206363 matches found
CVE-2021-33574
The mqnotify function in the GNU C Library aka glibc has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly unspecified other impact...
CVE-2024-0056
A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...
CVE-2022-25883
A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...
CVE-2023-31607
An issue in the libcmalloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2023-1998
It was found that the Linux Kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The kernel failed to protect applications that attempted to protect against Spectre v2 leaving them open to attack from other processes...
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
CVE-2023-22462
A flaw was found in the Grafana core plugin, "Text." The vulnerability was possible due to React's render cycle that will pass through unsanitized HTML code. However, the HTML is cleaned and saved in Grafana's database in the next cycle. An attacker needs the Editor role in changing a Text panel ...
CVE-2022-38473
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions such as microphone or camera access...
CVE-2022-27666
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. Mitigation The given exploit needs...
CVE-2022-25636
An out-of-bounds OOB memory access flaw was found in nftfwddupnetdevoffload in net/netfilter/nfdupnetdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-boun...
CVE-2021-4122
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that...
CVE-2021-4133
A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. Mitigation Access to the user-creation functionality in the...
CVE-2021-21703
php-fpm has a vulnerability which may lead to local privilege escalation. This vulnerability is hard to exploit as the attack needs to escape the FPM sandbox mechanism. When a complete attack is achieved it may lead to risk for confidentiality, data integrity, and system availability...
CVE-2021-3655
A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. Mitigation As the SCTP module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following...
CVE-2021-31535
A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate via injection of control characters, or potentially execute arbitrary code with permissions of the application compiled with libX1...
CVE-2018-16844
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...
CVE-2016-6662
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
CVE-2024-3096
A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...
CVE-2024-21490
An Inefficient Regular Expression Complexity vulnerability was found in NodeJS Angular. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking, leading to denial of service. Mitigation Mitigation for this issue is either n...
CVE-2024-0727
A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the "type" is a valid value, which can lead to a null dereference error that may cause a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options don'...
CVE-2023-45857
A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securi...
CVE-2023-32081
A flaw was found in the Vert.X Stomp server. The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame and replied with a successful CONNECTED frame. A malicious user can connect and then create or receive unauthorized content...
CVE-2023-25139
A vulnerability was found in glibc. When the printf family of functions is called with a format specifier that uses an apostrophe enable grouping and a minimum width specifier, the resulting output could be larger than reasonably expected by a caller that computed a tight bound on the buffer size...
CVE-2022-23708
A flaw was found in the upgrade assistant for Elasticsearch. When upgrading from version 6.x to 7.x, the built-in protections on the security index are disabled, allowing authenticated users to access the index...
CVE-2021-26341
A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches...
CVE-2021-38604
A flaw was found in the GNU C library glibc, where the sysdeps/unix/sysv/linux/mqnotify.c function mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. The highest threat from this vulnerability is to system availability...
CVE-2021-3635
A flaw was found in the Linux kernel netfilter implementation. A user with root CAPSYSADMIN access is able to panic the system when issuing netfilter netflow commands Mitigation Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product...
CVE-2021-28170
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...
CVE-2021-23337
A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables...
CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
CVE-2024-33655
A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the...
CVE-2024-24828
An incorrect default permissions vulnerability was found in pkg. This issue allows an attacker who has access to the /tmp/pkg/ on the local system to replace the genuine executables in the shared directory with malicious executables of the same name...
CVE-2023-46136
A resource consumption flaw was found in python-werkzeug. If a specially crafted file is uploaded by a remote attacker, it may cause a denial of service...
CVE-2023-35945
A flaw was found in Envoy, where a specifically crafted response from an untrusted upstream service can cause a denial of service through memory exhaustion. This issue is caused by Envoyās HTTP/2 codec, which may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately,...
CVE-2022-40674
A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XMLResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags,...
CVE-2022-23711
A flaw was found in Kibana that could result in an attacker exposing sensitive information related to Elastic Stack monitoring in the Kibana page source, if a user has set the optional monitoring.ui.elasticsearch. settings. This could result in a loss of confidentiality and integrity...
CVE-2021-22570
A flaw was found in protobuf. The vulnerability occurs due to incorrect parsing of a NULL character in the proto symbol and leads to a Null pointer dereference. This flaw allows an attacker to execute unauthorized code or commands, read memory, modify memory...
CVE-2019-10202
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...
CVE-2017-7679
A buffer over-read flaw was found in the httpds modmime module. A user permitted to modify httpds MIME configuration could use this flaw to cause httpd child process to crash...
CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
CVE-2022-4137
A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...
CVE-2022-3592
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks...
CVE-2022-3515
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...
CVE-2022-31130
A flaw was found in Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user's authentication token, which could be used by an attacker...
CVE-2022-35278
A security vulnerability was found in ActiveMQ Artemis. This flaw allows an attacker to show malicious content and redirect users to a malicious URL in the web console by using HTML in the name of an address or queue...
CVE-2022-21127
A flaw was found in hw. Incomplete cleanup in specific special register read operations for some IntelĀ® Processors may allow an authenticated user to enable information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available options don...
CVE-2022-1966
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate...
CVE-2022-24868
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...
CVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security...
CVE-2021-22940
A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit memory corruption to change process behavior. The highest threat from this vulnerability is to confidentiality and integrity...