206286 matches found
CVE-2016-8735
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker...
CVE-2017-12615
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. Mitigation Ensure that readonly is set to true the default for the...
CVE-2023-39017
A code injection vulnerability was found in quartz-jobs. The issue resides in the org.quartz.jobs.ee.jms.SendQueueMessageJob.execute component, where an unchecked argument can trigger the vulnerability. Mitigation Mitigation for this issue is either not available or the currently available option...
CVE-2023-3390
A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...
CVE-2023-20861
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
CVE-2022-29581
A use-after-free flaw was found in u32change in net/sched/clsu32.c in the network subcomponent of the Linux kernel. This flaw allows a local attacker to crash the system, cause a privilege escalation, and leak kernel information. Mitigation To mitigate this issue, prevent the module clsu32 from...
CVE-2022-26832
.NET Framework Denial of Service Vulnerability...
CVE-2021-41182
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...
CVE-2019-17498
In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...
CVE-2024-1874
A command injection flaw was found in PHP, exclusive to Windows environments. This flaw allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function in specific conditions. The CreateProcess function implicitly uses cmd.exe when...
CVE-2023-38545
A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then...
CVE-2023-40175
An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests...
CVE-2020-7662
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
CVE-2022-43680
A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...
CVE-2022-42003
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...
CVE-2022-38533
A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash. Mitigation Do not process untrusted files with the strip utility...
CVE-2022-34716
An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information...
CVE-2021-33655
An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUTVSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation Mitigation...
CVE-2024-42472
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
CVE-2022-40982
A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core. Mitigation T...
CVE-2022-44268
An information disclosure vulnerability was found in ImageMagick. This flaw allows an attacker to read arbitrary files from a server when parsing an image and happens when the program is parsing a PNG image. If ImageMagick has permission to read other arbitrary files, the resulting image could ha...
CVE-2022-2068
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...
CVE-2022-22970
A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
CVE-2022-28893
A use-after-free flaw was found in the Linux kernel’s net/sunrpc/xprt.c function in the Remote Procedure Call SunRPC protocol. This flaw allows a local attacker to crash the system, leading to a kernel information leak issue. Mitigation This flaw can be mitigated by preventing the affected SUNRPC...
CVE-2024-21733
An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. This flaw allows a remote attacker to access files from another user that should be otherwise prevented by limits or...
CVE-2022-41881
A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...
CVE-2018-11776
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...
CVE-2018-15473
A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data...
CVE-2024-24549
A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn't reset immediately. Instead, the reset action occurs only aft...
CVE-2024-0985
A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...
CVE-2022-1652
A use-after-free flaw was found in the Linux kernel’s floppy driver implementation. This flaw allows a local attacker to possibly corrupt memory. Mitigation The floppy module will be auto-loaded when the hardware is present. Its loading can be prevented with the following instructions: echo...
CVE-2022-22963
A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls. Mitigation...
CVE-2021-21644
A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-33910
A flaw was found in systemd. The use of alloca function with an uncontrolled size in function unitnamepathescape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack. The highest threat from th...
CVE-2023-35942
A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service LDS update with the same gRPC access log configuration...
CVE-2022-2739
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive...
CVE-2022-23647
A Cross-site scripting attack was found in Prism. The command-line plugin did not properly escape its output. This issue leads to the input text being inserted into the Document Object Model DOM as HTML code, which can be exploited by an attacker...
CVE-2021-41183
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...
CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Mitigation To address the issue found upgrade to GnuTLS 3.8.2 or later versions...
CVE-2023-26136
A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...
CVE-2021-29923
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2023-4444
A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file vm\patient\edit-user.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to...
CVE-2023-45237
A security flaw has been identified in the cryptographic system of EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized remote attacker to potentially expose sensitive information. Mitigation Mitigation for this issue is either not...
CVE-2023-25690
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
CVE-2022-27239
A stack-based buffer overflow issue was found in cifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges...
CVE-2022-22719
A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability. Mitigation Disabling modlua and...
CVE-2022-23806
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource...
CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. Mitigation This issue only affects the user...
CVE-2022-32743
A flaw was found in samba that validates the domain name system's host name. This issue links a trailing $ to objectclass=computer, which helps avoid the creation of SPN values that collide with other, possibly privileged hosts...
CVE-2022-24329
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...