206363 matches found
CVE-2022-30952
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...
CVE-2022-30556
A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure. Mitigation Disabling modlua and restarting httpd will mitigate this flaw...
CVE-2022-31621
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dsxbstream.cc, when an error occurs streamctxt-destfile == NULL while executing the method xbstreamopen, the held lock is not released correctly, which allows local users to trigger a denial of service due to the...
CVE-2022-21136
A flaw was found in hw. Improper input validation for some IntelR XeonR processors may allow a privileged user to enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...
CVE-2022-1632
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of...
CVE-2022-26280
An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with libarchive, using the LZMA zip functionality. The consequences depend on the specific program linked wi...
CVE-2021-44906
An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or proto payload, resulting in prototype pollution and loss of confidentiality, availability, and...
CVE-2022-23648
An information leak was discovered in containerd. This issue could allow a remote attacker access to read-only copies of arbitrary files and directories on the host, which can be exploited with a specially-crafted image configuration...
CVE-2022-0891
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...
CVE-2022-26966
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device...
CVE-2022-0391
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...
CVE-2022-22746
The Mozilla Foundation Security Advisory describes this flaw as: A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed. This bug only affects Thunderbird for Windows. Other operating systems are unaffected...
CVE-2022-22743
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When navigating from inside an iframe while requesting full screen access, an attacker-controlled tab could have made the browser unable to leave full screen mode...
CVE-2021-3929
A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...
CVE-2020-13974
A flaw integer overflow in the Linux kernel's virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. A local user could use this flaw to crash the system or possibly escalate their privileges on the system. Mitigation Mitigation for this...
CVE-2021-20320
A flaw was found in s390 eBPF JIT in bpfjitinsn in arch/s390/net/bpfjitcomp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. Mitigation Mitigation for this issue is either not available or the...
CVE-2021-39293
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could...
CVE-2021-22945
A flaw was found in libcurl. When sending data to an MQTT server could in some situations lead to libcurl using already freed memory and then try to free it again. The highest threat from this vulnerability is to data confidentiality as well as system availability...
CVE-2021-3759
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...
CVE-2021-38593
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and QPaintEngineEx::stroke...
CVE-2021-2389
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2021-36386
A flaw was found in fetchmail. The flaw lies in how fetchmail when running in verbose mode using the -v flag tries to log long messages that are created from long headers. An attacker could potentially use this flaw to cause a Denial of Service attack or crash. The highest threat from this...
CVE-2021-31812
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions...
CVE-2021-3588
The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...
CVE-2021-32029
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
CVE-2021-22116
A flaw was found in rabbitmq-server, where insufficient input validation in the AMQP 1.0 client connection endpoint could allow a denial of service. The highest threat from this vulnerability is to system availability...
CVE-2021-3509
A flaw was found in the Red Hat Ceph Storage Dashboard. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS. The greatest threa...
CVE-2021-3541
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...
CVE-2019-9517
A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...
CVE-2020-12362
A flaw was found in the Linux kernel. An integer overflow in the firmware for some IntelR Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as...
CVE-2020-1971
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability...
CVE-2020-11935
A flaw improperly managed inode reference counts in the vfsubdentryopen in the Linux kernel aufs subsystem was found in the way local user calls vfsubdentryopen method. A local user could use this flaw to crash the system...
CVE-2020-15104
An improper certificate validation vulnerability was found in envoyproxy/envoy, when externally created certificates with wildcards in the DNS Subject Alternative Name are used. This flaw allows an attacker to subvert the envoy filter or destination rules to access restricted resources. The highe...
CVE-2020-13630
A use-after-free vulnerability was found in the SQLite FTS3 extension module in the way it implemented the snippet function. This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code...
CVE-2020-10709
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to...
CVE-2018-5968
A deserialization flaw was discovered in the jackson-databind that could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaws CVE-2017-7525 and CVE-2017-17485 by...
CVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...
CVE-2017-9076
The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memo...
CVE-2017-7525
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Mitigation Mitigation to this problem is to not trigger polymorphic desrializatio...
CVE-2020-9546
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2019-18805
A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter /proc/sys/net/ipv4/tcpminrttwlen is set incorrectly. This causes an integer overflow which can lead to a denial Of service DOS attack. Mitigation This flaw can be mitigated ...
CVE-2019-19377
A flaw was found in the Linux kernel's implementation of the BTRFS file system. A local attacker, with the ability to mount a file system, can create a use-after-free memory fault after the file system has been unmounted. This may lead to memory corruption or privilege escalation. Mitigation As t...
CVE-2019-11479
An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size MSS of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increas...
CVE-2017-11176
A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mqnotify function, a local attacker could potentially use this flaw to escalate their privileges on the system...
CVE-2019-5747
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...
CVE-2017-13077
A new exploitation technique called key reinstallation attacks KRACKs affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key PTK-TK during a...
CVE-2019-9851
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...
CVE-2019-5420
A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...
CVE-2019-7221
A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is stopped. The...
CVE-2017-5754
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...