206309 matches found
CVE-2017-12134
The xenbiovecphysmergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability...
CVE-2017-5432
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
CVE-2016-10159
Integer overflow in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory consumption or application crash via a truncated manifest entry in a PHAR archive...
CVE-2016-8743
It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a...
CVE-2026-1103
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...
CVE-2023-25572
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...
CVE-2019-7711
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the user controlled shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses...
CVE-2025-1188
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched...
CVE-2025-53820
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the index.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...
CVE-2025-22272
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...
CVE-2024-21140
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....
CVE-2024-27834
A vulnerability was found in Webkit. This flaw allows an attacker with arbitrary read and write capability to bypass pointer authentication. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising...
CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...
CVE-2024-24788
A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions. Mitigation...
CVE-2023-31346
A flaw was found in some AMD CPUs where the guest message responses have not been zero-initialized. This issue may allow a local attacker with the ability to run arbitrary code on a container or virtual machine to discover sensitive information contained in the host system's memory. Mitigation...
CVE-2024-26919
In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpiunregisterinterface tries to remove a debugfs directory named after the ulpi device itself. This results in t...
CVE-2024-26778
In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although...
CVE-2023-52629
A vulnerability was found in the push-switch driver of Linux Kernel due to improper cleanup sequence in switchdrvremove. Originally, flushwork was placed before timershutdownsync, allowing the worker to potentially be rescheduled in switchtimer and causing a use-after-free bug. Mitigation Red Hat...
CVE-2024-29180
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...
CVE-2024-1657
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of...
CVE-2023-52447
In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr decreases the...
CVE-2024-24855
A race condition vulnerability was found in the Linux kernel's SCSI device driver in the lpfcunregisterfcfrescan function. This issue can result in a NULL pointer dereference issue, possibly leading to a kernel panic or denial of service...
CVE-2023-6779
An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...
CVE-2021-33630
A NULL pointer dereference flaw was found in the Linux kernel's network scheduler. This issue occurs when offloading is enabled, the cbs instance is not added to the list. The code also incorrectly handles the case when offload is disabled without removing the qdisc. This could allow a local user...
CVE-2024-0822
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command...
CVE-2024-22365
A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with /tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pamnamespace configured will cause the openat in protectdir to...
CVE-2024-21886
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2024-20985
Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...
CVE-2023-45233
The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability. Mitigation Mitigation for this issue is...
CVE-2022-48619
A vulnerability was found in drivers/input/input.c in the Linux Kernel, where the inputsetcapability function mishandles scenarios where an event code is outside the bitmap. This issue can lead to a kernel panic when the event code exceeds the bitmap for the specified event type, which could allo...
CVE-2023-4001
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...
CVE-2024-21319
A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...
CVE-2024-22051
An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. Mitigation Disabling any use of the table extension of cmark-gfm will prevent this vulnerability from being triggered...
CVE-2023-42890
A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2023-5676
Eclipse OpenJ9 is vulnerable to a denial of service, caused by a flaw when a shutdown signal SIGTERM, SIGINT or SIGHUP is received before the JVM has finished initializing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause an infinite...
CVE-2023-5090
A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Mitigation Mitigation for this issue is either not available or the currently available optio...
CVE-2023-42794
A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be delete...
CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
CVE-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
CVE-2023-43665
An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs...
CVE-2022-45703
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function displaydebugsection in file readelf.c...
CVE-2020-19724
A memory consumption issue was identified in binutils in getdata function in nm.c file. This flaws could allow attackers to cause a denial of service via crafted command...
CVE-2023-4135
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can ...
CVE-2023-4045
The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy...
CVE-2023-3637
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...
CVE-2023-3567
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. Mitigation Mitigation for this issue is either not available or the current...
CVE-2023-3268
An out-of-bounds OOB memory access flaw was found in the Linux kernel in relayfilereadstartpos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2023-20867
A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity...
CVE-2023-1428
A flaw was found in the gRPC library. Affected versions of this package are vulnerable to a reachable assertion, causing the abort function to be called and resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...
CVE-2023-34432
A heap buffer overflow vulnerability was found in sox, in the lsxreadbuf function at sox/src/formatsi.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure...