206341 matches found
CVE-2021-20302
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability...
CVE-2021-29060
A Regular Expression Denial of Service ReDOS vulnerability was found in Color-String, which occurs when the application is provided and checks a crafted invalid HWB string. The highest threat from this vulnerability is to system availability...
CVE-2021-33624
A flaw was found in the Linux kernel's BPF subsystem, where protection against speculative execution attacks Spectre mitigation can be bypassed. The highest threat from this vulnerability is to confidentiality. Mitigation The default Red Hat Enterprise Linux kernel setting prevents unprivileged...
CVE-2021-3575
A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG...
CVE-2021-28375
An issue was discovered in the Linux kernel. Fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages. This is a related issue to CVE-2019-2308. Mitigation Mitigation for this issue is either not available or the currently available optio...
CVE-2020-1968
A flaw was found in openssl in versions 1.0.2 to 1.0.2w. A Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in th...
CVE-2020-14583
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
CVE-2019-20838
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. Mitigation Do not use more than one fixed quantifier with \R or \X with UTF disabled in PCRE or PCRE2, as these are the...
CVE-2020-8165
A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...
CVE-2019-15126
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...
CVE-2019-16370
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...
CVE-2017-5638
A flaw was reported in Apache Struts 2 that could allow an attacker to perform remote code execution with a malicious Content-Type value...
CVE-2023-52920
In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction jump history to record instructions that performed register spill/fill to/from stack, regardless if this was done through read-only r10...
CVE-2024-4367
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...
CVE-2023-52628
An out-of-bounds write flaw was found in the Linux kernel’s Netfilter functionality. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation In order to trigger the issue, it requires the ability to create user/net namespaces. On non-containerized...
CVE-2024-25744
A flaw was found in the Linux kernel. A VMM can inject external interrupts on any arbitrary vector at any time, which may allow the guest OS to be manipulated from the VMM side. Mitigation This vulnerability can be mitigated by disabling 32-bit emulation by default for TDX and SEV. The user can...
CVE-2024-24557
A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a 'FROM scratch' in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulle...
CVE-2023-7192
A memory leak problem was found in ctnetlinkcreateconntrack in net/netfilter/nfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow. Mitigation Triggering this issue requires th...
CVE-2023-32314
A flaw was found in the vm2 sandbox. When a host object is created based on the specification of Proxy, an attacker can bypass the sandbox protections. This may allow an attacker to run remote code execution on the host running the sandbox. This vulnerability impacts the confidentiality, integrit...
CVE-2023-2176
A vulnerability was found in comparenetdevandip in drivers/infiniband/core/cma.c in RDMA in the Linux kernel. An improper cleanup results in an out-of-boundary read. This flaw allows a local user to crash or escalate privileges on the system. Mitigation Mitigation for this issue is either not...
CVE-2022-36760
A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...
CVE-2022-37026
A Client Authentication Bypass was found in Erlang/OTP. This issue occurs in certain client-certification situations for SSL, TLS, and DTLS...
CVE-2022-1364
No description is available for this CVE...
CVE-2022-29599
A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...
CVE-2022-21496
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
CVE-2021-31805
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...
CVE-2022-1055
A use-after-free vulnerability was found in the tcnewtfilter function in net/sched/clsapi.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation. Mitigation On non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user...
CVE-2020-36518
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
CVE-2022-22620
A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a use-after-free error and leading to the execution of arbitrary cod...
CVE-2021-4044
A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. An internal error was not correctly validated causing application crashes or invalid application behavior...
CVE-2021-4112
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. Mitigation Red Hat has investigated whether possible...
CVE-2021-43267
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system. Mitigation The TIPC module wi...
CVE-2021-20321
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options...
CVE-2021-3814
A flaw was found in 3scale's API docs, where it does not validate the access token. In the case of an invalid token, it uses session auth instead. This issue possibly bypasses access controls and permits unauthorized information disclosure...
CVE-2021-39258
The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-29988
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...
CVE-2021-38185
A flaw was found in cpio. An integer overflow that triggers an out-of-bounds heap write can allow an attacker to execute arbitrary code via a crafted pattern file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2021-35043
A flaw was found in AnitSamy, where it allows a Cross-site Scripting attack XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This issue was demonstrated by a javascript: URL with : as the replacement for the : character. The highest threat from this vulnerabili...
CVE-2021-3652
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...
CVE-2021-36087
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmapmatchany called indirectly from cilcheckneverallow. This occurs because there is sometimes a lack of checks for invalid statements in an optional block...
CVE-2021-23159
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsxreadwbuf in formatsi.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash...
CVE-2020-17541
A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. The highest threat from this vulnerability is to data...
CVE-2021-33571
A flaw was found in django. Leading zeros in octal literals aren't prohibited in IP addresses. If you used such values you could suffer from indeterminate SSRF, RFI, and LFI attacks. The highest threat from this vulnerability is to data integrity. Mitigation Mitigation for this issue is either no...
CVE-2019-11477
An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented. Each fragment is about TCP maximum segment size MSS...
CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...
CVE-2012-6708
jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...
CVE-2018-12699
finishstab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump...
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. Mitigation This issue only affects the users of scp binary which...
CVE-2024-47535
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...
CVE-2024-4436
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...