206304 matches found
CVE-2022-30580
A flaw was found in the os/exec golang package. This issue occurs when invoking different Cmd methods and the Cmd.Path is unset. This could lead to a command injection, allowing an attacker to execute any binaries in the working directory...
CVE-2020-36558
A NULL pointer dereference flaw was found in the Linux kernel’s Virtual Terminal subsystem was found in how a user calls the VTRESIZEX ioctl. This flaw allows a local user to crash the system...
CVE-2021-46828
A denial of service DoS vulnerability was found in libtirpc. This flaw allows a remote attacker to exhaust the file descriptors of a process that uses libtirpc due to mishandling idle TCP connections. This issue leads to a svcrun infinite loop without accepting new connections...
CVE-2022-28693
A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to enable information disclosure via local access...
CVE-2022-32086
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Itemfield::fixouterfield...
CVE-2022-2318
There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges...
CVE-2022-2274
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...
CVE-2022-32549
A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...
CVE-2022-26700
A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...
CVE-2022-0096
Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2019-15618
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk...
CVE-2022-24904
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's...
CVE-2022-1116
Integer Overflow or Wraparound vulnerability in iouring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions...
CVE-2022-29155
A vulnerability was found in the openldap-servers package. A SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This issue occurs during an LDAP search operation when the search filter is processed due to a lack of proper...
CVE-2022-1516
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system...
CVE-2022-0852
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...
CVE-2022-25648
A flaw was found in ruby-git, where the package is vulnerable to command injection via the git argument. This flaw allows an attacker to set additional flags, which leads to performing command injections...
CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...
CVE-2022-25517
A flaw was found in MyBatis Plus. The issue contains a SQL Injection vulnerability...
CVE-2022-1025
A privilege escalation flaw was found in ArgoCD. This flaw allows a malicious user who has push access to an application's source git or Helm repository, or sync and override access, to perform actions they are not authorized to do. For example, if the attacker has update or delete access, they c...
CVE-2021-4173
A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution...
CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...
CVE-2021-31566
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...
CVE-2015-5236
A flaw was discovered that IcedTea-Web did not properly determine an applet's origin when performing same-origin checks. A malicious page could use this flaw to bypass the Same Origin Policy SOP and access data on unrelated sites using a spoofed value for the applet's codebase attribute...
CVE-2021-42008
The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access. Mitigation Mitigation for this issue is either not available or the currently available...
CVE-2021-3781
A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...
CVE-2021-39261
The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-39263
The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-39242
haproxy was found to be vulnerable to HTTP host header attack: This problem creates a scenario in which it's possible to drop the Host header and use the authority only after forwarding to a second http2 layer, possibly causing two differing values of Host at a different stage. The highest threat...
CVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...
CVE-2021-38198
A flaw was found in the Linux kernel, where it incorrectly computes the access permissions of a shadow page. This issue leads to a missing guest protection page fault. Mitigation Do not disable hardware-assisted paging also known as nested paging and Second Level Address Translation on your hosts...
CVE-2021-34334
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of...
CVE-2021-31291
A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute cod...
CVE-2021-30663
A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by an integer overflow in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a speciall...
CVE-2021-22145
A memory disclosure flaw was found in Elasticsearch’s error reporting. A user who can submit arbitrary queries to Elasticsearch could submit a malformed query that results in an error message returned that contains previously used portions of a data buffer. This buffer could contain sensitive...
CVE-2016-6816
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...
CVE-2021-32625
A flaw was found in Redis. An integer overflow could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The highest threat from this vulnerability is to data confidentiality and...
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper...
CVE-2021-25215
A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability. Mitigation Red Hat has investigated whether a possible...
CVE-2021-23358
A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2021-3449
A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...
CVE-2021-23840
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
CVE-2021-26708
A flaw was found in the Linux kernel. Wrong locking in the AFVSOCK socket can cause a local privilege escalation, bypassing SMEP and SMAP. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2021-3326
A flaw was found in glibc's iconv functionality. This flaw allows an attacker capable of supplying a crafted sequence of characters to an application using iconv to convert from ISO-2022-JP-3 to cause an assertion failure. The highest threat from this vulnerability is to system availability...
CVE-2020-17530
A flaw was found in the Apache Struts frameworks. When forced, some of the tag's attributes perform a double evaluation if a developer applies forced OGNL evaluation by using the %... syntax. Using a forced OGNL evaluation on untrusted user input allows an attacker to perform remote code executio...
CVE-2020-27820
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off, but same happens if "unbind" the driver. Mitigation To mitigate this issue, prevent the module...
CVE-2020-14386
A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation If the CAPNETRAW capability disabled by...
CVE-2020-14338
A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This iss...