206341 matches found
CVE-2023-24056
A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconftupleparse. This issue may lead to a buffer overflow, which can crash the software...
CVE-2022-31684
A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled...
CVE-2021-33656
An out-of-bounds write flaw was found in the Linux kernel’s console driver functionality in the way a user triggers the ioctl PIOFONT with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation Mitigation for this issue is either...
CVE-2021-30563
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-10683
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...
CVE-2022-28388
A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system. Mitigation To mitigate this issue, prevent module usb8dev from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a...
CVE-2022-0001
A flaw was found in hw. The Branch History Injection BHI describes a specific form of intra-mode BTI. This flaw allows an unprivileged attacker to manipulate the branch history before transitioning to supervisor or VMX root mode. This issue is an effort to cause an indirect branch predictor to...
CVE-2021-23820
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays...
CVE-2022-0330
A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Mitigation Mitigation for this issue is either not...
CVE-2022-23302
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests. Mitigation These...
CVE-2022-22738
The Mozilla Foundation Security Advisory describes this flaw as: Applying a CSS filter effect could have accessed out-of-bounds memory. This could have led to a heap-buffer-overflow, causing a potentially exploitable crash...
CVE-2021-4125
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. Mitigation Please follow the Mitigation advice for the original CVEs...
CVE-2021-3903
vim is vulnerable to Heap-based Buffer Overflow Mitigation Do not run untrusted vim scripts with -s scriptin as it is never safe to do so...
CVE-2021-35578
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker...
CVE-2021-23161
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...
CVE-2020-24742
Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution...
CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...
CVE-2021-35042
A flaw was found in django. Unsanitized user input passed to QuerySet.orderby could bypass intended column reference validation in path marked for deprecation resulting in a potential SQL injection even if a deprecation warning is emitted. The highest threat from this vulnerability is to data...
CVE-2021-33620
An input validation flaw was found in Squid. This issue could allow a remote server to perform a denial of service against all clients using the proxy when delivering HTTP response messages. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue...
CVE-2020-26560
An impersonation attack vulnerability was found in the Linux kernel’s Bluetooth Mesh Profile implementation. The Mesh Provisioning procedure has a flaw that allows an attacker without knowledge of the AuthValue to spoof a provisioned device and use crafted responses that appear to possess the...
CVE-2019-8331
A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...
CVE-2019-6470
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...
CVE-2024-26581
A flaw was found in the Linux kernel’s Netfilter subsystem. This issue occurs in the nftsetrbtree. rbtree lazy gc on insert, which might collect an end interval element just added in a transaction and skip the end interval elements not yet active. Mitigation 1. This flaw can be mitigated by...
CVE-2023-1932
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...
CVE-2023-52425
A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service. Mitigation Mitigation for this issue ...
CVE-2023-6879
A heap-based buffer overflow vulnerability was found in AOM. When increasing the resolution of video frames during a multi-threaded encode, a heap overflow may occur in av1looprestorationdealloc within threadcommon.c, leading to a denial of service or unauthorized reading of memory. Mitigation...
CVE-2023-45287
A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...
CVE-2023-31122
A flaw was found in the modmacro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash. Mitigation Disabling modmacro and restarting httpd or making sure the macros used are smaller than the required...
CVE-2023-43804
A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...
CVE-2023-41993
A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution...
CVE-2023-32360
A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach. Mitigation The user can either set 'PreserveJobFiles No' in cupsd.conf which will completely shut off the saving the job files,...
CVE-2023-1387
A flaw was found in Grafana. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue when enabling the "urllogin" configuration option. By sending a specially crafted request, an attacker can obtain JWT information and use this to launch further attack...
CVE-2023-0614
A vulnerability was found in Samba. Confidential attribute disclosure via LDAP filters is insufficient, which may allow an attacker to obtain confidential BitLocker recovery keys from a Samba AD DC...
CVE-2023-1076
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and get unauthorized access to some resources. Mitigation To mitigate this issue, prevent modules tap and tun from being loaded. Please see...
CVE-2022-25881
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
CVE-2022-4087
A vulnerability was found in ipxe. This issue affects the tlsnewciphertext function in the src/net/tls.c file of the TLS component. The manipulation of the padlen argument leads to information exposure due to discrepancy...
CVE-2022-30632
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...
CVE-2022-31105
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OpenID Connect OIDC...
CVE-2022-34305
A flaw was found in the Apache Tomcat package. An example web application did not filter the form authentication example, exposing a Cross-site scripting XSS vulnerability...
CVE-2022-2208
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...
CVE-2018-7711
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...
CVE-2022-22978
A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...
CVE-2022-1629
A flaw was found in vim, where it is vulnerable to a buffer over-read in the findnextquote function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim...
CVE-2021-40346
Proxy server haproxy has a flaw that can could allow an HTTP request smuggling attack with the goal of bypassing access-control list rules defined by haproxy. The attack was made possible by utilizing an integer overflow vulnerability that allowed reaching an unexpected state in haproxy while...
CVE-2021-25745
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...
CVE-2022-27404
A heap buffer overflow flaw was found in Freetype’s sfntinitface function in the sfobjs.c file. The vulnerability occurs when creating a face with a strange file and invalid index. This flaw allows an attacker to read a small amount of memory, causing the application to crash...
CVE-2022-1204
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system...
CVE-2021-33150
Hardware allows activation of test or debug logic at runtime for some IntelR Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...