206286 matches found
CVE-2022-22721
A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write. Mitigation Set the LimitXMLRequestBody option to a value smaller than 350MB. Setting it to 0 is not recommended a...
CVE-2018-3646
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...
CVE-2023-39325
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
CVE-2021-3121
A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this...
CVE-2023-45853
A flaw was found in the MiniZip component of the zlib package. When opening a new file, MiniZip doesn't properly validate the filename, comments, or extra fields length against the data type used to store this information. This may allow an attacker to craft a malicious ZIP file that will lead to...
CVE-2024-38475
A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...
CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
CVE-2024-23342
A flaw was found in the ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior may be...
CVE-2023-1999
The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...
CVE-2024-22705
A vulnerability was found in ksmbd in the Linux kernel's smb2getdataarealen in fs/smb/server/smb2misc. This flaw allows an attacker to cause an smbstrndupfromutf16 out-of-bounds access due to mishandling the relationship between Name data and CreateContexts data...
CVE-2024-22257
A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVotervote passing a NULL authentication parameter. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to...
CVE-2023-28154
A flaw was found in the webpack package, which could allow a remote attacker to bypass security restrictions caused by the mishandling of the magic comment feature by the ImportParserPlugin.js. This flaw allows an attacker to gain access to the real global object by sending a specially-crafted...
CVE-2019-17567
A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. Mitigation Only configurations which use modproxywstunnel are affected by this flaw. It is also safe to comment-out the "LoadModule proxywstunnelmodule ... " line in...
CVE-2024-39884
A flaw was found in httpd. The fix for CVE-2024-38476 ignores some uses of the legacy content-type based configuration of handlers. "AddType" and similar configurations, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...
CVE-2021-33033
A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate...
CVE-2024-6387
A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Mitigation The...
CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...
CVE-2022-1012
The Linux kernel's TCP source port generation algorithm in the TCP stack contains a flaw due to the small table perturb size. This flaw allows an attacker to positively distinguish a system among devices with identical hardware and software, which lasts until the device restarts. An attacker can...
CVE-2019-2215
A flaw was found in the Linux kernel’s Android compatibility functionality. A local attacker can abuse a use-after-free flaw in the Android binder code to corrupt memory or possibly escalate privileges. Mitigation There is no mitigation required for this flaw as it does not affect shipping Red Ha...
CVE-2024-6409
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...
CVE-2021-3760
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability...
CVE-2022-0729
A flaw was found in vim. The vulnerability occurs due to crashes within specific regexp patterns and strings and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s...
CVE-2020-35452
A flaw was found in Apache httpd. The modauthdigest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Only configurations which use modauthdigest are affected by this flaw. Also as...
CVE-2024-2511
A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured...
CVE-2024-2193
A new cache speculation vulnerability, known as Spectre-SRC Speculative Race Conditions, was found in hw. Spectre-SRC is similar to the Spectre v1 and allows speculative use-after-free. The difference between this issue and Spectre V1 is that this issue is based on synchronization primitives with...
CVE-2023-46589
An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...
CVE-2023-47038
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2022-2938
A flaw was found in the Linux kernel’s implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects...
CVE-2023-20598
An improper privilege management flaw was found in the AMD RadeonTM Graphics driver. This issue may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses, resulting in potential arbitrary code execution...
CVE-2022-31630
An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system...
CVE-2022-38472
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker abusing XSLT error handling to associate attacker-controlled content with another origin, which was displayed in the address bar. This issue could be used to fool the user into submitting data...
CVE-2021-3114
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...
CVE-2024-56337
The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...
CVE-2023-35829
A race condition was found in the Linux kernel's rkvdec driver when removing the module before cleanup in the rkvdecremove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors...
CVE-2021-34558
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
CVE-2022-28330
An out-of-bounds read vulnerability was found in the modisapi module of httpd. The issue occurs when httpd is configured to process requests with the modisapi module...
CVE-2022-26377
An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests. Mitigation Disabling modproxyajp and restarting httpd will mitigate this flaw...
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
CVE-2024-28752
A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted. Mitigation No...
CVE-2023-32002
A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Mitigation Mitigation for this issue is either not available or the currently available options...
CVE-2022-21233
A flaw was found in hw. The APIC can operate in xAPIC mode also known as a legacy mode, in which APIC configuration registers are exposed through a memory-mapped I/O MMIO page. This flaw allows an attacker who can execute code on a target CPU to query the APIC configuration page. When reading the...
CVE-2022-2639
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reservesfasize function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write...
CVE-2020-7676
A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...
CVE-2020-1745
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
CVE-2024-32487
An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases. Mitigation Mitigati...
CVE-2023-45866
A flaw was found in the HID Profile in BlueZ that opens doors for unauthorized connections, especially by devices like keyboards, to inject keystrokes without user confirmation. BlueZ lacks proper restrictions on non-bonded devices, creating a risk for attackers that are physically close to injec...
CVE-2016-6198
A flaw was found that the vfsrename function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system...
CVE-2022-27652
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs...
CVE-2022-23634
A flaw was found in Puma and Rails rubygems when response bodies were not closed under certain situations. This flaw allows an attacker, by iterating certain requests, to take advantage of this issue and affect CurrentAttributes, leading to leaked data...
CVE-2024-2169
A vulnerability was found in certain UPD protocol implementations. This issue may allow an unauthenticated attacker to send maliciously crafted packages leading to a denial of service on the targeted system. An attacker needs to perform the attack on a vulnerable server in order to meet the...