206304 matches found
CVE-2018-13406
The Linux kernel was found vulnerable to an integer overflow in the drivers/video/fbdev/uvesafb.c:uvesafbsetcmap function. The vulnerability could result in local attackers being able to crash the kernel or potentially elevate privileges...
CVE-2019-12818
An issue was discovered in the Linux kernel before 4.20.15. The nfcllcpbuildtlv function in net/nfc/llcpcommands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfcllcpbuildgb in net/nfc/llcpcore...
CVE-2020-2574
Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
CVE-2019-3460
A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfrsp and l2capparseconfreq functions. An attacker with physical access within the range of standard Bluetooth transmission can create a...
CVE-2019-14283
A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call setgeometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw ma...
CVE-2017-17807
The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it...
CVE-2019-19767
A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when...
CVE-2019-19530
A use-after-free flaw was found in the acmprobe USB subsystem in the Linux kernel. A race condition occurs when a destroy procedure is initiated allowing the refcount to decrement on the interface so early that it is never under counted. A malicious USB device is required for exploit. System...
CVE-2019-10220
A flaw was found in the Linux kernel's SMB client. Path separators are not checked by cifs.ko when parsing directory listings back. A bad server can return relative paths that will be returned as-is to userspace potentially leading to manipulating of files outside shared mount points. The highest...
CVE-2018-9363
A buffer overflow due to a singed-unsigned comparsion was found in hidpprocessreport in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service...
CVE-2018-6594
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...
CVE-2017-12933
The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP...
CVE-2017-10193
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2016-4580
The x25negotiatefacilities function in net/x25/x25facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request...
CVE-2024-39817
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App...
CVE-2020-14008
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution...
CVE-2025-22233
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...
CVE-2025-21453
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur...
CVE-2025-29927
A flaw was found in Next.js package. This vulnerability allows bypassing authorization checks within a Next.js application if the authorization check occurs in middleware. Mitigation Block or drop external user requests which contain the x-middleware-subrequest header from reaching your Next.js...
CVE-2024-53141
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmapipuadt When tbIPSETATTRIPTO is not present but tbIPSETATTRCIDR exists, the values of ip and ipto are slightly swapped. Therefore, the range check for ip should be done later, but...
CVE-2024-37890
A flaw was found in the Node.js WebSocket library ws. A request with several headers exceeding the 'server.maxHeadersCount' threshold could be used to crash a ws server, leading to a denial of service. Mitigation The issue can be mitigated by reducing the maximum allowed length of the request...
CVE-2024-4603
A flaw was found in OpenSSL. Applications that use the EVPPKEYparamcheck or EVPPKEYpubliccheck function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters. In applications that allow untrusted sources to provide the key or...
CVE-2024-3652
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
CVE-2024-28175
A flaw was found in Argo CD. Due to improper filtering of URL protocols in the application summary component, a remote attacker can execute a cross-site scripting XSS attack with privileges to edit the application...
CVE-2024-23651
A race condition issue was found in the Moby Builder Toolkit, stemming from a time-of-check/time-of-use TOCTOU vulnerability during cache volume mounting at container build time. Concurrent execution of two malicious build steps, sharing the same cache mounts with subpaths, may result in files fr...
CVE-2023-45232
A security loophole involving an infinite loop was identified in EDK2, the open-source reference implementation of the UEFI specification. This weakness enables an unauthorized attacker to exploit system availability by sending a specifically crafted Destination Options IPv6 header. Mitigation...
CVE-2024-22195
A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...
CVE-2023-47039
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...
CVE-2023-5870
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...
CVE-2023-5720
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
CVE-2023-39198
A race condition was found in the QXL driver in the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by the qxlgemobjectcreatewithhandle, but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigge...
CVE-2023-46728
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial ...
CVE-2023-36796
A vulnerability was found in dotnet. This issue can lead to a stack-based out-of-bounds write when loading PDB type records in msdia140.dll used by Visual Studio. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securit...
CVE-2023-4527
A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...
CVE-2023-3955
A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes...
CVE-2021-36159
libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...
CVE-2023-20588
A division-by-zero error was found in hw on some AMD processors. This flaw can potentially return speculative data, resulting in loss of confidentiality. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteri...
CVE-2023-32439
A vulnerability was found in webkitgtk. This issue occurs when processing maliciously crafted web content, which may lead to arbitrary code execution. Mitigation This vulnerability can be mitigated by setting the environment variable JSCuseDFGJIT=0, which will disable the data flow graph JIT tier...
CVE-2023-26965
A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a...
CVE-2023-2829
A vulnerability was found in BIND. This security flaw occurs when a named instance is configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled; remote termination can occur using a zone with a malformed...
CVE-2023-24897
A flaw was found in dotnet. This issue can allow remote code execution through an out-of-bounds write when loading PDB type records in msdia140.dll used by Visual Studio...
CVE-2023-30630
A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo. Mitigation Do not configure sudoers file to allow running dmidecode with elevated privileges...
CVE-2023-26551
An out-of-bounds write flaw was found in the ntp package. A remote attacker can trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2022-37865
A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access...
CVE-2023-0461
A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context struct tlscontext on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To mitigate this issue,...
CVE-2022-48279
A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity C language codebase...
CVE-2022-44034
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24xcs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open, aka a race condition between scr24xopen and scr24xremove...
CVE-2022-41717
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...
CVE-2022-47520
An out-of-bounds read flaw was found in the Linux kernel’s Atmel WILC1000 802.11 SoC driver. This flaw allows a local to crash or potentially escalate their privileges on the system...
CVE-2022-46146
A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is used to limit side channel attacks that could tell an attacker if a user is present in the file or not. Prometheus...