206363 matches found
CVE-2022-23990
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
CVE-2022-0330
A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Mitigation Mitigation for this issue is either not...
CVE-2022-23302
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests. Mitigation These...
CVE-2022-22738
The Mozilla Foundation Security Advisory describes this flaw as: Applying a CSS filter effect could have accessed out-of-bounds memory. This could have led to a heap-buffer-overflow, causing a potentially exploitable crash...
CVE-2021-3903
vim is vulnerable to Heap-based Buffer Overflow Mitigation Do not run untrusted vim scripts with -s scriptin as it is never safe to do so...
CVE-2021-23161
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...
CVE-2021-38512
An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling aka HRS can occur, potentially leading to credential disclosure...
CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...
CVE-2021-3582
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMACMDCREATEMR" command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this...
CVE-2021-33620
An input validation flaw was found in Squid. This issue could allow a remote server to perform a denial of service against all clients using the proxy when delivering HTTP response messages. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue...
CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...
CVE-2020-12351
A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP Logical Link Control and Adaptation Protocol packets with A2MP Alternate MAC-PHY Manager Protocol CID Channel Identifier. This flaw allows a remote attacker in an adjacent range to crash the system, causing a...
CVE-2019-8331
A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...
CVE-2024-7264
A flaw was found in libcurl, where libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the time fraction, leading to a strlen performed on a pointer to a heap...
CVE-2023-52425
A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service. Mitigation Mitigation for this issue ...
CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...
CVE-2023-45287
A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...
CVE-2023-43804
A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...
CVE-2023-32360
A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach. Mitigation The user can either set 'PreserveJobFiles No' in cupsd.conf which will completely shut off the saving the job files,...
CVE-2023-2255
A vulnerability was found in LibreOffice. Improper access control in the editor components of The Document Foundation in LibreOffice allows an attacker to craft a document that causes external links to load without a prompt. In the affected versions of LibreOffice documents that used "floating...
CVE-2023-24056
A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconftupleparse. This issue may lead to a buffer overflow, which can crash the software...
CVE-2022-30632
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...
CVE-2022-34305
A flaw was found in the Apache Tomcat package. An example web application did not filter the form authentication example, exposing a Cross-site scripting XSS vulnerability...
CVE-2022-1629
A flaw was found in vim, where it is vulnerable to a buffer over-read in the findnextquote function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim...
CVE-2022-27404
A heap buffer overflow flaw was found in Freetype’s sfntinitface function in the sfobjs.c file. The vulnerability occurs when creating a face with a strange file and invalid index. This flaw allows an attacker to read a small amount of memory, causing the application to crash...
CVE-2022-28388
A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system. Mitigation To mitigate this issue, prevent module usb8dev from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a...
CVE-2021-33150
Hardware allows activation of test or debug logic at runtime for some IntelR Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
CVE-2021-45486
An information leak flaw was found in the Linux kernel’s IPv4 implementation in the iprtinit in net/ipv4/route.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information. Mitigation Mitigation for this issue is either not available or th...
CVE-2021-4125
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. Mitigation Please follow the Mitigation advice for the original CVEs...
CVE-2021-35578
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker...
CVE-2021-36160
An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently available...
CVE-2021-3703
CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed for Serverless 1.16.0 and Serverless client kn 1.16.0...
CVE-2020-24742
Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution...
CVE-2021-35517
A flaw was found in apache-commons-compress. When reading a specially crafted TAR archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' TAR...
CVE-2021-21704
Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before...
CVE-2021-35042
A flaw was found in django. Unsanitized user input passed to QuerySet.orderby could bypass intended column reference validation in path marked for deprecation resulting in a potential SQL injection even if a deprecation warning is emitted. The highest threat from this vulnerability is to data...
CVE-2021-23210
A floating point exception divide-by-zero issue was discovered in SoX in functon readsamples of voc.c file. An attacker with a crafted file, could cause an application to crash...
CVE-2020-18442
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzipfileread" in the function "unzzipcatfile"...
CVE-2020-26560
An impersonation attack vulnerability was found in the Linux kernel’s Bluetooth Mesh Profile implementation. The Mesh Provisioning procedure has a flaw that allows an attacker without knowledge of the AuthValue to spoof a provisioned device and use crafted responses that appear to possess the...
CVE-2018-2562
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...
CVE-2019-6470
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...
CVE-2023-6597
A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link. Mitigation Mitigatio...
CVE-2024-26581
A flaw was found in the Linux kernel’s Netfilter subsystem. This issue occurs in the nftsetrbtree. rbtree lazy gc on insert, which might collect an end interval element just added in a transaction and skip the end interval elements not yet active. Mitigation 1. This flaw can be mitigated by...
CVE-2023-1932
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...
CVE-2024-23851
A vulnerability was found in copyparams in drivers/md/dm-ioctl.c in the Linux kernel, where it can attempt to allocate more than INTMAX bytes and crash due to a missing paramkernel-datasize check. This issue is related to ctlioctl...
CVE-2023-6879
A heap-based buffer overflow vulnerability was found in AOM. When increasing the resolution of video frames during a multi-threaded encode, a heap overflow may occur in av1looprestorationdealloc within threadcommon.c, leading to a denial of service or unauthorized reading of memory. Mitigation...
CVE-2023-5717
A flaw was found in the Linux kernel's Performance Events system component. A condition can be triggered that allows data to be written past the end or before the beginning of the intended memory buffer. This issue may lead to a system crash, code execution, or local privilege escalation...