206304 matches found
CVE-2022-23635
A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash...
CVE-2022-21824
Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...
CVE-2019-5544
A heap overflow vulnerability was found in OpenSLP. An attacker could use this flaw to gain remote code execution. Mitigation There is no known mitigation...
CVE-2023-2426
An out-of-range pointer offset vulnerability was found in Vim's mbcharlen function of the src/mbyte.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering the vulnerability that causes an application to crash, leading to a denial of service...
CVE-2022-20421
A vulnerability was found in the binderincreffornode function in drivers/android/binder.c due to memory corruption, causing a use-after-free issue in the Linux kernel. This flaw could lead to local privilege escalation...
CVE-2022-2964
A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. Mitigation Mitigation for this issue is either not available or the currently available...
CVE-2019-20445
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
CVE-2022-22965
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...
CVE-2022-26520
A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or serv...
CVE-2022-21656
A flaw was found in envoy. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames...
CVE-2023-42118
An integer underflow flaw was discovered in libspf2 library which exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. This vulnerability allows...
CVE-2022-46175
A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...
CVE-2022-2585
A use-after-free flaw was found in the Linux kernel’s POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation Mitigation f...
CVE-2022-28356
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/afllc.c...
CVE-2021-33909
An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...
CVE-2017-12617
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. Mitigation Ensure that readonly is set to true the default for the...
CVE-2024-0193
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFTCHAIN object or NFTOBJECT object, allowing a local...
CVE-2022-2905
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of the map. This flaw allows a local user to gain unauthorized access to data. Mitigation Mitigation for this issue is either not...
CVE-2019-17267
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. Mitigation The following conditions are needed for an exploit, we recommend avoiding all if possible Deserialization from sources yo...
CVE-2024-40725
A flaw was found in httpd. The fix for CVE-2024-39884 ignores some uses of the legacy content-type based configuration of handlers. "AddType" and similar configurations, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...
CVE-2023-24329
A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
CVE-2022-28615
An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...
CVE-2020-11612
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
CVE-2022-39328
A race condition was found in Grafana in the middleware logic that could allow bypassing authentication. This flaw allows an unauthenticated user to successfully query an administration endpoint under a heavy load by using a load testing script hitting specific endpoints...
CVE-2021-39275
An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. Mitigation Mitigation for this issue is either no...
CVE-2020-11993
A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...
CVE-2024-6345
A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...
CVE-2023-20577
A vulnerability was found in AMD hardware due to a heap overflow in the SMM module. This issue could allow a local unauthenticated attacker to enable writing to SPI flash to execute arbitrary code. Mitigation Mitigation for this issue is either not available or the currently available options do...
CVE-2023-42115
An out-of-bounds write flaw exists in Exim within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute cod...
CVE-2023-30841
A flaw was found in the baremetal-operator, where the ironic and ironic-inspector deployed within the baremetal operator using the included deploy.sh store .htpasswd files as ConfigMaps instead of Secrets. This issue causes the plain-text username and hashed password to be readable by anyone havi...
CVE-2023-22809
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...
CVE-2022-3775
A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this...
CVE-2022-2928
An integer overflow vulnerability was found in the DHCP server. When the "optioncodehashlookup" function is called from "addoption", it increases the option's "refcount" field. However, there is not a corresponding call to "optiondereference" to decrement the "refcount" field. The "addoption"...
CVE-2022-22971
A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...
CVE-2022-21434
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
CVE-2022-22720
A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling. Mitigation There are currently no known mitigations for this issue...
CVE-2022-0336
A logic flaw in the Samba Active Directory Domain Controller leads to a denial of service and service impersonation. This flaw allows an attacker with the ability to write to an account to perform a denial of service attack or service impersonation by adding an SPN that matches an existing servic...
CVE-2021-36222
A flaw was found in krb5. This flaw allows an unauthenticated attacker to cause a NULL dereference in the KDC by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST. The highest threat from this vulnerability is to system availability...
CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...
CVE-2017-8923
An integer overflow vulnerability in PHP can lead to a buffer overflow when constructing extremely long strings with the ".=" operator. In unusual circumstances, this could be used by an attacker to cause an application to crash or possibly have other consequences...
CVE-2023-45133
A vulnerability was discovered in the babel package. Using certain plugins with Babel code could lead to arbitrary code execution. This issue could allow a remote attacker to craft code and then trick the user into compiling it. Mitigation Mitigation for this issue is either not available or the...
CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use...
CVE-2022-26307
A flaw was found in LibreOffice, where the master key was poorly encoded, resulting in weakening its entropy from 128 to 43 bits. This issue makes the stored passwords that are encrypted with a single master key provided by the user vulnerable to a brute force attack if an attacker has access to...
CVE-2021-3600
A flaw was found in the Linux kernel’s eBPF verification code, where the eBPF 32-bit div/mod source register truncation could lead to out-of-bounds reads and writes. By default, accessing the eBPF verifier is only possible to privileged users with CAPSYSADMIN. This flaw allows a local user who ca...
CVE-2016-8735
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker...
CVE-2020-1938
CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...
CVE-2024-30171
A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...
CVE-2023-39017
A code injection vulnerability was found in quartz-jobs. The issue resides in the org.quartz.jobs.ee.jms.SendQueueMessageJob.execute component, where an unchecked argument can trigger the vulnerability. Mitigation Mitigation for this issue is either not available or the currently available option...