206321 matches found
CVE-2021-29509
A flaw was found in rubygem-puma. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections...
CVE-2025-24813
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...
CVE-2023-4015
A use-after-free flaw was found in the Linux kernel's netfilter: nftables component, which can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nftimmediatedeactivate can unbind the chain and objects can be...
CVE-2023-4513
A denial of service vulnerability was found in Wireshark due to a memory leak in the Bluetooth SDP dissector. This issue may allow a remote attacker to induce a crash in Wireshark by injecting a malformed packet onto the wire or persuading someone to read a corrupted packet trace file...
CVE-2023-27522
An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client. Mitigation Mitigation for this issue is either not available...
CVE-2023-0264
A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issu...
CVE-2023-25193
A vulnerability was found HarfBuzz. This flaw allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
CVE-2022-1925
A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using HEADERSTRIP decompression. This vulnerability can result in application crash, memory corruption, and code execution...
CVE-2022-29800
A time-of-check-time-of-use TOCTOU race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a specific time between discovering and running the script. This flaw allows an attacker to replace scripts that networkd-dispatcher believes to be owned by root wit...
CVE-2023-30571
A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archivewritediskheader on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can...
CVE-2023-0567
A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid...
CVE-2022-25315
An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the mbuffer expansion logic to allow allocations very close to INTMAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution. Mitigation There is no known...
CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...
CVE-2021-35942
An integer overflow flaw was found in glibc that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input. Mitigation Do not use untrusted regular expression input for the wordexp function...
CVE-2018-1000861
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...
CVE-2023-38709
A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting. Mitigation Mitigation for this issue is either not available or t...
CVE-2024-22243
A vulnerability was discovered in Spring Framework. Under certain conditions, an attacker might be able to trigger an open redirect. This issue can simplify the process of conducting a phishing attack against users of the deployment. Mitigation Mitigation for this issue is either not available or...
CVE-2024-22233
A flaw was found in the Spring Framework. This issue may allow a remote user to provide specially crafted HTTP requests, leading the application to a Denial of Service DoS. An application may be considered vulnerable if it meets the both conditions: The application uses Spring MVC and Spring...
CVE-2023-46847
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication...
CVE-2023-0266
A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...
CVE-2021-27862
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion and optionally VLAN0 headers...
CVE-2022-2978
A use-after-free flaw was found in the Linux kernel’s NILFS file system in the way a user triggers the securityinodealloc function to fail with the following call to the nilfsmdtdestroy function. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2022-38476
The Mozilla Foundation Security Advisory describes this flaw as: A data race could occur in the PK11ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password...
CVE-2021-22573
A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...
CVE-2022-0516
A vulnerability was found in kvms390guestsidaop in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. Mitigation As the kvm.ko kernel module will be auto-loaded when...
CVE-2021-43527
A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...
CVE-2021-38153
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
CVE-2019-11500
A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2024-3596
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
CVE-2024-38428
A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials. Mitigation Make sure to not add semicolons in the userinfo subcomponent of a URI...
CVE-2023-45802
A flaw was found in modhttp2. When a HTTP/2 stream is reset RST frame by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connectio...
CVE-2023-36665
A flaw was found in the protobuf.js. The affected versions of protobuf.js could allow a remote attacker to execute arbitrary code on the system caused by prototype pollution. By sending a specially crafted message, an attacker can execute arbitrary code on the system...
CVE-2022-4304
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...
CVE-2022-37603
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service ReDoS, affecting the availability of the affected component...
CVE-2022-37035
A flaw was found in bgpd in FRRouting FRR. There is a possible use-after-free issue due to a race condition in bgpnotifysendwithdata and bgpprocesspacket in bgppacket.c. This issue can lead to remote code execution or information disclosure by sending crafted BGP packets...
CVE-2021-21708
A flaw was found in PHP. The vulnerability occurs due to the malformed phpfilterfloat function and leads to a use-after-free vulnerability. This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault...
CVE-2022-22590
A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system...
CVE-2021-38297
A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM WebAssembly Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang. Mitigation Mitigation for this issu...
CVE-2021-3602
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment,...
CVE-2021-3567
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability...
CVE-2024-1753
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
CVE-2023-33202
A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service DoS issue within the org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsi...
CVE-2023-5217
A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a w...
CVE-2023-4732
A flaw was found in pfnswapentrytopage in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmdt x. Mitigation A possible workaround is disabling Transparent Hugepage...
CVE-2023-2731
A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...
CVE-2022-3638
A flaw was found in NGINX. There is a possible memory leak in ngxresolver.c, which can affect service availability...
CVE-2022-21626
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
CVE-2022-3324
A stack-based buffer overflow vulnerability was found in Vim's winredrruler function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers th...
CVE-2024-0056
A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...
CVE-2023-38039
A flaw was found in the Curl package. Curl allows a malicious server to stream an endless series of headers to a client due to missing limit on header quantity, eventually causing curl to run out of heap memory, which may lead to a crash...