206309 matches found
CVE-2023-6610
An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Mitigation To mitigate this issue, prevent module cifs from being loaded. Please see...
CVE-2023-41835
A flaw was found in struts. When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in 'struts.multipart.saveDir', even if the request has been denied...
CVE-2023-46671
A flaw was found in Kibana, where exposure of sensitive information in log files may occur. In some uncommon conditions, if error messages are returned, the log may contain account credentials for the kibanasystem 64 user, API Keys, and credentials of Kibana end-users...
CVE-2023-46737
A flaw was found in the cosign package. A attacker with control of a compromised registry or with privileges to make requests to the cluster can create a specific request that will trigger an infinite loop condition, resulting in a denial of service. Mitigation Mitigation for this issue is either...
CVE-2023-5720
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
CVE-2023-39198
A race condition was found in the QXL driver in the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by the qxlgemobjectcreatewithhandle, but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigge...
CVE-2023-44483
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...
CVE-2023-4061
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system...
CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges...
CVE-2023-4692
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a...
CVE-2023-42114
An out-of-bounds read vulnerability was found in Exim within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to...
CVE-2023-36796
A vulnerability was found in dotnet. This issue can lead to a stack-based out-of-bounds write when loading PDB type records in msdia140.dll used by Visual Studio. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securit...
CVE-2023-3955
A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes...
CVE-2023-35947
A flaw was found in Gradle. When unpacking Tar archives, Gradle did not check that files could be written outside the unpack location. This issue could lead to important files being overwritten anywhere the Gradle process has write permissions. This flaw allows an attacker with control of an...
CVE-2023-37920
A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...
CVE-2023-32439
A vulnerability was found in webkitgtk. This issue occurs when processing maliciously crafted web content, which may lead to arbitrary code execution. Mitigation This vulnerability can be mitigated by setting the environment variable JSCuseDFGJIT=0, which will disable the data flow graph JIT tier...
CVE-2023-24897
A flaw was found in dotnet. This issue can allow remote code execution through an out-of-bounds write when loading PDB type records in msdia140.dll used by Visual Studio...
CVE-2023-2953
A vulnerability was found in OpenLDAP, in bermemallocx function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service...
CVE-2022-40664
A flaw was found in Apache Shiro. An authentication bypass vulnerability occurs when forwarding or including via the RequestDispatcher...
CVE-2023-30630
A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo. Mitigation Do not configure sudoers file to allow running dmidecode with elevated privileges...
CVE-2023-26554
An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2023-26551
An out-of-bounds write flaw was found in the ntp package. A remote attacker can trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2023-24534
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
CVE-2023-25809
A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service. Mitigation Condition 1: Unshare the cgroup namespace docker|podman|nerdctl run...
CVE-2023-28120
A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed. Mitigation Avoid calling bytesplice on a SafeBuffer htmlsafe string with untrusted user input...
CVE-2023-0461
A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context struct tlscontext on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To mitigate this issue,...
CVE-2022-48337
A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file...
CVE-2023-23915
A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...
CVE-2022-23813
The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...
CVE-2022-48279
A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity C language codebase...
CVE-2022-45143
A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values...
CVE-2022-47520
An out-of-bounds read flaw was found in the Linux kernel’s Atmel WILC1000 802.11 SoC driver. This flaw allows a local to crash or potentially escalate their privileges on the system...
CVE-2022-46692
A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...
CVE-2022-46146
A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is used to limit side channel attacks that could tell an attacker if a user is present in the file or not. Prometheus...
CVE-2022-4145
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation...
CVE-2022-21589
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...
CVE-2022-43548
A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...
CVE-2022-41852
A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack...
CVE-2022-2880
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...
CVE-2022-32891
A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing...
CVE-2022-37703
An information leak vulnerability was found in Amanda in the calcsize SUID binary. This flaw allows an attacker to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an arbitrary path...
CVE-2022-34174
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...
CVE-2022-34173
In Jenkins 2.340 through 2.355 both inclusive the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2022-30946
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
CVE-2022-2867
A flaw was found in libtiff's tiffcrop utility that has a uint32t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parametersto cause a crash or, in some...
CVE-2022-2764
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
CVE-2022-37416
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2mcfullxfully8x8...
CVE-2022-29154
A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker wh...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-32081
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc...