206304 matches found
CVE-2023-24895
A flaw was found in dotnet. This issue can allow remote code execution when WPF is handling XAML Frame elements...
CVE-2023-32082
A flaw was found in etcd. Affected versions of etcd allow a remote, authenticated attacker to use the LeaseTimeToLive API to obtain sensitive information...
CVE-2023-1195
A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request. Mitigation Mitigation for this issue is either not available or the...
CVE-2023-25725
A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...
CVE-2022-4203
A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the...
CVE-2022-42895
An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfreq function. An attacker with physical access within the range of standard Bluetooth transmission could use thi...
CVE-2022-3725
A vulnerability was found in Wireshark. This flaw causes a crash in the OPUS protocol dissector in Wireshark, leading to a denial of service via packet injection or a crafted capture file...
CVE-2022-39956
A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection...
CVE-2022-41317
A flaw was found in squid. A trusted client can directly access the cache manager information, bypassing the manager ACL protection and resulting in information disclosure. Mitigation Adding the following line to the squid.conf file is a workaround: acl manager urlregex +i...
CVE-2022-2835
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc. Mitigation Consider adding the svc namespace to the DNS operator to prevent a low-privileged user from creating it. Alternatively...
CVE-2022-24724
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing table.c:rowfromstring may lead to heap memory corruption when parsing tables who's marker rows contain mor...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
CVE-2022-32547
A flaw was found in ImageMagick, where there is a load of a misaligned address for type 'double,' which requires 8-byte alignment, and for type 'float,' which requires 4-byte alignment at MagickCore/property.c. Whenever ImageMagick processes crafted or untrusted input, this causes a negative impa...
CVE-2022-29163
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...
CVE-2022-22976
A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor 31 due to an integer overflow error...
CVE-2022-1622
An out-of-bounds read vulnerability was found in Libtiff's LZWDecode function in libtiff/tiflzw.c. This flaw allows an attacker to perform a denial-of-service attack via a crafted tiff file, leading to the application crashing...
CVE-2022-30115
A vulnerability was found in curl. This issue occurs because when using its HTTP Strict Transport SecurityHSTS support, it can instruct curl to use HTTPS directly instead of using an insecure clear text HTTP step even when HTTP is provided in the URL. This flaw leads to a clear text transmission ...
CVE-2022-23267
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...
CVE-2022-0235
A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...
CVE-2022-28739
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...
CVE-2022-29041
A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with...
CVE-2022-27943
A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangleconst function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a...
CVE-2022-24772
A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...
CVE-2022-0854
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat...
CVE-2022-25634
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...
CVE-2022-26126
frrouting is vulnerable to a flaw that can cause stack overflow due to processing binary data as simple string data. Since c string data is not being processed when processing packets , correct binary aware functions should be used. There is high impact to availability due to the fact that the...
CVE-2022-25308
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service...
CVE-2022-24448
A flaw was found in the Linux kernel. When an application tries to open a directory using the ODIRECTORY flag in a mounted NFS filesystem, a lookup operation is performed. If the NFS server returns a file as a result of the lookup, the NFS filesystem returns an uninitialized file descriptor inste...
CVE-2022-23707
A Cross-Site Scripting XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permission to create index patterns can inject malicious javascript into the index pattern, which could execute against other users...
CVE-2022-20612
A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...
CVE-2021-43612
An out-of-bounds read vulnerability is present in lldpd. An attacker on the same network as the vulnerable system may use this vulnerability to leak memory data from the application or crash it by sending shorter SONMP packets than what is expected...
CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...
CVE-2022-22748
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol...
CVE-2022-22751
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these...
CVE-2021-4158
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
CVE-2021-42762
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...
CVE-2021-41073
A flaw was found in looprwiter in fs/iouring.c in the Linux kernel. This problem gives the ability to a local user with a normal user privilege to free a user-defined kernel space buffer. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the...
CVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...
CVE-2021-39252
The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-39140
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...
CVE-2021-31556
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob...
CVE-2021-2372
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2020-19716
There's a flaw in exiv2. An attacker able to submit a crafted file to an application linked with exiv2 could trigger excessive resource consumption or a null pointer dereference, leading to an impact to application availability...
CVE-2020-19715
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13110 Reason: This candidate is a duplicate of CVE-2019-13110. Notes: All CVE users should reference CVE-2019-13110 instead of this candidate...
CVE-2021-3639
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...
CVE-2021-21705
A flaw was found in php. Currently, php's FILTERVALIDATEURL check doesn't recognize some non-compliant RFC 3986 URLs and returns them as valid. This flaw allows an attacker to craft URLs, which depending on how the URL filter checking is used on the application side, lead to Server Side Request...
CVE-2021-29953
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. Note: This issue only affected Firefox for Android. Other operating systems are unaffected...
CVE-2021-29952
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox 88.0.1 and Firefox for Android 88.1.3...
CVE-2021-28165
When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...