206321 matches found
CVE-2023-0767
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
CVE-2022-39377
An arithmetic overflow issue was discovered in Sysstat on 32-bit systems. The allocatestructures function in sacommon.c insufficiently checks bounds before arithmetic multiplication, allowing an overflow in the size allocated for the buffer representing system activities. The vulnerability can be...
CVE-2022-42928
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...
CVE-2022-42968
A flaw was found in Gitea. The self-hosted Git service does not sanitize and escape refs in the git backend. This issue could allow an attacker to craft arguments for the git commands, which will be mishandled...
CVE-2022-1798
An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files like /etc/passwd, for example in a KubeVirt VM as a disk device that can be written to and read from...
CVE-2022-23712
A flaw was found in Elasticsearch. This flaw allows an unauthenticated attacker to forcibly shut down an Elasticsearch node with a specifically formatted network request, affecting system availability...
CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly. Mitigation...
CVE-2018-7184
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service disruption by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the mos...
CVE-2024-41817
A flaw was found in ImageMagick. The 'AppImage' version of ImageMagick, when executed with an empty path in the MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables, can load malicious configuration files or shared libraries in the current directory, resulting in arbitrary code execution...
CVE-2023-6246
A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...
CVE-2023-6546
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...
CVE-2022-40433
A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::makeblockat function in OpenJDK HotSpot VM 8 11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively, and may allow an attacker to cause a denial of service. Mitigation Mitigation for this issue is either not...
CVE-2023-20900
An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...
CVE-2023-3676
A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes...
CVE-2023-2124
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2023-0664
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. Mitigation Mitigation for this issue is either not available or the...
CVE-2023-0240
A logic error was found in the iouring subsystem of the Linux kernel. This issue occurs due to an incorrect assumption that the last iograbidentity call could not return false in the ioprepasyncwork function, leading to reference counting issues and a use-after-free issue. This could allow a loca...
CVE-2022-48285
A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...
CVE-2022-31692
A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules...
CVE-2022-3550
A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service...
CVE-2022-2962
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its MMIO address. This issue can cause the device to trigger MMIO handlers multiple times,...
CVE-2022-0995
An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. Mitigation Mitigation for this...
CVE-2022-23960
A new cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, was found in hw. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influence mispredicted branches within t...
CVE-2020-36516
A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack MITM performs an IP fragmentation attack and an IPID collision. This flaw allows a remote user to pretend to be the sender of the TCP/IP packet for an existing TCP/IP session...
CVE-2021-35603
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...
CVE-2021-20198
A flaw was found in the OpenShift Installer. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated /exec...
CVE-2021-23926
A flaw was found when parsing XML files using XMLBeans 2.6.0 or below. The underlying parser created by XMLBeans could be susceptible to XML External Entity XXE attacks. The highest threat from this vulnerability is to confidentiality and system availability. Mitigation Affected users are advised...
CVE-2024-1442
A flaw was found in Grafana, where setting the Grafana API Data Source UID to '' Grants Unrestricted Access, grants a user the ability to set the UID to '' via the Grafana API poses a severe security risk. This issue enables unauthorized access to read, query, edit, and delete all data sources...
CVE-2024-21626
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
CVE-2023-23583
A security vulnerability was found in some Intel processors. Execution of REP MOVSB instructions with a redundant REX prefix may result in execution continuing at an incorrect EIP address after a micro-architectural event occurs, potentially allowing privilege escalation, information disclosure...
CVE-2023-46846
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...
CVE-2023-4585
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
CVE-2023-28709
A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service...
CVE-2023-31617
An issue in the dksetdelete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2023-28856
A vulnerability was found in Redis. This flaw allows authenticated users to use the HINCRBYFLOAT command to create an invalid hash field that may crash Redis on access...
CVE-2022-2817
A use-after-free vulnerability was found in Vim in the stringquote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into...
CVE-2022-32214
A vulnerability was found in NodeJS due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. This issue can lead to HTTP Request Smuggling HRS. This flaw allows an attacker to send a specially crafted HTTP request to the server and smuggle arbitra...
CVE-2021-42114
A Rowhammer flaw was found in the latest DDR4 DRAM hardware chips. This flaw is different from the previously known attack CVE-2020-10255 by non-uniform patterns of memory access. These DDR4 DRAM hardware chips implement a Target Row Refresh TRR mitigation to prevent a Rowhammer flaw-induced bit...
CVE-2021-32719
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper...
CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...
CVE-2021-23841
The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...
CVE-2016-4658
A use-after-free flaw was found in the Xpointer implementation of libxml2. An attacker could use this flaw against an application parsing untrusted XML files and compiled with libxml2 to leak small amount of memory data. Mitigation Mitigation for this issue is either not available or the currentl...
CVE-2024-34459
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...
CVE-2024-34447
A flaw was found in Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to a use of incorrectly-resolved name or reference issue when resolving domain names over an SSL socket that was created without an explicit hostname, such as in the HttpsURLConnection...
CVE-2023-47100
A flaw was found in Perl due to improper handling of the property name by the Sparseunipropstring function in regcomp.c. This issue could allow an attacker to to bypass security restrictions and use a specially crafted regular expression input to write to unallocated space...
CVE-2023-40029
A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the kubectl apply functionality, resulting in the full secret body being stored in kubectl.kubernetes.io/last-applied-configuration annotation. Since ArgoCD has included t...
CVE-2022-3424
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment function. This flaw allows a local user to crash or potentially escalate their privileges on the...
CVE-2022-31627
A vulnerability was found in php. This issue occurs due to memory corruption in the finfobuffer function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor to execute a heap buffer overflow successfully, causing a memory crash...
CVE-2020-2163
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers...
CVE-2022-21227
A vulnerability was found in sqlite3. The flaw occurs due to a segmentation fault of an invalid toString object. Users experience a fatal error when supplying a specific object in the parameter array due to this issue...