206363 matches found
CVE-2023-36793
A vulnerability was found in dotnet. This issue can lead to an out-of-bounds write when loading PDB type records in msdia140.dll used by Visual Studio. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria...
CVE-2022-47695
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfdmachogetsyntheticsymtab in match-o.c...
CVE-2023-4155
A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...
CVE-2023-39151
A flaw was found in Jenkins, where Jenkins weekly and LTS are vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker can inject malicious script into a web page, which would be executed in a victim's Web browser within the...
CVE-2023-32001
A flaw was found in the curl package. This race condition modifies the behavior of symbolic link files in affected components which might be followed instead of overwritten when the condition is met, leading to undesired and potentially destructive behavior...
CVE-2023-31248
A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nftablesapi.c in nftchainlookupbyid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup. Mitigation To mitigate this issue, it is possible to prevent the...
CVE-2023-33128
A vulnerability was found in dotnet. This issue may allow remote code execution via source generators that can lead to a crash due to unmanaged heap corruption...
CVE-2023-32082
A flaw was found in etcd. Affected versions of etcd allow a remote, authenticated attacker to use the LeaseTimeToLive API to obtain sensitive information...
CVE-2023-28879
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...
CVE-2023-28120
A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed. Mitigation Avoid calling bytesplice on a SafeBuffer htmlsafe string with untrusted user input...
CVE-2023-1195
A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request. Mitigation Mitigation for this issue is either not available or the...
CVE-2022-20566
A use-after-free flaw was found in the Linux kernel's Bluetooth functionality. A user could trigger a race condition while closing the connection. This issue may allow a local user to crash or potentially escalate their privileges on the system. Mitigation The only way to mitigate these...
CVE-2022-4203
A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the...
CVE-2022-4254
A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...
CVE-2022-44034
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24xcs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open, aka a race condition between scr24xopen and scr24xremove...
CVE-2022-3543
A flaw was found in unixsockdestructor/unixreleasesock in net/unix/afunix.c in the BPF component in the Linux Kernel. This issue may lead to a memory leak problem. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat Product Securit...
CVE-2022-46364
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
CVE-2021-33640
After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues to use pointer t: freelonglinklongnamet-thbuf . As a result, the released memory is used use-after-free...
CVE-2022-3786
A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious...
CVE-2022-3725
A vulnerability was found in Wireshark. This flaw causes a crash in the OPUS protocol dissector in Wireshark, leading to a denial of service via packet injection or a crafted capture file...
CVE-2022-30580
A flaw was found in the os/exec golang package. This issue occurs when invoking different Cmd methods and the Cmd.Path is unset. This could lead to a command injection, allowing an attacker to execute any binaries in the working directory...
CVE-2022-2835
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc. Mitigation Consider adding the svc namespace to the DNS operator to prevent a low-privileged user from creating it. Alternatively...
CVE-2020-36558
A NULL pointer dereference flaw was found in the Linux kernel’s Virtual Terminal subsystem was found in how a user calls the VTRESIZEX ioctl. This flaw allows a local user to crash the system...
CVE-2021-46828
A denial of service DoS vulnerability was found in libtirpc. This flaw allows a remote attacker to exhaust the file descriptors of a process that uses libtirpc due to mishandling idle TCP connections. This issue leads to a svcrun infinite loop without accepting new connections...
CVE-2022-24724
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing table.c:rowfromstring may lead to heap memory corruption when parsing tables who's marker rows contain mor...
CVE-2022-28693
A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to enable information disclosure via local access...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
CVE-2022-2318
There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges...
CVE-2022-2274
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...
CVE-2022-32549
A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...
CVE-2022-32547
A flaw was found in ImageMagick, where there is a load of a misaligned address for type 'double,' which requires 8-byte alignment, and for type 'float,' which requires 4-byte alignment at MagickCore/property.c. Whenever ImageMagick processes crafted or untrusted input, this causes a negative impa...
CVE-2022-26700
A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...
CVE-2022-29163
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...
CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk...
CVE-2022-24904
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's...
CVE-2022-22976
A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor 31 due to an integer overflow error...
CVE-2022-30115
A vulnerability was found in curl. This issue occurs because when using its HTTP Strict Transport SecurityHSTS support, it can instruct curl to use HTTPS directly instead of using an insecure clear text HTTP step even when HTTP is provided in the URL. This flaw leads to a clear text transmission ...
CVE-2022-25648
A flaw was found in ruby-git, where the package is vulnerable to command injection via the git argument. This flaw allows an attacker to set additional flags, which leads to performing command injections...
CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...
CVE-2022-1025
A privilege escalation flaw was found in ArgoCD. This flaw allows a malicious user who has push access to an application's source git or Helm repository, or sync and override access, to perform actions they are not authorized to do. For example, if the attacker has update or delete access, they c...
CVE-2022-25634
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...
CVE-2022-23707
A Cross-Site Scripting XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permission to create index patterns can inject malicious javascript into the index pattern, which could execute against other users...
CVE-2022-23218
A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunixcreate in the sunrpc's svcunix.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its path argument onto the stack without validating its length, which may result in ...
CVE-2021-43612
An out-of-bounds read vulnerability is present in lldpd. An attacker on the same network as the vulnerable system may use this vulnerability to leak memory data from the application or crash it by sending shorter SONMP packets than what is expected...
CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...
CVE-2021-31566
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...
CVE-2021-42008
The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access. Mitigation Mitigation for this issue is either not available or the currently available...
CVE-2021-39242
haproxy was found to be vulnerable to HTTP host header attack: This problem creates a scenario in which it's possible to drop the Host header and use the authority only after forwarding to a second http2 layer, possibly causing two differing values of Host at a different stage. The highest threat...
CVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...
CVE-2021-38198
A flaw was found in the Linux kernel, where it incorrectly computes the access permissions of a shadow page. This issue leads to a missing guest protection page fault. Mitigation Do not disable hardware-assisted paging also known as nested paging and Second Level Address Translation on your hosts...