206407 matches found
CVE-2022-32212
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...
CVE-2021-44224
There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...
CVE-2021-32610
In ArchiveTar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193...
CVE-2021-32640
A flaw was found in nodejs-ws. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. Mitigation In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the...
CVE-2018-7489
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...
CVE-2024-36387
A flaw was found in the Apache HTTP Server. Serving WebSocket protocol upgrades over an HTTP/2 connection could result in a NULL pointer dereference, leading to a crash of the server process. Mitigation Mitigation for this issue is either not available or the currently available options do not me...
CVE-2023-50387
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled. Mitigation Mitigation for this issue is...
CVE-2023-3609
A double-free flaw was found in u32setparms in net/sched/clsu32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat. Mitigation To mitigate this issue,...
CVE-2023-35001
An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...
CVE-2022-38900
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service...
CVE-2022-45412
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...
CVE-2022-41741
A vulnerability was found in NGINX's module, ngxhttpmp4module. This flaw allows a local attacker to corrupt NGINX worker memory, resulting in its termination using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module when the mp4 directive is...
CVE-2022-25845
A flaw was found in com.alibaba:fastjson, a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Mitigation Users who can not...
CVE-2022-1869
No description is available for this CVE...
CVE-2022-0005
A flaw was found in hw. Sensitive information accessible by physical probing of the JTAG interface for some IntelR Processors with SGX may allow an unprivileged user to disclose information via physical access. Mitigation Mitigation for this issue is either not available or the currently availabl...
CVE-2022-26148
A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in apijsonrpc.php to...
CVE-2021-4160
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...
CVE-2022-23437
A flaw was found in the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition...
CVE-2021-22931
A flaw was found in Node.js. These vulnerabilities include remote code execution, Cross-site scripting XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames leading to Domai...
CVE-2021-22144
A flaw was found in Elasticsearch. An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. This flaw allows a user who can submit arbitrary queries to Elasticsearch to create a malicious Grok query that crashes the...
CVE-2021-32761
A flaw was found in Redis. Issuing the BITFIELD command on a 32-bit version of Redis may result in an integer wrap around allowing an attacker to crash the service or perform remote code execution. The highest threat from this vulnerability is to the data confidentiality, integrity, and service...
CVE-2019-20444
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...
CVE-2019-14841
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console...
CVE-2021-33844
A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted wav file, could cause an application to crash...
CVE-2017-7657
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...
CVE-2022-48672
In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflattendtnodes Commit 78c44d910d3e "drivers/of: Fix depth when unflattening devicetree" forgot to fix up the depth check in the loop body in unflattendtnodes which makes it possible to overflow...
CVE-2023-25775
An improper access control flaw was found in the IntelR Ethernet Controller RDMA driver in the Linux Kernel. This flaw allows an unauthenticated user to enable privilege escalation via network access. Mitigation Mitigation for this issue is either not available or the currently available options...
CVE-2023-1206
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6...
CVE-2023-27561
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...
CVE-2022-32250
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nftablesapi.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. Mitigation In order to trigger the issue, it requires the ability to create user/net...
CVE-2020-13671
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...
CVE-2022-26353
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage, use-after-free or other unexpected results. A malicious privileged guest could exploit...
CVE-2022-26381
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...
CVE-2021-43824
A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter saferegex match...
CVE-2021-21707
A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality...
CVE-2021-35567
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attack...
CVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...
CVE-2021-29986
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and...
CVE-2021-3660
Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...
CVE-2021-30547
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...
CVE-2020-15522
A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...
CVE-2021-28651
An input validation flaw was found in Squid. This issue could allow a malicious server in collaboration with a trusted client to consume arbitrarily large amounts of memory on the server running Squid. The highest threat from this vulnerability is to system availability. Mitigation If possible,...
CVE-2021-31916
An out-of-bounds OOB memory write flaw was found in listdevices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel. A bound check failure allows an attacker with special user CAPSYSADMIN privilege to gain access to out-of-bounds memory leading to a system crash, a leak...
CVE-2020-26217
A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application...
CVE-2020-13434
An integer overflow flaw was found in the SQLite implementation of the printf function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service...
CVE-2016-10009
It was found that ssh-agent could load PKCS11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running...
CVE-2024-42154
A vulnerability was found in the Linux kernel's tcpmetrics.c, where insufficient validation of the length of the source address for TCP metrics could lead to incorrect memory read out of boundary read. Mitigation Mitigation for this issue is either not available or the currently available options...
CVE-2022-48670
A security vulnerability was identified in the Linux kernel's PECI Platform Environment Control Interface subsystem, specifically within the CPU driver. The issue arises from a use-after-free condition in the adevrelease function...
CVE-2022-45146
A flaw was found in the FIPS Java API of Bouncy Castle BC-FJA. Affected versions of this package are vulnerable to Improper Authentication. Changes to the JVM garbage collector in Java 13 and later can trigger an issue in the BC-FJA FIPS modules, where it is possible for temporary keys used by th...
CVE-2023-6531
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on. Mitigation Mitigation for this issue is either not available or the currently available options don't...