206363 matches found
CVE-2023-0264
A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issu...
CVE-2023-25193
A vulnerability was found HarfBuzz. This flaw allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
CVE-2022-1925
A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using HEADERSTRIP decompression. This vulnerability can result in application crash, memory corruption, and code execution...
CVE-2022-21556
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2022-29800
A time-of-check-time-of-use TOCTOU race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a specific time between discovering and running the script. This flaw allows an attacker to replace scripts that networkd-dispatcher believes to be owned by root wit...
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
CVE-2021-20182
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as...
CVE-2021-29509
A flaw was found in rubygem-puma. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections...
CVE-2025-24813
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...
CVE-2024-22233
A flaw was found in the Spring Framework. This issue may allow a remote user to provide specially crafted HTTP requests, leading the application to a Denial of Service DoS. An application may be considered vulnerable if it meets the both conditions: The application uses Spring MVC and Spring...
CVE-2023-46847
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication...
CVE-2022-25315
An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the mbuffer expansion logic to allow allocations very close to INTMAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution. Mitigation There is no known...
CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...
CVE-2021-35942
An integer overflow flaw was found in glibc that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input. Mitigation Do not use untrusted regular expression input for the wordexp function...
CVE-2018-1000861
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...
CVE-2024-22243
A vulnerability was discovered in Spring Framework. Under certain conditions, an attacker might be able to trigger an open redirect. This issue can simplify the process of conducting a phishing attack against users of the deployment. Mitigation Mitigation for this issue is either not available or...
CVE-2023-30571
A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archivewritediskheader on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can...
CVE-2023-0567
A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid...
CVE-2022-2978
A use-after-free flaw was found in the Linux kernel’s NILFS file system in the way a user triggers the securityinodealloc function to fail with the following call to the nilfsmdtdestroy function. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2022-38476
The Mozilla Foundation Security Advisory describes this flaw as: A data race could occur in the PK11ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password...
CVE-2022-0516
A vulnerability was found in kvms390guestsidaop in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. Mitigation As the kvm.ko kernel module will be auto-loaded when...
CVE-2021-43527
A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...
CVE-2021-38153
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
CVE-2024-3596
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
CVE-2024-38428
A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials. Mitigation Make sure to not add semicolons in the userinfo subcomponent of a URI...
CVE-2023-38709
A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting. Mitigation Mitigation for this issue is either not available or t...
CVE-2023-36665
A flaw was found in the protobuf.js. The affected versions of protobuf.js could allow a remote attacker to execute arbitrary code on the system caused by prototype pollution. By sending a specially crafted message, an attacker can execute arbitrary code on the system...
CVE-2022-4304
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...
CVE-2023-0266
A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...
CVE-2022-37603
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service ReDoS, affecting the availability of the affected component...
CVE-2021-27862
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion and optionally VLAN0 headers...
CVE-2022-37035
A flaw was found in bgpd in FRRouting FRR. There is a possible use-after-free issue due to a race condition in bgpnotifysendwithdata and bgpprocesspacket in bgppacket.c. This issue can lead to remote code execution or information disclosure by sending crafted BGP packets...
CVE-2021-22573
A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...
CVE-2021-21708
A flaw was found in PHP. The vulnerability occurs due to the malformed phpfilterfloat function and leads to a use-after-free vulnerability. This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault...
CVE-2022-22590
A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system...
CVE-2021-3602
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment,...
CVE-2019-11500
A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2024-1753
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
CVE-2023-45802
A flaw was found in modhttp2. When a HTTP/2 stream is reset RST frame by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connectio...
CVE-2023-5217
A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a w...
CVE-2022-21626
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
CVE-2021-38297
A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM WebAssembly Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang. Mitigation Mitigation for this issu...
CVE-2021-3635
A flaw was found in the Linux kernel netfilter implementation. A user with root CAPSYSADMIN access is able to panic the system when issuing netfilter netflow commands Mitigation Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product...
CVE-2021-3567
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability...
CVE-2023-33202
A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service DoS issue within the org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsi...
CVE-2023-38039
A flaw was found in the Curl package. Curl allows a malicious server to stream an endless series of headers to a client due to missing limit on header quantity, eventually causing curl to run out of heap memory, which may lead to a crash...
CVE-2023-4732
A flaw was found in pfnswapentrytopage in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmdt x. Mitigation A possible workaround is disabling Transparent Hugepage...
CVE-2023-31607
An issue in the libcmalloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2023-32081
A flaw was found in the Vert.X Stomp server. The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame and replied with a successful CONNECTED frame. A malicious user can connect and then create or receive unauthorized content...
CVE-2023-2731
A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...