204485 matches found
CVE-2022-42889
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
CVE-2023-38408
A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...
CVE-2023-48795
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack. Mitigation No current mitigation is yet available for this vulnerability...
CVE-2019-11358
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...
CVE-2022-2526
A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...
CVE-2021-41091
A file permissions vulnerability was found in the Moby Docker Engine. The Moby data directory usually /var/lib/docker contains subdirectories with insufficiently restricted permissions, allowing unprivileged Linux users to traverse directory contents and execute programs. When the running contain...
CVE-2021-23017
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...
CVE-2020-15778
A flaw was found in the scp program shipped with the openssh-clients package. An attacker having the ability to scp files to a remote server, could execute arbitrary commands on the remote server by including the command as a part of the filename being copied on the server. This command is run wi...
CVE-2022-34171
In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...
CVE-2024-2961
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...
CVE-2022-37454
A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic...
CVE-2022-31813
A flaw was found in the modproxy module of httpd. The server may remove the X-Forwarded- headers from a request based on the client-side Connection header hop-by-hop mechanism. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...
CVE-2023-44444
A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process. Mitigation Mitigation for this...
CVE-2023-51767
An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit. Mitigation Mitigation for this issue is either not available or...
CVE-2023-1017
An out-of-bounds write vulnerability was found in the TPM 2.0's Module Library, which allows the writing of 2-byte data after the end of the TPM command. This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope...
CVE-2017-15095
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...
CVE-2024-2408
The RSA decryption implementation using PKCS1 v1.5 padding in OpenSSL is vulnerable to a timing side-channel attack known as the Marvin Attack. This vulnerability arises because the execution time of the opensslprivatedecrypt function in PHP with OpenSSL varies based on whether a valid message is...
CVE-2024-1086
A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nftverdictinit function, allowing positive values as a drop error within the hook verdict, therefore, the nfhookslow function can cause a double-free vulnerability when NFDROP is issued with a drop error tha...
CVE-2020-15261
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users both students and teachers usually don't have...
CVE-2022-34478
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of the ms-msdt, search, and search-ms protocols delivering content to Microsoft applications and bypassing the browser when a user accepts a prompt. These applications have had known vulnerabilities, exploit...
CVE-2023-20860
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...
CVE-2020-11023
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
CVE-2021-26691
A heap overflow flaw was found In Apache httpd modsession. The highest threat from this vulnerability is to system availability. Mitigation Only configurations which use the "SessionEnv" directive which is not widely used are vulnerable to this flaw. SessionEnv is not enabled in default...
CVE-2022-31676
A flaw was found in open-vm-tools. A malicious actor with local non-administrative access to the guest operating system can escalate privileges as a root user in the virtual machine. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red...
CVE-2022-2588
A use-after-free flaw was found in route4change in the net/sched/clsroute.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem. Mitigation Mitigation for this issue is either not available or the...
CVE-2024-32002
A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of...
CVE-2023-51385
A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters. Mitigation Mitigation for this issue is either not available or the...
CVE-2024-5535
A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...
CVE-2020-11984
A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
CVE-2021-43798
A directory path traversal vulnerability was found in Grafana. This flaw allows an attacker to obtain read access to the local files due to a lack of path normalization in the /public/plugins// URL...
CVE-2023-5678
A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the R...
CVE-2020-14145
A flaw was found in OpenSSH in versions 5.7 through 8.3, where an Observable Discrepancy occurs and leads to an information leak in the algorithm negotiation. This flaw allows a man-in-the-middle attacker to target initial connection attempts, where there is no host key for the server that has be...
CVE-2023-25136
A flaw was found in the OpenSSH server sshd, which introduced a double-free vulnerability during options.kexalgorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration...
CVE-2022-22968
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...
CVE-2022-36883
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...
CVE-2022-1292
A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...
CVE-2024-34069
A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...
CVE-2022-25762
A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be plac...
CVE-2021-21974
A heap overflow vulnerability was found in OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG. This flaw allows a malicious actor residing within the same network segment as ESXi, who has access to port 427, to trigger the heap...
CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...
CVE-2022-48174
A vulnerability was found in the BusyBox package. This issue occurs via a stack overflow vulnerability in ash.c in BusyBox, which may allow arbitrary code execution. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...
CVE-2021-44790
A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability. Mitigation Disabling modlua and...
CVE-2022-3602
A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash when trying to process the malicious certificate...
CVE-2022-2959
A race condition was found in the Linux kernel's watch queue due to a missing lock in the piperesizering. The race condition occurs when a thread uses ioctlIOCWATCHQUEUESETSIZE to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl to trigger a notification in th...
CVE-2017-15129
A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function getnetnsbyid does not check for the net::count value after it has found a peer network in netnsids idr which could lead to double free and memory...
CVE-2019-19066
A flaw was found in the Linux kernel. The bfadimgetstats function mishandles resource cleanup on error. A local attacker, able to induce the error conditions, could use this flaw to crash the system. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for...
CVE-2022-22950
A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...