206363 matches found
CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly. Mitigation...
CVE-2020-26559
A flaw was found in the Linux kernel’s Bluetooth Mesh Profile implementation. The Mesh Provisioning procedure has a vulnerability that allows an attacker that was provisioned without access to the AuthValue to identify the AuthValue directly, without brute-forcing its value. Even when a randomly...
CVE-2019-9511
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
CVE-2020-1472
A flaw was found in the Microsoft Windows Netlogon Remote Protocol MS-NRPC, where it reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obta...
CVE-2018-7184
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service disruption by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the mos...
CVE-2024-41817
A flaw was found in ImageMagick. The 'AppImage' version of ImageMagick, when executed with an empty path in the MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables, can load malicious configuration files or shared libraries in the current directory, resulting in arbitrary code execution...
CVE-2024-22262
A flaw was found in the Spring Framework. Applications that use UriComponentsBuilder to parse an externally provided URL, for example, through a query parameter, and perform validation checks on the host of the parsed URL may be vulnerable to an open redirect attack or an SSRF attack if the URL i...
CVE-2023-6546
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...
CVE-2023-20900
An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...
CVE-2023-3676
A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes...
CVE-2023-2124
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2023-0767
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
CVE-2023-0240
A logic error was found in the iouring subsystem of the Linux kernel. This issue occurs due to an incorrect assumption that the last iograbidentity call could not return false in the ioprepasyncwork function, leading to reference counting issues and a use-after-free issue. This could allow a loca...
CVE-2022-31692
A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules...
CVE-2022-3550
A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service...
CVE-2022-1798
An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files like /etc/passwd, for example in a KubeVirt VM as a disk device that can be written to and read from...
CVE-2016-4658
A use-after-free flaw was found in the Xpointer implementation of libxml2. An attacker could use this flaw against an application parsing untrusted XML files and compiled with libxml2 to leak small amount of memory data. Mitigation Mitigation for this issue is either not available or the currentl...
CVE-2024-1442
A flaw was found in Grafana, where setting the Grafana API Data Source UID to '' Grants Unrestricted Access, grants a user the ability to set the UID to '' via the Grafana API poses a severe security risk. This issue enables unauthorized access to read, query, edit, and delete all data sources...
CVE-2024-21626
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
CVE-2023-6246
A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...
CVE-2023-23583
A security vulnerability was found in some Intel processors. Execution of REP MOVSB instructions with a redundant REX prefix may result in execution continuing at an incorrect EIP address after a micro-architectural event occurs, potentially allowing privilege escalation, information disclosure...
CVE-2022-40433
A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::makeblockat function in OpenJDK HotSpot VM 8 11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively, and may allow an attacker to cause a denial of service. Mitigation Mitigation for this issue is either not...
CVE-2023-4585
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
CVE-2023-28709
A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service...
CVE-2023-31617
An issue in the dksetdelete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2023-28856
A vulnerability was found in Redis. This flaw allows authenticated users to use the HINCRBYFLOAT command to create an invalid hash field that may crash Redis on access...
CVE-2023-0664
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. Mitigation Mitigation for this issue is either not available or the...
CVE-2022-48285
A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...
CVE-2022-2962
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its MMIO address. This issue can cause the device to trigger MMIO handlers multiple times,...
CVE-2022-2817
A use-after-free vulnerability was found in Vim in the stringquote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into...
CVE-2022-32214
A vulnerability was found in NodeJS due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. This issue can lead to HTTP Request Smuggling HRS. This flaw allows an attacker to send a specially crafted HTTP request to the server and smuggle arbitra...
CVE-2022-31627
A vulnerability was found in php. This issue occurs due to memory corruption in the finfobuffer function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor to execute a heap buffer overflow successfully, causing a memory crash...
CVE-2022-0995
An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. Mitigation Mitigation for this...
CVE-2022-23960
A new cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, was found in hw. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influence mispredicted branches within t...
CVE-2020-36516
A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack MITM performs an IP fragmentation attack and an IPID collision. This flaw allows a remote user to pretend to be the sender of the TCP/IP packet for an existing TCP/IP session...
CVE-2021-35603
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...
CVE-2021-32719
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper...
CVE-2021-20198
A flaw was found in the OpenShift Installer. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated /exec...
CVE-2021-23926
A flaw was found when parsing XML files using XMLBeans 2.6.0 or below. The underlying parser created by XMLBeans could be susceptible to XML External Entity XXE attacks. The highest threat from this vulnerability is to confidentiality and system availability. Mitigation Affected users are advised...
CVE-2024-34459
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...
CVE-2024-34447
A flaw was found in Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to a use of incorrectly-resolved name or reference issue when resolving domain names over an SSL socket that was created without an explicit hostname, such as in the HttpsURLConnection...
CVE-2023-46846
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...
CVE-2022-3424
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment function. This flaw allows a local user to crash or potentially escalate their privileges on the...
CVE-2022-1972
CVE-2022-1972 is duplicate of CVE-2022-2078, so please consider CVE-2022-2078 instead. https://access.redhat.com/security/cve/CVE-2022-2078...
CVE-2020-2163
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers...
CVE-2022-21227
A vulnerability was found in sqlite3. The flaw occurs due to a segmentation fault of an invalid toString object. Users experience a fatal error when supplying a specific object in the parameter array due to this issue...
CVE-2021-42114
A Rowhammer flaw was found in the latest DDR4 DRAM hardware chips. This flaw is different from the previously known attack CVE-2020-10255 by non-uniform patterns of memory access. These DDR4 DRAM hardware chips implement a Target Row Refresh TRR mitigation to prevent a Rowhammer flaw-induced bit...
CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...
CVE-2021-30641
A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity. Mitigation This issue can be mitigated by setting the "MergeSlashes" directive to OFF...
CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...