206363 matches found
CVE-2021-35515
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allows the mounting of a denial of service attack against services that use Compress' SevenZ package...
CVE-2021-32723
A flaw was found in npm-prismjs. An attacker can craft a string that will take a very long time to highlight when used to work with un-trusted text resulting in ReDoS. This can affect the system availability. There is no known risk of privilege escalation on data compromise. Mitigation As a...
CVE-2021-36085
The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...
CVE-2021-34427
A flaw was found in eclipse-birt. An attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2021-33203
A flaw was found in django. Staff members could use the :mod:django.contrib.admindocs TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been customized by the developers to also expose the file contents, then not...
CVE-2021-3569
A stack corruption bug was found in libtpms while decrypting data using RSA. This flaw could result in a SIGBUS bad memory access and termination of swtpm. The highest threat from this vulnerability is to system availability...
CVE-2021-22897
A flaw was found in curl where libcurl lets applications specify which specific TLS ciphers to use in transfers, using the option called CURLOPTSSLCIPHERLIST. The cipher selection is used for the TLS negotiation when a transfer is done involving any of the TLS based transfer protocols libcurl...
CVE-2020-26145
A flaw was found in ath10khttrxprocrxfragindhl in drivers/net/wireless/ath/ath10k/httrx.c in the Linux kernel WiFi implementations, where it accepts a second or subsequent broadcast fragments even when sent in plaintext and then process them as full unfragmented frames. The highest threat from th...
CVE-2020-15999
A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file. Mitigation Red Hat has investigate...
CVE-2020-14298
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the...
CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 Mitigation Previous...
CVE-2019-10161
It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...
CVE-2024-21312
A vulnerability was found in .NET due to insufficient validation of user-supplied input in the .NET Framework. This flaw allows a remote attacker to pass specially crafted input to the application and perform a denial of service DoS attack...
CVE-2023-7104
A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur. Mitigation Mitigation for this issue is either not available or...
CVE-2023-38546
A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met...
CVE-2023-3961
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
CVE-2020-22218
A flaw was found in the libssh2 library. An out-of-bounds access issue can occur due to an improper initialization of a variable, resulting in a crash in the application linked to the library...
CVE-2023-0594
A flaw was found in the grafana package. This flaw allows a malicious user with the ability to introduce trace data to provide a JavaScript that changes the password for the user viewing the trace view this could be an admin to a known password, thus gaining access to the admin account. Mitigatio...
CVE-2022-37601
A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution...
CVE-2022-3061
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error...
CVE-2022-24436
A potential vulnerability in some Intel® processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Mitigation Currently, there is no mitigation for this flaw. Intel has provided some guidance to developers of...
CVE-2022-29217
A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signing algorithm, leading to key confusion through non-blocklisted public key formats...
CVE-2020-10672
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2022-29526
A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...
CVE-2021-21290
In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the...
CVE-2021-33198
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...
CVE-2018-25032
An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...
CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being...
CVE-2021-44142
An out-of-bounds heap read write vulnerability was found in Samba. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module vfsfruit, a remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and...
CVE-2021-42694
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human...
CVE-2021-41864
An out-of-bounds OOB memory write flaw was found in preallocelemsandfreelist in kernel/bpf/stackmap.c in the bpf in the Linux kernel. In this flaw, the multiplication to calculate the size could lead to an integer overflow which could allow a local attacker, with a special user privilege, to gain...
CVE-2021-3521
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
CVE-2021-3611
A stack overflow vulnerability was found in the Intel HD Audio device intel-hda of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. Mitigation...
CVE-2021-3589
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2021-29964
A locally-installed hostile program could send WMCOPYDATA messages that Firefox would process incorrectly, leading to an out-of-bounds read. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Thunderbird 78.11, Firefox 89, and Firefox ESR...
CVE-2020-15436
A use-after-free flaw was observed in blkdevget, in fs/blockdev.c after a call to blkdevget fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue. Mitigation Mitigation for this...
CVE-2020-8695
A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem. Mitigation Until a firmwar...
CVE-2020-13935
A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...
CVE-2018-20679
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components consumed by the DHCP server, client, and relay allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcpgetoption in...
CVE-2016-6515
It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords...
CVE-2024-35195
An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...
CVE-2024-24990
A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a use-after-free condition, causing a worker process to crash, leading to a denial of service...
CVE-2023-24023
A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live...
CVE-2023-47108
A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system. Mitigation As a...
CVE-2023-34062
A flaw was found in the Reactor Netty HTTP Server. If the server is configured to serve static resources, an attacker can use a specially crafted URL that may allow unauthorized access to privileged data on the server...
CVE-2023-4574
The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...
CVE-2023-4563
A use-after-free flaw was found in the nftables sub-component due to a race problem between the set GC and transaction in the Linux Kernel. This flaw allows a local attacker to crash the system due to a missing call to nftsetelemmarkbusy, causing double deactivation of the element and possibly...
CVE-2023-3893
A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes running kubernetes-csi-proxy to escalate to admin privileges on those nodes...