206363 matches found
CVE-2021-1048
A use-after-free flaw was found in Linux kernel's eploopcheckproc in fs/eventpoll.c function in the filesystem. This flaw could allow an attacker to crash the system while polling for a file that is already committed to destruction. This vulnerability could lead to a kernel information leak and a...
CVE-2021-41174
A cross-site scripting XSS vulnerability in grafana allows an attacker to execute arbitrary JavaScript code in the browser of a victim user. An attacker may send a link referencing a page where the victim is unauthenticated and contains the login button and including interpolation binding...
CVE-2021-3814
A flaw was found in 3scale's API docs, where it does not validate the access token. In the case of an invalid token, it uses session auth instead. This issue possibly bypasses access controls and permits unauthorized information disclosure...
CVE-2021-39258
The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-29988
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...
CVE-2021-35043
A flaw was found in AnitSamy, where it allows a Cross-site Scripting attack XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This issue was demonstrated by a javascript: URL with : as the replacement for the : character. The highest threat from this vulnerabili...
CVE-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...
CVE-2021-34552
A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the "convert" or "ImagingConvertTransparent" functions in Convert.c. The highest threat to this vulnerability is to system availability. ...
CVE-2021-32740
A resource-consumption vulnerability was found in rubygem addressable, where its URI template implementation could allow an attacker's crafted template to consume resources, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Mitigation Create...
CVE-2021-36087
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmapmatchany called indirectly from cilcheckneverallow. This occurs because there is sometimes a lack of checks for invalid statements in an optional block...
CVE-2021-23159
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsxreadwbuf in formatsi.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash...
CVE-2021-33515
It was found that dovecot could still accept plaintext commands while the STARTTLS negotiation process is ongoing. This could allow an active person in the middle, with valid credentials on dovecot, to, for example, steal confidential data such as the client's emails and passwords...
CVE-2021-33560
A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. This flaw allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for example, when using OpenPGP. The highest threat from this vulnerability is to confidentiality...
CVE-2021-32923
A flaw was found in the HashiCorp Vault and Vault Enterprise. The vault could allow a remote attacker to bypass security restrictions caused by a renewal logic flaw when a token lease or dynamic secret lease was renewed inside the last second of its maximum TTL. By sending a specially crafted...
CVE-2020-17541
A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. The highest threat from this vulnerability is to data...
CVE-2021-3564
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2021-32027
A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
CVE-2020-29652
A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the gssapi-with-mic authentication method and cause the server to panic...
CVE-2019-11477
An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented. Each fragment is about TCP maximum segment size MSS...
CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...
CVE-2018-12699
finishstab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump...
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. Mitigation This issue only affects the users of scp binary which...
CVE-2016-1000343
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...
CVE-2017-16944
The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...
CVE-2024-4436
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...
CVE-2024-33602
A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash. Mitigation Mitigation for this issue is either not available or the currentl...
CVE-2024-24576
A command injection flaw was found in Rust, exclusive to Windows environments. When invoking batch files on Windows using the Command API, Rust explicitly uses cmd.exe which has complicated parsing rules for arguments. If an attacker can control part of the command arguments of the batch file, th...
CVE-2023-34053
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...
CVE-2023-36558
A security feature bypass vulnerability was found in Blazor forms in ASP.NET in the .NET package. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability t...
CVE-2023-43642
A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service DoS...
CVE-2023-41081
A vulnerability was found in Apache Tomcat Connectors modjk. Affected versions of this package are vulnerable to information exposure in the modjk component. This flaw allows an attacker to exploit the implicit mapping functionality, resulting in the unintended exposure of the status worker and...
CVE-2023-20593
A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criter...
CVE-2023-31038
A vulnerability was found in the Log4cxx library. This issue causes a SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection...
CVE-2022-36129
A flaw was found in HashiCorp Vault Enterprise which could allow a remote attacker to bypass security restrictions. This issue is caused by the failure to verify existing voter status when joining an Integrated Storage HA Node. By sending a specially crafted request, an attacker could override th...
CVE-2023-28841
A flaw was found in Moby due to missing encrypted sensitive data within the overlay network driver. This issue could allow a remote attacker to obtain sensitive information by sending a specially crafted request and use this information to launch further attacks against the affected system...
CVE-2022-2196
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...
CVE-2023-0044
A flaw was found in Quarkus. If the Quarkus Form Authentication session cookie Path attribute is set to /, then a cross-site attack may be initiated, which might lead to information disclosure. Mitigation This attack can be prevented with the Quarkus CSRF Prevention feature...
CVE-2022-38023
A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...
CVE-2022-4378
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation A possible workaround is preventing regular users from...
CVE-2022-42916
A vulnerability was found in curl. The issue occurs because curl's HSTS check can be bypassed to trick it to keep using HTTP. Using its HSTS support, it can instruct curl to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism...
CVE-2022-43402
A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...
CVE-2022-36109
A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup...
CVE-2022-21540
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...
CVE-2022-32206
A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...
CVE-2022-1898
A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a use-after-free vulnerability in the findpatterninpath function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with...
CVE-2022-24905
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on SSO is enabled. In order to exploit this vulnerability,...
CVE-2022-1619
A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdlineerasechars of the exgetln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim...
CVE-2022-29582
A use-after-free flaw was found in the Linux kernel’s iouring interface subsystem in the way a user triggers a race condition between timeout flush and removal. This flaw allows a local user to crash or escalate their privileges on the system...
CVE-2022-1215
A format string vulnerability was found in libinput...
CVE-2022-24050
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...