Design/Logic Flaw

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hcievent.c has a slab out-of-bounds read in hciextendedinquiryresultevt, aka CID-51c19bf3d5cf...

Design/Logic Flaw

Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Out-of-bounds

The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e "bpf: Fix...

Information disclosure

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

Heap overflow

A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vfedgedetect.c in gaussianblur, which might lead to memory corruption and other potential consequences...

Design/Logic Flaw

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Buffer overflow

A flaw was found in OpenJPEG’s encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

Integer overflow

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. The...

Design/Logic Flaw

Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

Race condition

A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctpdestroysock is called without socknetsk-sctp.addrwqlock then an element is removed from the...

Hardcoded credentials

Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled...

Privilege escalation

Win32k Elevation of Privilege Vulnerability...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection...

Authentication flaw

VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful...

Design/Logic Flaw

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

Default configuration

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

Security feature bypass

Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participan...

Design/Logic Flaw

Adobe Creative Cloud Desktop Application version 5.3 and earlier is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction...

Heap overflow

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

Privilege escalation

Windows Win32k Elevation of Privilege Vulnerability...

Server side request forgery (ssrf)

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

Heap overflow

Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Integer overflow

Integer overflow in the firmware for some IntelR Graphics Drivers for Windows before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access...

Design/Logic Flaw

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

Command injection

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

Cross site request forgery (csrf)

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

Security feature bypass

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne...

Race condition

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

Design/Logic Flaw

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Us...

Design/Logic Flaw

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

Null pointer dereference

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability...

Code injection

GNOME gdk-pixbuf aka GdkPixbuf before 2.42.2 allows a denial of service infinite loop in lzw.c in the function writeindexes. if c-selfcode equals 10, self-codetable10.extends will assign the value 11 to c. The next execution in the loop will assign self-codetable11.extends to c, which will give t...

Design/Logic Flaw

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

Design/Logic Flaw

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further increase their privileges to...

Code injection

The iconv function in the GNU C Library aka glibc or libc6 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service...

Privilege escalation

VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...

Code injection

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu and potentially derivatives this could be be chained with an additional issue that could allow a local user to create a new privileged...

Server side request forgery (ssrf)

Axios NPM package 0.21.0 contains a Server-Side Request Forgery SSRF vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address...

Heap overflow

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement...

Privilege escalation

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub...

Denial of service

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate of events to dom0, aka CID-e99502f76271...

Design/Logic Flaw

Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Solaris. Successful attacks require human interaction...

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...