206363 matches found
CVE-2024-39894
A flaw was found in OpenSSH. A logic error in the SSH ObscureKeystrokeTiming feature on by default rendered this feature ineffective. A passive observer could still detect which network packets contained real keystrokes when the countermeasure was active because fake and real keystroke packets we...
CVE-2024-5585
In PHP, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments tha...
CVE-2024-29025
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
CVE-2024-23451
An incorrect authorization flaw was found in the API key based security model for Remote Cluster Security in the elasticsearch package. A malicious user with a valid API key can leverage this issue to gain access to read any documents from any index in the remote cluster, exposing possible...
CVE-2024-27307
A vulnerability was found in JSONata. A malicious expression can exploit the transform operator to override properties on the Object constructor and prototype. This issue can result in denial of service, remote code execution, or other unforeseen behavior in applications that assess user-provided...
CVE-2024-25111
A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, an...
CVE-2023-31419
A flaw was found in Elasticsearch. This issue affects the search API that allowed a specially crafted query string to cause a stack overflow and, ultimately, a denial of service...
CVE-2023-42753
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...
CVE-2023-4208
There are 3 CVEs for the use-after-free flaw found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. A local user could use any of these flaws to crash the system or potentially escalate their privileges on the system...
CVE-2023-3347
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...
CVE-2023-1582
A race problem was found in fs/proc/taskmmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. Mitigation This flaw can be mitigated by disabling THP on the system. How to disable THP ?...
CVE-2023-0662
A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker...
CVE-2022-3924
A flaw was found in Bind. When resolver receives many queries requiring recursion, there will be a corresponding increase in the number of clients waiting for recursion to complete. This may, under certain conditions, lead to an assertion failure and a denial of service. Mitigation Disabling...
CVE-2023-0179
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Mitigation This flaw can be mitigated by...
CVE-2022-31008
A flaw was found in RabbitMQ. The shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. In certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable dat...
CVE-2022-41849
A use-after-free flaw was found in the Linux kernel’s video fbdev driver. This flaw allows a local user with physical access to crash the system...
CVE-2022-2598
A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not...
CVE-2021-42581
A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application...
CVE-2022-21479
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2020-36518
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
CVE-2022-0708
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure...
CVE-2022-25182
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...
CVE-2022-0512
An authorization bypass vulnerability was found in nodes-url-parse. This flaw allows a remote attacker with a basic user account to evade hostname verification by inserting the at symbol "@" at the end of the password field. This issue can allow entry to systems designed to block remote access an...
CVE-2022-0585
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file...
CVE-2021-20323
A flaw has been found in Keycloak. The clients-registrations endpoint allows execution of javascript code on the client-side, which makes it vulnerable to a Cross-Site Scripting attack...
CVE-2021-3996
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...
CVE-2022-22739
The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...
CVE-2021-29657
A flaw was found in the Linux kernel. A KVM guest on AMD can launch a nested guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nestedsvmvmrun. A malicious guest could use this flaw to gain unrestricted access to host MSRs, possibly leading to guest-to-host esca...
CVE-2021-3653
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...
CVE-2021-35477
A flaw in the Linux kernel allows a privileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel in the eBPF subsystem Mitigation The default Red Hat Enterprise Linux kernel setting prevents unprivileged users from being able to use eBPF vi...
CVE-2021-3659
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. Mitigation To...
CVE-2021-3654
A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...
CVE-2021-35516
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' Seven...
CVE-2021-22119
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
CVE-2021-3575
A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG...
CVE-2021-22898
A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text...
CVE-2021-28375
An issue was discovered in the Linux kernel. Fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages. This is a related issue to CVE-2019-2308. Mitigation Mitigation for this issue is either not available or the currently available optio...
CVE-2020-14583
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
CVE-2020-8165
A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...
CVE-2019-6977
gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...
CVE-2019-15126
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...
CVE-2024-1597
A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value. Mitigation Do not use the connection...
CVE-2024-24557
A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a 'FROM scratch' in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulle...
CVE-2023-7192
A memory leak problem was found in ctnetlinkcreateconntrack in net/netfilter/nfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow. Mitigation Triggering this issue requires th...
CVE-2023-6931
A flaw was found in the Linux kernel's Performance Events system component. A condition can be triggered that allows data to be written past the end or before the beginning of the intended memory buffer. This may lead to a system crash, code execution, or local privilege escalation. Mitigation It...
CVE-2023-36049
A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease...
CVE-2023-45142
A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server's memory by sending many malicious requests, affecting the availability. Mitigation As a workaround to stop being affected otelhttp.WithFilter can be used...
CVE-2023-5129
This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863...
CVE-2023-2163
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape. Mitigation The default Red Hat Enterprise Linux kernel...
CVE-2023-2422
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...