206341 matches found
CVE-2024-32962
A flaw was found in xml-crypto, where the default configuration lacks authorization checks for signers, only checking the signature's validity. This flaw allows malicious actors to pass a manipulated XML payload to instances of xml-crypto. By re-signing an XML document with a malicious private ke...
CVE-2024-27316
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...
CVE-2022-48565
A flaw was found in Python caused by improper handling of XML external entity XXE declarations by the plistlib module. By using a specially crafted XML content, an attacker could obtain sensitive information by disclosing files specified by parsing URI, and may cause denial of service by resource...
CVE-2023-41081
A vulnerability was found in Apache Tomcat Connectors modjk. Affected versions of this package are vulnerable to information exposure in the modjk component. This flaw allows an attacker to exploit the implicit mapping functionality, resulting in the unintended exposure of the status worker and...
CVE-2022-48065
A memory leak vulnerability was found in GNU Binutils, particularly in the function findabstractinstance in dwarf2.c. This flaw could be exploited by an attacker who provides a specially crafted input, potentially leading to a denial of service condition due to the continuous consumption of memor...
CVE-2023-33008
A flaw was found in Apache Johnzon. This issue could allow an attacker to craft a specific JSON input that Johnzon will deserialize into a BigDecimal, which Johnzon may use to start converting large numbers, resulting in a denial of service...
CVE-2022-36129
A flaw was found in HashiCorp Vault Enterprise which could allow a remote attacker to bypass security restrictions. This issue is caused by the failure to verify existing voter status when joining an Integrated Storage HA Node. By sending a specially crafted request, an attacker could override th...
CVE-2023-0620
A flaw was found in HashiCorp Vault and Vault Enterprise, which are vulnerable to SQL injection. This flaw allows a local authenticated attacker to send specially-crafted SQL statements to the Microsoft SQL MSSQL Database Storage Backend, which could allow the attacker to view, add, modify, or...
CVE-2023-28466
A use-after-free flaw was found in the dotlsgetsockopt function in net/tls/tlsmain.c in the Transport Layer Security TLS in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition. Mitigation This flaw can be...
CVE-2022-41724
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...
CVE-2022-2196
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...
CVE-2023-0044
A flaw was found in Quarkus. If the Quarkus Form Authentication session cookie Path attribute is set to /, then a cross-site attack may be initiated, which might lead to information disclosure. Mitigation This attack can be prevented with the Quarkus CSRF Prevention feature...
CVE-2022-4378
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation A possible workaround is preventing regular users from...
CVE-2022-43402
A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...
CVE-2022-36109
A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup...
CVE-2022-21540
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...
CVE-2022-23825
A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...
CVE-2022-32206
A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...
CVE-2022-29162
A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...
CVE-2022-0667
An assertion check flaw was found in BIND, with a refactoration of recursive client code that introduced a "backstop lifetime timer." While BIND processes a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has time...
CVE-2022-27223
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access...
CVE-2022-23633
A flaw was found in the Rack middleware package of RubyGems, where response bodies will not close under certain circumstances. This flaw allows an attacker to iterate requests to force ActionDispatch::Executor to not close, allowing subsequent requests to leak data from...
CVE-2022-21702
A Cross-site scripting XSS vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting...
CVE-2021-25939
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and...
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. The highest threat from this vulnerability is to availability, confidentiality and integrity...
CVE-2022-21291
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...
CVE-2021-1048
A use-after-free flaw was found in Linux kernel's eploopcheckproc in fs/eventpoll.c function in the filesystem. This flaw could allow an attacker to crash the system while polling for a file that is already committed to destruction. This vulnerability could lead to a kernel information leak and a...
CVE-2021-41174
A cross-site scripting XSS vulnerability in grafana allows an attacker to execute arbitrary JavaScript code in the browser of a victim user. An attacker may send a link referencing a page where the victim is unauthenticated and contains the login button and including interpolation binding...
CVE-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...
CVE-2017-5715
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
CVE-2021-32760
A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set...
CVE-2021-34552
A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the "convert" or "ImagingConvertTransparent" functions in Convert.c. The highest threat to this vulnerability is to system availability. ...
CVE-2021-3636
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificate...
CVE-2021-32740
A resource-consumption vulnerability was found in rubygem addressable, where its URI template implementation could allow an attacker's crafted template to consume resources, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Mitigation Create...
CVE-2021-33515
It was found that dovecot could still accept plaintext commands while the STARTTLS negotiation process is ongoing. This could allow an active person in the middle, with valid credentials on dovecot, to, for example, steal confidential data such as the client's emails and passwords...
CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...
CVE-2021-33560
A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. This flaw allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for example, when using OpenPGP. The highest threat from this vulnerability is to confidentiality...
CVE-2021-32923
A flaw was found in the HashiCorp Vault and Vault Enterprise. The vault could allow a remote attacker to bypass security restrictions caused by a renewal logic flaw when a token lease or dynamic secret lease was renewed inside the last second of its maximum TTL. By sending a specially crafted...
CVE-2021-3564
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2021-23386
Remote memory exposure vulnerability was found in nodejs dns-packet library. The buffers created with allocUnsafe are not always filled before forming the network packets and an attacker can use this vulnerability to potentially get access to internal application memory over non encrypted network...
CVE-2021-32027
A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
CVE-2020-26140
A vulnerability was found in Linux kernel. Where the WiFi implementations accept plaintext frames in a protected WiFi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. Mitigation Mitigation for this issue is either not available or the...
CVE-2021-27219
An integer wraparound was discovered in glib due to passing a 64 bit sized value to function gmemdup which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses gbytesnew function or possibly other functions that use gmemdup...
CVE-2020-29652
A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the gssapi-with-mic authentication method and cause the server to panic...
CVE-2020-12062
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...
CVE-2017-14491
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code...
CVE-2017-18342
In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...
CVE-2017-13080
A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a group k...
CVE-2016-1000343
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...
CVE-2017-16944
The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...