206304 matches found
CVE-2022-24975
A flaw known as "GitBleed" was found in Git, where repositories cloned via the "–mirror" option may leak secrets or sensitive information if not properly removed/deleted earlier. This flaw allows attackers and bug bounty hunters to use this discrepancy in Git behavior to find hidden secrets and...
CVE-2021-33200
A flaw was found in kernel/bpf/verifier.c in BPF in the Linux kernel. An incorrect limit is enforced for pointer arithmetic operations which can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation. The highest threat from this vulnerability ...
CVE-2018-3640
An industry-wide issue was found in the way many modern microprocessor handle speculative access of system registers inaccessible to unprivileged user. It relies on the presence of a precisely-defined instruction sequence in the privileged code which allows speculative load of system registers an...
CVE-2024-8421
This CVE has been rejected...
CVE-2023-35941
A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC...
CVE-2023-1370
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
CVE-2022-24765
A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...
CVE-2023-28450
A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Mitigation Systems that can not be updated can still configure dnsmasq to use the recommended maximum EDNS value by setting edns-packet-max=1232 in the dnsmasq...
CVE-2022-26373
A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation eIBRS capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer RSB...
CVE-2022-23307
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
CVE-2021-34798
A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has...
CVE-2021-31618
A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service...
CVE-2019-0211
A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process usually root. An attacker having access to run arbitrary scripts on the web server PHP, CGI etc could use this flaw to run code on the...
CVE-2019-20372
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. Mitigation To mitigate this issue, use a named location instead ...
CVE-2023-50290
A flaw was found in Apache Solr. This issue may allow an unauthorized actor access to sensitive information. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the...
CVE-2021-27861
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and optionally VLAN0 headers...
CVE-2019-6340
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...
CVE-2022-1671
A NULL pointer dereference flaw was found in rxrpcpreparses in net/rxrpc/serverkey.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information...
CVE-2022-21443
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit...
CVE-2021-28164
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...
CVE-2024-38780
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...
CVE-2024-0057
A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggerin...
CVE-2023-36664
A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix...
CVE-2023-31890
A flaw was found in glazedlists, which permits code execution when deserializing code via the BeanXMLByteDecoder's decode method. This flaw allows an attacker to execute code on the vulnerable system...
CVE-2023-24540
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
CVE-2022-3171
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...
CVE-2022-33743
An incomplete cleanup flaw was found in the Linux kernel’s Xen networking XDP eXpress Data Path subsystem. This flaw allows a local user to crash the system...
CVE-2021-36368
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...
CVE-2022-30594
A flaw was found in the Linux kernel. The PTRACESEIZE code path allows attackers to bypass intended restrictions on setting the PTSUSPENDSECCOMP flag, possibly disabling seccomp. Mitigation If ptrace is not required, ptrace can be disabled in multiple ways. 1. SELinux policy. setsebool -P...
CVE-2022-0396
A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP strea...
CVE-2022-23221
A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...
CVE-2018-3639
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...
CVE-2017-20005
A flaw was found in nginx. When a date exists earlier than the standard epoch, as demonstrated by a file with a modification date in 1969 that causes a negative number to be treated as an unsigned integer, the year field becomes five characters long, larger than is allocated for, leading to a...
CVE-2023-24824
A flaw was found in CommonMarker. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service...
CVE-2023-0045
A flaw was found in the Linux kernel. This issue occurs due to a failure mitigating the Spectre-BTI attack using the kernel API, as IBPB is not issued during the syscall until the next schedule, leaving the system vulnerable. Mitigation For user-mode applications, a usleep after the prctl call wi...
CVE-2022-35260
A vulnerability was found in curl. The issue occurs when curl is told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, it can write a zero byt...
CVE-2022-27776
A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...
CVE-2022-29156
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrscltdevrelease...
CVE-2021-26291
A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model pom, which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that...
CVE-2019-10215
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser...
CVE-2025-2787
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....
CVE-2023-6817
A use-after-free flaw was found in the Netfilter subsystem in the Linux kernel via the nftpipapowalk function. This issue may allow a local user with CAPNETADMIN capability to trigger an application crash, information disclosure, or local privilege escalation. Mitigation In order to trigger the...
CVE-2021-30047
VSFTPD is vulnerable to a denial of service, caused by only a limited number of connections allowed, a remote attacker could exploit this vulnerability to cause a denial of service condition...
CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...
CVE-2018-1273
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
CVE-2017-7529
A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory b...
CVE-2024-29059
.NET Framework Information Disclosure Vulnerability...
CVE-2023-45871
A flaw was found in igbconfigurerxring in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue. Mitigation Mitigation for this...
CVE-2023-33201
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...