206279 matches found
CVE-2022-22950
A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...
CVE-2024-38476
A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not be...
CVE-2021-22600
A double-free flaw was found in the Linux kernel’s packet protocol subsystem in the way a user call triggers the packetsetring function of the net/packet/afpacket.c. This flaw allows a local user to crash or escalate their privileges on the system. Mitigation Only users with access to the AFPACKE...
CVE-2024-0646
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To...
CVE-2022-32221
A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT request which us...
CVE-2018-15919
OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system. Mitigation If GSSAPI Authentication...
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...
CVE-2022-24785
A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...
CVE-2024-4577
A flaw was found in PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. When using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use the "Best-Fit" behavior to replace characters in the command line given to Win32 API functions...
CVE-2023-32731
A flaw was found in gRPC. This flaw allows a remote attacker to obtain sensitive information, caused by a flaw when the gRPC HTTP2 stack raised a header size exceeded error. By sending a specially crafted request, an attacker can obtain sensitive information, and use this information to launch...
CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
CVE-2021-41617
A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherite...
CVE-2022-21449
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...
CVE-2021-26690
A NULL pointer dereference was found in Apache httpd modsession. The highest threat from this vulnerability is to system availability. Mitigation Only configurations which use the "SessionEnv" directive which is not widely used are vulnerable to this flaw. SessionEnv is not enabled in default...
CVE-2023-32233
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...
CVE-2023-0286
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
CVE-2023-5685
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service DoS. Mitigation There is currently no mitigation available for...
CVE-2022-4361
Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...
CVE-2024-45801
A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks. Mitigation Mitigation for this issue is either not available or the...
CVE-2022-25857
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
CVE-2022-22753
The Mozilla Foundation Security Advisory describes this flaw as: A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access. This bug only affects...
CVE-2020-13938
A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability...
CVE-2025-43853
The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...
CVE-2020-7746
A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution...
CVE-2023-2650
A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when...
CVE-2022-21515
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
CVE-2023-51384
A flaw was found in OpenSSH. When specifying destination constraints while adding PKCS11-hosted private keys, the constraints only apply to the first key even in cases where the token returns multiple keys. Mitigation Mitigation for this issue is either not available or the currently available...
CVE-2021-45046
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...
CVE-2021-22902
A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible Denial of Service vulnerability was found in the Mime type parser of Action Dispatch...
CVE-2022-3621
A flaw was found in the NILFS2 file system implementation in the Linux kernel. If the imode field in inode of the metadata files is corrupted on the disk, it can cause the initialization of the bmap structure not being called, resulting in a NULL pointer dereference at nilfsbmaplookupatlevel. A...
CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader...
CVE-2019-17571
A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget. Mitigation Please note that the Log4j upstream strongly recommends...
CVE-2023-29483
The dnspython stub resolver is vulnerable to a denial of service DoS risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another...
CVE-2022-2078
A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2021-44228
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint. Mitigation For Log4j versions =2.10 set the system property...
CVE-2021-42013
A path traversal and remote code execution flaw was found in Apache HTTP Server 2.4.49 and 2.4.50. A remote attacker could use this flaw to map URLs to files outside the expected document root. Additionally, this flaw could leak the source of interpreted files like CGI scripts. If files outside o...
CVE-2023-34058
A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...
CVE-2023-34981
A flaw was found in Tomcat. If a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent, resulting in at least one AJP based proxy modproxyajp using the response headers from the previous request for the current request, leading to an information leak. The informatio...
CVE-2022-0185
A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...
CVE-2024-21484
A flaw was found in jsrsasign, which is vulnerable to an observable discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. This flaw allows an attacker to decrypt ciphertexts. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted wit...
CVE-2021-41184
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...
CVE-2020-24588
A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. This can cause the frame to pass checks and be considered a valid frame of a different type. Mitigation...
CVE-2023-4863
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...
CVE-2024-23672
A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...
CVE-2022-41903
A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...
CVE-2023-45648
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...
CVE-2022-29078
A Command injection attack was found in ejs Embedded JavaScript templates for Node.js, which allows an attacker to execute server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary ...
CVE-2024-2201
A flaw was found in some Intel CPUs where mitigations for the Spectre V2/BHI vulnerability were incomplete. This issue may allow an attacker to read arbitrary memory, compromising system integrity and exposing sensitive information. Mitigation Mitigation for this issue is either not available or...
CVE-2017-16995
An arbitrary memory r/w access issue was found in the Linux kernel compiled with the eBPF bpf2 system call CONFIGBPFSYSCALL support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this...
CVE-2022-29970
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served. Mitigation Disable the static option which will disable the publicdir option. With th...