206304 matches found
CVE-2021-43565
There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...
CVE-2023-4016
A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with "ps" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash...
CVE-2020-23064
A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the...
CVE-2023-28205
A flaw was found in the webkitgtk package. An improper input validation issue may lead to a use-after-free vulnerability. This vulnerability allows attackers with network access to pass specially crafted web content files, causing Denial of Service or Arbitrary Code Execution...
CVE-2021-46778
A contention-based side channel vulnerability was found in hw. Some AMD CPUs using simultaneous multithreading SMT may allow an attacker to measure the contention level on scheduler queues, leading to potential leakage of sensitive information...
CVE-2022-37434
A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader...
CVE-2023-37464
A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...
CVE-2022-31631
A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplie...
CVE-2022-38477
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developer Nika Layzell and the Mozilla Fuzzing Team, reporting memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption, and we...
CVE-2022-22577
A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack...
CVE-2019-16905
A Denial of service flaw was found in the way OpenSSH parsed certain specially crafted XMSS eXtended Merkle Signature Scheme private keys. Any OpenSSH functionality which parses private keys is vulnerable, for example: 1. If ‘sshd’ daemon is configured to use an XMSS host key that is malformed, i...
CVE-2024-23897
A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents expandAtFiles...
CVE-2021-22555
A flaw was discovered in processing setsockopt IPTSOSETREPLACE or IP6TSOSETREPLACE for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leverage...
CVE-2024-38474
A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...
CVE-2023-1018
An out-of-bound read vulnerability was found in the TPM 2.0's Module Library, which allows the reading of 2-byte data after the end of the TPM command. This flaw allows an attacker to leak confidential data stored within the libtpms context...
CVE-2021-35937
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...
CVE-2019-15845
A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...
CVE-2024-3372
A vulnerability was found in MongoDB. A remote, unauthenticated attacker could trigger the flaw by providing an invalid BSON. This issue can cause the server to incorrectly serialize the file, impacting the availability and integrity...
CVE-2021-3894
A vulnerability was found in the Linux kernel. This flaw allows an unprivileged local user to panic the system, resulting in a denial of service by calling setsockopt2 with specially crafted arguments. The highest threat from this vulnerability is to system availability. Mitigation As the SCTP...
CVE-2023-1945
The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash...
CVE-2022-0812
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpcrdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information...
CVE-2021-0920
A vulnerability was found in unixdgramrecvmsg in net/unix/afunix.c in the Linux kernel's garbage collection for Unix domain socket file handlers. In this flaw, a missing cleanup may lead to a use-after-free due to a race problem. This flaw allows a local user to crash the system or escalate their...
CVE-2022-2586
A use-after-free flaw was found in nftables cross-table in the net/netfilter/nftablesapi.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation. Mitigation...
CVE-2022-30522
A flaw was found in the modsed module of httpd. A very large input to the modsed module can result in a denial of service due to excessively large memory allocations. Mitigation Disabling modsed and restating httpd will mitigate this flaw...
CVE-2020-24025
A flaw was found in nodejs-node-sass. Certificate validation is disabled when requesting binaries even if the user is not specifying an alternative download path...
CVE-2020-16845
A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The...
CVE-2022-1016
A flaw was found in the Linux kernel in net/netfilter/nftablescore.c:nftdochain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. Mitigation On...
CVE-2021-20325
Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be...
CVE-2024-4741
A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSLfreebuffers function may cause memory to be accessed that was previously freed in some situations. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat...
CVE-2023-35828
A race condition was found in the Linux kernel's Renesas USB3.0 controller when removing the module before cleanup in the usbhsremove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors...
CVE-2021-25741
A flaw was found in kubernetes. An authorized user can exploit this by creating pods with crafted subpath volume mounts to access files and directories outside of the volume, including on the host node's filesystem. Mitigation OpenShift Container Platform runs with SELinux in enforcing mode, whic...
CVE-2023-21808
A vulnerability exists in how dotnet reads debugging symbols. Reading a malicious symbols file may result in remote code execution...
CVE-2022-34918
A heap buffer overflow flaw was found in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFTDATAVERDICT type. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation In order to trigger the issue, it requir...
CVE-2022-1586
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...
CVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...
CVE-2019-0190
A flaw was found in the way modssl handled client renegotiations. A remote attacker could send a malicious request to cause modssl to enter an infinite loop resulting in a denial of service...
CVE-2023-21980
Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
CVE-2022-42004
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...
CVE-2019-0232
A flaw was discovered in Apache Tomcat, where a Java Runtime Environment can pass a command-line argument in the Windows operating system. The execution of arbitrary commands via Tomcat’s Common Gateway Interface CGI Servlet, allows an attacker to perform remote code execution...
CVE-2023-37466
A flaw was found in the vm2 Promise handler sanitization, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criter...
CVE-2021-40438
A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...
CVE-2020-10770
A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allows an attacker to use this parameter to execute a Server-side request forgery SSRF attack...
CVE-2023-41056
A flaw was found in Redis. When processing a certain sequence of payloads, Redis may incorrectly handle the resizing of memory buffers, leading to a heap-based buffer overflow, potentially resulting in a denial of service or remote code execution. Mitigation Mitigation for this issue is either no...
CVE-2022-32893
A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to an out-of-bounds write. This flaw allows an attacker with network access to pass specially crafted web content files, causing arbitrary code execution...
CVE-2022-32275
A flaw was found in grafana. This vulnerability occurs when the traversal path is explored, and the authentication system redirects to an internal system page that authenticated users should only access...
CVE-2021-45105
A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...
CVE-2023-42795
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information. Mitigati...
CVE-2023-44387
A flaw was found in Gradle. When copying files or creating archives, Gradle does not preserve symbolic links, instead resolving them to their underlying target file, but permissions of the new file use those of the link instead of those from the target file. This issue can lead to files with...
CVE-2023-30608
A flaw was found in sqlparse. The SQL parser contains a regular expression vulnerable to a Regular Expression Denial of Service ReDoS. The vulnerability may lead to a denial of service DoS...