206321 matches found
CVE-2023-40791
An unreleased memory page flaw unpinned was found in extractusertosg in the lib/scatterlist.c function of the Linux kernel. This flaw allows a local user, or potentially remote user, to crash the system...
CVE-2023-39192
A flaw was found in the Netfilter subsystem in the Linux kernel. The xtu32 module did not validate the fields in the xtu32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a cra...
CVE-2023-42119
An out-of-bounds read flaw was found in Exim which exists within the smtp service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer, leading to disclosure of some sensitive information. An attacker can...
CVE-2023-26049
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...
CVE-2023-40217
Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...
CVE-2021-29390
A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompresssmoothdata function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality...
CVE-2023-4567
A blind SQL injection flaw was found in tower API. This issue may allow an attacker to craft a malicious SQL query into the SOCIALAUTHGITHUBKEY parameter in the /api/v2/settings/all/ endpoint and completely compromise the backend tower SQL database...
CVE-2022-47008
A memory leak was found in binutils in the maketempdir and maketempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability...
CVE-2023-37264
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...
CVE-2021-28025
A flaw was found in the qt-qtsvg package. An integer overflow vulnerability in qsvghandler.cpp allows local attackers to cause a denial of service DoS...
CVE-2023-20873
A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are...
CVE-2023-35390
A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution...
CVE-2023-31486
A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...
CVE-2023-3610
A use-after-free vulnerability was found in the netfilter: nftables component in the Linux kernel due to a missing error handling in the abort path of NFTMSGNEWRULE. This flaw allows a local attacker with CAPNETADMIN access capability to cause a local privilege escalation problem. Mitigation In...
CVE-2023-37276
A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...
CVE-2023-34967
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...
CVE-2023-3269
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas VMAs is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, a...
CVE-2023-32257
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage th...
CVE-2023-29404
A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...
CVE-2022-21235
A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands on the system...
CVE-2023-3161
A flaw was found in the Framebuffer Console fbcon in the Linux Kernel. When providing a font-width and font-height greater than 32 to the fbconsetfont, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service...
CVE-2023-31085
A divide-by-zero flaw was found in the Linux kernel’s UBI a software layer above the MTD layer that admits the use of LVM-like logical volumes on top of MTD devices. This flaw allows a local user to crash the system...
CVE-2023-3027
The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...
CVE-2022-24434
A flaw was found in the Node.js dicer module. The affected versions of the Node.js dicer module are vulnerable to a denial of service. By sending a specially-crafted form to the server, a remote attacker can crash the node.js service. Mitigation Mitigation for this issue is either not available o...
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
CVE-2023-20863
A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server...
CVE-2023-29199
A flaw was found in the vm2 sandbox. When exception handling is triggered, the sanitization logic is not managed with proper exception handling. This issue may allow an attacker to bypass the sandbox protections which can lead to remote code execution on the hypervisor host or the host which is...
CVE-2022-48468
A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...
CVE-2023-29548
The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result...
CVE-2023-29536
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash...
CVE-2023-27487
A flaw was found in envoy. The header x-envoy-original-path should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header could then be used for trace logs and grpc logs, used ...
CVE-2021-36156
A flaw was found in Grafana Loki that could allow a remote attacker to traverse directories on the system, caused by improper input validation by the X-Scope-OrgID header value. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view some of the contents...
CVE-2023-22999
In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3qcomcreateursusbplatdev return value expects it to be NULL in the error case, whereas it is actually an error pointer...
CVE-2023-1281
A use-after-free vulnerability was found in the traffic control index filter tcindex in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. Mitigation Thi...
CVE-2023-27537
A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...
CVE-2023-28101
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the flatpak1 command-line interface by setting...
CVE-2023-28100
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux virtual console such as /dev/tty...
CVE-2023-25361
A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely...
CVE-2023-25151
A flaw was found in opentelemetry-go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration...
CVE-2023-23918
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
CVE-2023-23946
A vulnerability was found in Git. This security issue occurs when feeding a crafted input to "git apply." A path outside the working tree can be overwritten by the user running "git apply." Mitigation Use git apply --stat to inspect a patch before applying; avoid applying one that creates a...
CVE-2023-23947
A flaw was found in ArgoCD. An improper authorization bug may allow an attacker to update at least one cluster secret, enabling them to change any other cluster secret. The attacker must know the URL for the targeted cluster and additionally it should be authenticated within the ArgoCD API server...
CVE-2023-25761
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability. This may allow an attacker to control test case class names in the JUnit resources...
CVE-2022-25147
A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...
CVE-2022-3541
A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2swnvmemgetmacaddress of the file drivers/net/ethernet/sunplus/spl2swdriver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. T...
CVE-2023-25585
A flaw was found in Binutils. The use of an uninitialized field in the struct module module may lead to application crash and local denial of service...
CVE-2022-37705
A flaw was found in Amanda. The runtar SUID binary executes /usr/bin/tar as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user "amandabackup" to root...
CVE-2022-44267
A vulnerability was found in ImageMagick that is triggered when the software parses a PNG image containing a single dash - in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that adds a single dash in the name to any site using ImageMagick. The...
CVE-2021-43998
A flaw was found in HashiCorp Vault. In affected versions of HashiCorp Vault and Vault Enterprise, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy...
CVE-2023-22792
A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...