206309 matches found
CVE-2022-23709
A flaw was found in Kibana. This issue allows users with read access to the Uptime feature to modify alerting rules, allowing them to create new or overwrite existing ones. However, any rules created this way are not enabled by default and allow the user to disable an existing, enabled alert rule...
CVE-2022-27196
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...
CVE-2022-0742
A memory leak flaw was found in the Linux kernel’s ICMPv6 networking protocol, in the way a user generated malicious ICMPv6 packets. This flaw allows a remote user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Re...
CVE-2021-39686
A race condition was found in the Linux kernel Android binder driver. The driver is not included to the other kernels, apart from Android devices. This issue could allow a local user to crash the system or potentially escalate their privileges on the system...
CVE-2022-24599
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero byte...
CVE-2022-24958
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-buf release...
CVE-2021-46668
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...
CVE-2021-23450
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function...
CVE-2021-3918
The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...
CVE-2021-42739
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CASENDMSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to...
CVE-2021-3847
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a file with capabilities from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system...
CVE-2021-41103
A flaw was found in the containerd package. Containerd could allow a local authenticated attacker to traverse directories on the system, due to improper restricted permissions on the container root and plugin directories. This issue could allow an attacker to send a specially-crafted request...
CVE-2021-32675
A flaw was found in redis. When parsing an incoming Redis Standard Protocol RESP request, redis allocates memory according to user-specified values, which determine the number of elements in the multi-bulk header and size of each element in the bulk header. This flaw allows an unauthenticated,...
CVE-2021-3827
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...
CVE-2021-3764
A memory leak flaw was found in the Linux kernel's ccprunaesgcmcmd function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is...
CVE-2021-39251
The ntfs3g package is susceptible to an input validation attack. When processing a crafted NTFS image there is an improper check. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-39253
The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-3735
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset ahciresetport while handling a host-to-device Register FIS Frame Information Structure packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host...
CVE-2021-21295
In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...
CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
CVE-2021-36740
A flaw was found in Varnish. The Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. As a result, this flaw allows the information on the Varnish cache to be poisoned. The highest threat from this...
CVE-2021-36373
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected...
CVE-2021-3642
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality...
CVE-2021-3571
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to...
CVE-2021-29464
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An...
CVE-2021-3612
An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to...
CVE-2021-32575
A flaw was found in Nomad. The bridge networking mode in HashiCorp Nomad and Nomad Enterprise allows ARP spoofing from other bridged tasks on the same node...
CVE-2021-3608
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMAREGDSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this...
CVE-2021-3556
A flaw was found in libvirt in the virConnectListAllNodeDevices API. It only affects hosts with a PCI device and driver that supports mediated devices ex., GRID driver. This flaw allows an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list'...
CVE-2021-28652
A flaw was found in Squid. A parser validation bug could allow a trusted client with Cache Manager API access privileges to trigger memory leaks, potentially resulting in a denial of service against Squid. The highest threat from this vulnerability is to system availability. Mitigation To mitigat...
CVE-2021-32617
There's a flaw in the xmpsdk component shipped with exiv2. An attacker who is able to submit a crafted file to be processed by an application linked with the exiv2 library could cause an excessive consumption of resources, potentially leading to denial of service. The greatest impact of this flaw...
CVE-2021-29957
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird 78.10.2...
CVE-2021-3543
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system...
CVE-2021-28950
A denial of service in the kernel side of the FUSE functionality can allow a local system to create a denial of service. Mitigation As the FUSE module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: echo "install fu...
CVE-2021-3408
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2020-25672
A memory leak in the Linux kernel’s NFC LLCP protocol implementation was found in the way a user triggers the llcpsockconnect function. This flaw allows a local user to starve the resources, causing a denial of service...
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity. Mitigation There is currently no known mitigation for this flaw...
CVE-2019-8764
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting...
CVE-2020-8912
A flaw was found in the AWS S3 Crypto SDK where algorithm parameters for the data encryption key are not authenticated. This flaw allows attackers with S3 bucket write access to change the negotiated encryption algorithm, potentially providing viable brute force methods to recover plaintext. This...
CVE-2018-17972
An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task...
CVE-2019-19332
An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulti...
CVE-2019-14897
A stack-based buffer overflow was found in the Linux kernel's Marvell WiFi chip driver. An attacker is able to cause a denial of service system crash or, possibly execute arbitrary code, when a STA works in IBSS mode allows connecting stations together without the use of an AP and connects to...
CVE-2017-9798
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...
CVE-2019-15927
An out-of-bounds flaw was found in the ALSA usb-audio subsystem in the Linux kernel. An array boundary check was needed to restrict the array size; failing this can cause an out-of-bound access problem. Data confidentiality and integrity, as well as system availability, are all threats with this...
CVE-2019-14271
A flaw was discovered in Docker if it is compiled with Go 1.11. During a docker cp command, the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. An attacker could abuse this flaw by executing code with the root privileges...
CVE-2019-10098
A vulnerability was discovered in Apache httpd, in modrewrite. Certain self-referential modrewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers...
CVE-2019-10173
It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...
CVE-2017-12611
It was found that Freemarker in Struts would permit using read-only properties in value assignment of tag expressions. An attacker could use this to execute arbitrary code...
CVE-2017-3159
It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack...
CVE-2017-5897
An issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. At this time we understand no trust barrier has been crossed and there is no security implications in this flaw...