Double free

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers able to inject WLAN frames to crash the kernel and potentially execute code...

Design/Logic Flaw

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

Double free

There exists a use-after-free in iouring in the Linux kernel. Signalfdpoll and binderpoll use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the iouring poll doesn't handle POLLFREE. This allows a...

Input validation

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...

Code injection

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

Design/Logic Flaw

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...

Input validation

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system file os/net/ipv6/sicslowpan.c contains an input function that processes incoming packets and copies them into a packet buffer. Because of a...

Input validation

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use...

Buffer overflow

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

Authorization

A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. The...

Heap overflow

A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000printpage function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service...

Xxe

Out-of-Band XML External Entity OOB-XXE vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file...

Code injection

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

Privilege escalation

Microsoft Exchange Server Elevation of Privilege Vulnerability...

Type confusion

Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Cross site request forgery (csrf)

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this...

Design/Logic Flaw

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior and and 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the...

Code injection

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call...

Remote code execution

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...

Out-of-bounds

When setting font with malicous data by ioctl cmd PIOFONT,kernel will write memory out of bounds...

Remote code execution

Windows Network File System Remote Code Execution Vulnerability...

Type confusion

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with an...

Design/Logic Flaw

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2...

Heap overflow

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

Information disclosure

Incomplete cleanup in specific special register write operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Input validation

Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Code injection

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

Design/Logic Flaw

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

Design/Logic Flaw

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

Code injection

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...

Design/Logic Flaw

The affected ThroughTek P2P products SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module do not sufficiently protect data...

Information disclosure

Processor optimization removal or modification of security-critical code for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Input validation

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service...

Remote code execution

Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

Privilege escalation

Windows ALPC Elevation of Privilege Vulnerability...

Design/Logic Flaw

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries...

Code injection

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges...

Remote code execution

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

Remote code execution

Windows Network File System Remote Code Execution Vulnerability...

Deserialization of untrusted data

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

Race condition

In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290...

Remote code execution

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution...

Design/Logic Flaw

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

Path traversal

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

Heap overflow

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563...

Design/Logic Flaw

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

Privilege escalation

Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition,...

Design/Logic Flaw

A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible...

Spoofing

Microsoft Exchange Server Spoofing Vulnerability...