206363 matches found
CVE-2023-6563
An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...
CVE-2023-6606
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Mitigation To mitigate this issue, prevent module cifs from being loaded. Please see...
CVE-2023-26364
A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment. Mitigation No mitigation is yet available for this...
CVE-2023-5176
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs are present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these cou...
CVE-2023-5156
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash...
CVE-2023-26048
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...
CVE-2022-44729
A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...
CVE-2022-47673
An issue was discovered in Binutils addr2line before 2.39.3, function parsemodule contains multiple out of bound reads which may cause a denial of service or other unspecified impacts...
CVE-2023-32004
A vulnerability was found in NodeJS. This security issue occurs as improper handling of buffers in file system APIs, causing a traversal path to bypass when verifying file permissions. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the R...
CVE-2023-37450
A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution. Mitigation This vulnerability can be mitigated by setting the environment variable JSCuseWebAssembly=0, which will disable support for WebAssembly. It's not necessary...
CVE-2023-1295
A time-of-check to time-of-use flaw was found in the iouring subsystem's IORINGOPCLOSE operation in the Linux kernel. This flaw allows a local user to elevate their privileges to root...
CVE-2023-3128
A flaw was found in Grafana, which validates Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant AzureAD OAuth...
CVE-2023-34432
A heap buffer overflow vulnerability was found in sox, in the lsxreadbuf function at sox/src/formatsi.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure...
CVE-2023-20883
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...
CVE-2023-28319
A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...
CVE-2022-25243
A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote, authenticated attacker to bypass security restrictions caused by a flaw related to the PKI secrets engine under certain configurations. An attacker can issue wildcard certificates to authorized users for a...
CVE-2023-1584
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...
CVE-2023-27536
A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting...
CVE-2023-26606
In the Linux kernel 6.0.8, there is a use-after-free in ntfstrimfs in fs/ntfs3/bitmap.c...
CVE-2023-27898
A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting XSS...
CVE-2023-1108
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...
CVE-2022-40959
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...
CVE-2022-27672
A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure. Mitigation The current mitigations for spectre V4 or spectrev2 should mitiga...
CVE-2022-1438
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting XSS vulnerability...
CVE-2023-23914
A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity...
CVE-2023-0778
A Time-of-check Time-of-use TOCTOU flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system...
CVE-2022-2879
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...
CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs...
CVE-2022-3094
A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This issue may cause named to slow down due to a lack of free memory, resulting in a denial of service DoS...
CVE-2022-4696
A use-after-free flaw was found in the iouring subsystem of the Linux kernel. This issue occurs during the IORINGOPSPLICE operation due to a missing IOWQWORKFILES flag, leading to an invalid decrease of its reference counter and later causing the use-after-free vulnerability. This flaw allows a...
CVE-2022-41721
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulat...
CVE-2022-41854
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...
CVE-2022-21222
A vulnerability was found in the css-what package. The flaw allows Regular expression denial of service ReDoS attacks, affecting system availability...
CVE-2022-3176
A use-after-free flaw was found in iouring in the Linux kernel. This flaw allows a local user to trigger the issue if a signalfd or binder fd is polled with the iouring poll due to a lack of iouring POLLFREE handling...
CVE-2022-2990
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...
CVE-2022-35948
A flaw was found in the undici package. When requesting unsanitized input on content-type headers, it is possible to inject additional requests via Carriage Return/Line Feed CRLF. Mitigation A possible mitigation is to sanitize user input when sending content-type headers...
CVE-2022-24805
A flaw was found in net-snmp. A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access issue...
CVE-2022-2042
A heap use-after-free vulnerability was found in Vim's skipwhite function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a...
CVE-2022-22995
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...
CVE-2022-1735
A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not...
CVE-2021-36203
The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request...
CVE-2021-44717
There's a flaw in golang's syscall.ForkExec interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked...
CVE-2022-29810
A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover...
CVE-2022-24882
A vulnerability was found in freerdp. The flaw occurs because the NT LAN Manager NTLM authentication does not properly abort when someone provides an empty password value. This issue exposes an improper authenticating vulnerability...
CVE-2022-28202
A flaw was found in MediaWiki. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...
CVE-2022-26127
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babelpacketexamin function in babeld/message.c...
CVE-2021-45960
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability...
CVE-2021-23192
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. Mitigation Setting dcesrv:max auth states=0 in the...
CVE-2021-41798
Cross-site scripting XSS vulnerability was found in mediawiki. Due to insufficient sanitization of user-supplied data in Special:Search function a remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...
CVE-2021-39537
A heap overflow vulnerability has been found in the ncurses package, particularly in the "tic". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the...