206305 matches found
CVE-2020-15436
A use-after-free flaw was observed in blkdevget, in fs/blockdev.c after a call to blkdevget fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue. Mitigation Mitigation for this...
CVE-2020-8695
A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem. Mitigation Until a firmwar...
CVE-2020-9490
A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability. Mitigation Configuring the HTTP/2...
CVE-2019-13990
The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...
CVE-2025-32777
Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the scheduler. This is a privilege...
CVE-2024-35195
An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...
CVE-2024-22201
A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...
CVE-2022-48622
A flaw was found in GNOME's GdkPixbuf library, a library used to load image data in various formats used by GDK for handling graphical assets. This issue occurs when loading a crafted ANI animated cursor file file, which may lead to a heap based out-of-bounds write, causing memory corruption. Whe...
CVE-2023-24023
A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live...
CVE-2023-47108
A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system. Mitigation As a...
CVE-2023-4574
The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...
CVE-2023-4563
A use-after-free flaw was found in the nftables sub-component due to a race problem between the set GC and transaction in the Linux Kernel. This flaw allows a local attacker to crash the system due to a missing call to nftsetelemmarkbusy, causing double deactivation of the element and possibly...
CVE-2023-3893
A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes running kubernetes-csi-proxy to escalate to admin privileges on those nodes...
CVE-2022-40898
An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...
CVE-2021-46795
A Time-of-check to time-of-use TOCTOU vulnerability exists in hw. This flaw allows an attacker to use a compromised BIOS to cause the trusted execution environment TEE operating system to read memory out-of-bounds, potentially resulting in a denial of service. Mitigation Please contact AMD for mo...
CVE-2018-11769
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
CVE-2021-26910
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation...
CVE-2022-21451
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2022-27376
A use-after-free flaw was found in Maria DB. The MariaDB Server contains a use-after-free in the component, Itemargs::walkarg, which is exploited via specially crafted SQL statements, affecting availability...
CVE-2022-29589
Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username...
CVE-2022-21703
A Cross-site request forgery CSRF vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, editors or admins. An attacker can exploit this vulnerability for...
CVE-2021-23566
A flaw was found in the nanoid library where the valueOf function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information...
CVE-2021-35565
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...
CVE-2021-3682
A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash ...
CVE-2021-3664
An input validation flaw was found in the nodejs url-parse library, which incorrectly parses a URL that contains backslashes. This flaw allows an attacker to specify a relative URL and cause the browser to redirect to a malicious website. The highest threat from this vulnerability is to integrity...
CVE-2021-3648
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate is a reservation duplicate of CVE-2021-3530. Notes: All CVE users should reference CVE-2021-3530 instead of this...
CVE-2021-32690
A vulnerability was discovered in Helm, which could allow credentials associated with one Helm repository to be leaked to another repository referenced by the first one. In order to exploit this vulnerability, an attacker would need to control a repository trusted by the configuration of the targ...
CVE-2021-3631
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...
CVE-2021-30465
The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...
CVE-2019-14899
A flaw was found in openvpn. A malicous access point or adjacent user can determine if a connected user is using a VPN by making positive inferences about the websites they are visiting, and determining the correct sequence and acknowledgement numbers in use, which allows the attacker to inject...
CVE-2017-18214
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...
CVE-2024-34750
A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...
CVE-2024-5585
In PHP, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments tha...
CVE-2024-29025
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
CVE-2024-25111
A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, an...
CVE-2023-42282
A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic function by inducing a Server-Side Request Forgery SSRF attack and obtaining access to normally inaccessible resources. Mitigation...
CVE-2023-46809
A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...
CVE-2023-31419
A flaw was found in Elasticsearch. This issue affects the search API that allowed a specially crafted query string to cause a stack overflow and, ultimately, a denial of service...
CVE-2023-2727
A flaw was found in Kubernetes, where users may be able to launch containers using images restricted by the ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. Mitigation...
CVE-2022-3510
A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbag...
CVE-2023-0179
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Mitigation This flaw can be mitigated by...
CVE-2022-41849
A use-after-free flaw was found in the Linux kernel’s video fbdev driver. This flaw allows a local user with physical access to crash the system...
CVE-2022-2598
A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not...
CVE-2021-42581
A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application...
CVE-2022-28391
An escape sequence injection attack was found in BusyBox on Alpine. For this issue to occur, a remote host's virtual terminal must contain an escape sequence, and the victim must then execute netstat. This flaw allows an attacker can inject arbitrary code, leading to a loss of integrity...
CVE-2022-0494
A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege CAPSYSADMIN or CAPSYSRAWIO to create issues with confidentiality. Mitigation Mitigation for this issue is either...
CVE-2021-39713
A use-after-free flaw was found in the Linux kernel’s network scheduling subsystem due to a race condition. This flaw allows a local user to cause a denial of service memory corruption or crash or privilege escalation. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2022-0708
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure...
CVE-2022-23645
An out-of-bounds read vulnerability was found in swtpm. The vulnerability exists due to a boundary condition when the byte array representing the state of the TPM is accessed. This flaw allows an attacker to send a specially crafted header, triggering an out-of-bounds read access on the byte arra...
CVE-2022-22942
A use-after-free flaw was found in the Linux kernel’s vmwexecbufcopyfenceuser function in drivers/gpu/drm/vmwgfx/vmwgfxexecbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem. Mitigation Mitigation for this issue is to skip loading the...