206558 matches found
CVE-2022-25174
A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...
CVE-2021-34403
NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service...
CVE-2022-22822
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality a...
CVE-2022-21341
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...
CVE-2022-23219
A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clntcreate in the sunrpc's clntgen.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in...
CVE-2022-22742
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...
CVE-2022-22740
The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
CVE-2021-4157
An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication of files with NFS. A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system...
CVE-2021-4135
A flaw memory leak in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsimmapallocelem being called. A local user could use this flaw to get unauthorized access to some data. Mitigation The default Red Hat Enterprise...
CVE-2021-4093
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...
CVE-2021-43536
The Mozilla Foundation Security Advisory describes this flaw as: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL...
CVE-2021-4023
A flaw was found in the io-workqueue implementation in the Linux kernel. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to...
CVE-2021-3982
Linux distributions using CAPSYSNICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAPSYSNICE is currently implemented and eventually load code to increase its process scheduler priority leading to possib...
CVE-2021-32280
The transfig package is susceptible to a NULL pointer dereference on crafted input. While translating fig code, patterns which include incomplete closed splines lead to this software flaw. The highest threat from this vulnerability is availability...
CVE-2019-14540
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. Mitigation This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the applications ClassPath. Hikari is not packaged as an RPM for Red Hat...
CVE-2021-38165
A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. These credentials were included in the Server Name Indication SNI TLS extension data and sent unencrypted during the TLS connection handshake. This could lead to exposure of authentication...
CVE-2020-21675
A stack-based buffer overflow in the genptktext component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ptk format...
CVE-2020-21682
A global buffer overflow in the setfill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ge format...
CVE-2020-14297
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...
CVE-2021-3622
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...
CVE-2021-1826
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting...
CVE-2020-15254
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...
CVE-2021-29956
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will...
CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application...
CVE-2021-20235
There's a flaw in the zeromq server in src/decoderallocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer...
CVE-2021-20220
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...
CVE-2021-2001
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
CVE-2020-8284
A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...
CVE-2020-29374
An issue was discovered in the Linux kernel related to mm/gup.c and mm/hugememory.c. The getuserpages aka gup implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended read access. Mitigation Mitigation for...
CVE-2020-25645
A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this...
CVE-2020-25633
A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this...
CVE-2020-1147
It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core...
CVE-2019-17566
A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...
CVE-2020-10878
Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Mitigation To mitigate this flaw, developers should not allow untrusted regular...
CVE-2018-18751
An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...
CVE-2018-12207
A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor,...
CVE-2019-6477
A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and...
CVE-2019-8980
A kernel memory leak was found in the kernelreadfile function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service DoS...
CVE-2019-0820
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981...
CVE-2019-11044
A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths...
CVE-2020-7226
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
CVE-2019-16789
An HTTP-interpretation flaw was found in waitress, through version 1.4.0. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially...
CVE-2018-5333
In the Linux kernel through 4.14.13, the rdscmsgatomic function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rdsatomicfreeop and thus to a system panic...
CVE-2019-19534
An information-leak flaw was found in the Linux kernel's pcan USB driver. When a device using this driver connects to the system, the stack information is leaked to the CAN bus, a controller area network for automobiles. The highest threat with this vulnerability is breach of data confidentiality...
CVE-2019-19047
A flaw was found in the way the Mellanox 5th generation network adapters ConnectX series core driver in the Linux kernel handled resource cleanup in the mlx5fwfatalreporterdump function. This flaw allows an attacker with the ability to trigger errors in the mlx5crdumpcollect function to crash the...
CVE-2019-5953
A buffer overflow flaw was found in the GNU Wget in version 1.20.1 and earlier when processing Internationalized Resource Identifiers. This flaw allows an attacker to execute arbitrary code or cause a denial of service...
CVE-2019-10212
A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files. Mitigation Use Elytron instead of legacy Security subsystem...
CVE-2019-15926
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6klwmipstreamtimeouteventrx and ath6klwmicaceventrx in the file drivers/net/wireless/ath/ath6kl/wmi.c...
CVE-2019-10247
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...