206341 matches found
CVE-2021-32675
A flaw was found in redis. When parsing an incoming Redis Standard Protocol RESP request, redis allocates memory according to user-specified values, which determine the number of elements in the multi-bulk header and size of each element in the bulk header. This flaw allows an unauthenticated,...
CVE-2021-3856
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...
CVE-2021-3764
A memory leak flaw was found in the Linux kernel's ccprunaesgcmcmd function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is...
CVE-2021-39251
The ntfs3g package is susceptible to an input validation attack. When processing a crafted NTFS image there is an improper check. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-3712
It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...
CVE-2021-38511
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal...
CVE-2021-3640
A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory page. A privilege...
CVE-2021-3637
A flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly. This issue leads to a denial of service...
CVE-2021-36084
The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and cilpreverifyhelper...
CVE-2020-26143
A vulnerability was found in Linux kernel, where the WiFi implementations assemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or...
CVE-2020-28374
A flaw was found in the Linux kernel’s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on t...
CVE-2020-25656
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality...
CVE-2020-26541
A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFICERTX509GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of...
CVE-2019-20916
A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...
CVE-2020-8203
A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...
CVE-2020-10135
A flaw was discovered in the Bluetooth protocol affecting the Bluetooth BR/EDR authentication. An attacker with physical access to the Bluetooth connection could perform a spoofing attack impersonating the address of a previously paired remote device. This attack may result in the attacking devic...
CVE-2020-6831
A flaw was found in Mozilla Firefox and Thunderbird. When parsing and validating SCTP chunks in WebRTC a memory buffer overflow could occur leading to memory corruption and an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2019-19447
A flaw was found in the Linux kernel's ext4unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI. Mitigation Ext4 filesytems are built into the kernel so it is not...
CVE-2019-14378
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ipreass routine while reassembling incoming packets if the first fragment is bigger than the m-mdat buffer. An attacker could use this flaw to crash the QEMU process on the...
CVE-2018-17972
An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task...
CVE-2019-9637
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...
CVE-2020-8832
An information disclosure flaw was found in the Linux kernel. The original fix for CVE-2019-14615 was deemed to be incomplete. The i915 graphics driver lacks control of flow for data structures which may allow a local, authenticated user to disclose information when using ioctl commands with an...
CVE-2019-18348
A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection e.g. through urlopen or HTTPConnection. An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and HTTP headers by...
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
CVE-2018-19518
University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...
CVE-2018-11040
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP JSON with Padding through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...
CVE-2017-1000409
A buffer overflow in glibc 2.5 released on September 29, 2006 and can be triggered through the LDLIBRARYPATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366...
CVE-2017-10661
A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'mightcancel' queuing. An unprivileged local user...
CVE-2017-9077
The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this fla...
CVE-2024-58136
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...
CVE-2022-24881
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...
CVE-2024-8928
A flaw was found in PHP. Erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed, violating data integrity...
CVE-2022-48704
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, an...
CVE-2024-27282
A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2023-6291
A flaw was found in the redirecturi validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. Mitigation Mitigation for this issue...
CVE-2023-20592
A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine VM memory integrity. Mitigation...
CVE-2023-5824
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...
CVE-2023-34034
A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information...
CVE-2023-42116
The vulnerability was found in Exim within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the...
CVE-2023-41105
Python 3.11 os.path.normpath function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path...
CVE-2023-4577
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
CVE-2023-32003
A vulnerability was found in NodeJS. This security issue occurs as fs.mkdtemp and fs.mkdtempSync can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp API, and the impact is a malicious actor could create an arbitra...
CVE-2023-34454
A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...
CVE-2023-2976
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory. Mitigation Temp files should be...
CVE-2023-1872
A flaw was found in the iouring subsystem of the Linux kernel. The iofilegetfixed function lacks the presence of ctx-uringlock, which can lead to a use-after-free vulnerability due to a race condition with fixed files getting unregistered. This flaw allows local privilege escalation...
CVE-2023-0462
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload...
CVE-2022-42867
A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution...
CVE-2022-45931
A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. This may allow a malicious user to execute arbitrary sql...
CVE-2022-3466
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10....
CVE-2021-27854
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers and Ethernet to Wifi frame translation...