206304 matches found
CVE-2020-0465
A flaw was found in the Linux kernel’s multi-touch input system. An out-of-bounds write triggered by a use-after-free issue could lead to memory corruption or possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2020-25681
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary da...
CVE-2020-1971
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability...
CVE-2020-10751
A flaw was found in the Linux kernel’s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted...
CVE-2019-11048
A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service...
CVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...
CVE-2017-7525
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Mitigation Mitigation to this problem is to not trigger polymorphic desrializatio...
CVE-2020-9546
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2020-6950
A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files. Mitigation There is no currently known mitigation for this flaw...
CVE-2019-18805
A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter /proc/sys/net/ipv4/tcpminrttwlen is set incorrectly. This causes an integer overflow which can lead to a denial Of service DOS attack. Mitigation This flaw can be mitigated ...
CVE-2019-11479
An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size MSS of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increas...
CVE-2019-13720
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2017-9788
It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...
CVE-2019-3774
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...
CVE-2016-10088
It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNELDS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service...
CVE-2016-1247
A vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append data to files owned by root, potentially elevating their own privileges to root...
CVE-2016-5773
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
CVE-2025-13426
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute...
CVE-2024-37891
A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects. Mitigation Mitigation for this...
CVE-2024-26306
A timing-based side-channel flaw was found in iperf3. If the iperf3 server is running with the --rsa-private-key-path option, the user authentication API can be attacked. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...
CVE-2024-32465
A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution. Mitigati...
CVE-2022-48686
A use-after-free vulnerability was found in the Linux kernel in drivers/nvme/host/tcp.c in nvmetcpiowork. This issue can occur when a local user continues to read data after the connection finishes. This flaw allows a malicious user to cause a use-after-free problem. Mitigation Mitigation for thi...
CVE-2024-22019
A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...
CVE-2024-24989
A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a NULL pointer dereference error, causing a worker process to crash, leading to a denial of service...
CVE-2023-4408
A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service. Mitigation Mitigation for this issue is either...
CVE-2023-51074
A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...
CVE-2023-44466
An flaw was found in net/ceph/messengerv2.c in the Linux Kernel. An integer signing error leads to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This issue occurs due to an untrusted length taken from a TCP packet in cephdecode32...
CVE-2023-5157
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service...
CVE-2023-39318
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in...
CVE-2023-2640
A flaw was found in the Linux Kernel where the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. This flaw allows a local attacker to gain elevated privileges due to skipped permission in checking for trusted.overlayfs. xattrs...
CVE-2023-22043
Vulnerability in Oracle Java SE component: JavaFX. The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability...
CVE-2023-21400
A double-free vulnerability was found in the iouring subsystem in the Linux kernel. This issue may allow a malicious local user to crash the kernel or elevate their privileges on the system...
CVE-2023-3640
A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...
CVE-2023-2156
A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of service condition...
CVE-2023-0225
A vulnerability was found in Samba. This security issue occurs as an incomplete access check on the dnsHostName allows authenticated but otherwise, unprivileged users to delete this attribute from any object in the directory...
CVE-2023-28328
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of...
CVE-2023-23559
An integer overflow flaw was found in the Linux kernel’s wireless RNDIS USB device driver in how a user installs a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2023-0215
A use-after-free vulnerability was found in OpenSSL's BIOnewNDEF function. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be...
CVE-2022-23814
Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...
CVE-2022-45411
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
CVE-2022-3294
A flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While...
CVE-2022-42915
A vulnerability was found in curl. The issue occurs if curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL. It sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this...
CVE-2022-39201
A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability...
CVE-2022-40152
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
CVE-2022-41715
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...
CVE-2022-38751
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...
CVE-2022-36087
A flaw was found in python-oauthlib. This flaw allows an attacker providing a malicious redirect URI to cause a denial of service to OAuthLib's web application. Mitigation The redirecturi can be verified in the web toolkit before OAuthLib is called. Check to see if : is present to reject the...
CVE-2022-3143
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...
CVE-2022-35252
A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...