing this...
Design/Logic Flaw
The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...
Design/Logic Flaw
sql/sqltable.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a 1 DATA DIRECTORY or 2...
Default credentials
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges...
Code injection
Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...
Integer overflow
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large 1 width and 2 height values, which triggers a heap-based buffer overflow in the a cvtwholeimage...
Heap overflow
Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...
Memory corruption
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown...
Unrestricted file upload
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...
Sql injection
SQL injection vulnerability in index.php in the mosDirectory comdirectory 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action...
Cross site scripting
Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0447. Reason: This candidate is a duplicate of CVE-2007-0447. Notes: All CVE users should reference CVE-2007-0447 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Design/Logic Flaw
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...
Sql injection
Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...
Command injection
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...
Authorization
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...
CVE-2024-28746
RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...
CVE-2024-28418
RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...
Design/Logic Flaw
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...
Design/Logic Flaw
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...
Design/Logic Flaw
An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickleload function of the serialize.py file...
CVE-2024-1222
RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...
Spoofing
Azure SDK Spoofing Vulnerability...
Command injection
An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwlfwinitriggertlv::data is a pointer to a le32, which means that if we copy to iwlfwinitriggertlv::data + offset while offset is in bytes, we'll write past the buffer...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drmmodepageflipioctl we proceed to unref the fb and then retry the whole thing from the top. But we forget to...
Code injection
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
Code injection
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmtstree. To add the required check added the bool isctl which is required to determine the size as...