206360 matches found
CVE-2022-2867
A flaw was found in libtiff's tiffcrop utility that has a uint32t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parametersto cause a crash or, in some...
CVE-2022-2764
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
CVE-2022-37416
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2mcfullxfully8x8...
CVE-2022-29154
A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker wh...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-32081
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc...
CVE-2022-34265
A flaw was found in Django. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value...
CVE-2022-29224
A flaw was found in Envoy. This flaw allows an attacker who controls an upstream host and also controls service discovery of that host via DNS, the EDS API, etc. to crash Envoy by forcing the removal of the host from service discovery and then failing the gRPC health check request. This issue...
CVE-2022-28734
A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...
CVE-2022-30785
A vulnerability was found in NTFS-3G. A file handle created in fuselibopendir and later used in fuselibreaddir allows out-of-bounds read/write operations...
CVE-2022-30783
A vulnerability was found in NTFS-3G. An invalid return code in fusekernmount allows libfuse-lite protocol traffic between NTFS-3G and the kernel to be intercepted...
CVE-2022-26717
A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a use-after-free vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...
CVE-2022-31740
The Mozilla Foundation Security Advisory describes this flaw as: On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash...
CVE-2022-1865
No description is available for this CVE...
CVE-2017-2906
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
CVE-2021-21204
Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2022-22935
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master...
CVE-2022-23038
Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...
CVE-2019-6799
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...
CVE-2019-20330
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. Mitigation The following conditions are needed for an exploit, we recommend avoiding all if possible: Deserialization from sources you do not control enableDefaultTyping @JsonTypeInfo using id.CLASS or...
CVE-2022-27780
A vulnerability was found in curl. This issue occurs because the curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the hostname part of a URL, making it a different URL using the wrong hostname when it is later retrieved. This flaw allows a malicious actor to...
CVE-2021-39241
haproxy has an input validation flaw that could allow a remote attacker to bypass implemented security restrictions. An HTTP method name may contain a space followed by the name of a protected resource. Given this, It is possible that an server would interpret this as a request for that protected...
CVE-2021-33061
A denial of service flaw was found in the Linux kernel due to insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters. This flaw allows a locally authenticated user to potentially cause a denial of service. The highest threat from this vulnerability is to syste...
CVE-2021-3558
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2022-25183
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...
CVE-2022-25176
A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on...
CVE-2022-21294
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...
CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...
CVE-2021-4203
A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. Mitigation Mitigation for this...
CVE-2021-23177
An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw...
CVE-2018-25020
A buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or escalate their...
CVE-2021-41092
A confidential data leak vulnerability was found in Docker CLI. The execution of docker login to a private registry may send provided credentials in a misconfigured docker credentials store to the registry-1.docker.io rather than the specified private registry. This flaw allows an attacker to ste...
CVE-2021-20324
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation This attack is...
CVE-2021-42771
A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest threat from...
CVE-2021-32626
A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest...
CVE-2021-20318
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
CVE-2020-21531
In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to an off by one error during range checking. This leads to a denial of service, impacting availability of the program...
CVE-2020-21532
In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to accepting an invalid value. This leads to a denial of service, impacting availability of the program...
CVE-2021-39259
The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-39255
The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2021-3698
A flaw was found in Cockpit in the way it handles the certificate verification performed by the System Security Services Daemon SSSD. This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the certificate status. The...
CVE-2021-0084
A flaw was found in the Linux kernel. This flaw allows a local authenticated user to enable the escalation of privileges due to improper input validation in the IntelR Ethernet Controllers X722 and 800 series Linux RMDA driver. The highest threat from this vulnerability is to confidentiality,...
CVE-2021-38554
A flaw was found in the vault package. The Vault UI web application may fail to completely clear a client-side data cache on user logout. As a result, an authenticated user sharing a browser to access Vault may have been able to view the previous authenticated user’s cached secrets, even if they...
CVE-2021-3713
An out-of-bounds write flaw was found in the UAS USB Attached SCSI device emulation of QEMU. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A malicious guest user could use this flaw to crash...
CVE-2021-38209
A flaw was found in the Linux kernel. Observation of changes in any net namespace is possible due to these changes being leaked into all other net namespaces. The highest threat from this vulnerability is to data confidentiality...
CVE-2021-34485
.NET Core and Visual Studio Information Disclosure Vulnerability...
CVE-2021-2390
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2021-36770
A flaw was found in perl-Encode, where the Perl5 Encode module loaded modules within the current directory. This flaw allows an attacker with write access to the current directory of a Perl5 process to inject arbitrary Perl code when this module is loaded, which can be used for a local privilege...
CVE-2021-20298
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability...
CVE-2021-31810
Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...