206304 matches found
CVE-2022-25147
A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...
CVE-2022-44267
A vulnerability was found in ImageMagick that is triggered when the software parses a PNG image containing a single dash - in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that adds a single dash in the name to any site using ImageMagick. The...
CVE-2021-43998
A flaw was found in HashiCorp Vault. In affected versions of HashiCorp Vault and Vault Enterprise, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy...
CVE-2023-22792
A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...
CVE-2021-26316
A flaw was found in hw. Failure to validate the BIOS's communication buffer and communication service may allow an attacker to tamper with the buffer, resulting in potential System Management Mode SMM arbitrary code execution. Mitigation Please contact AMD for more updates on this flaw...
CVE-2023-0468
A use-after-free flaw was found in iouring/poll.c in iopollcheckevents in the iouring subcomponent in the Linux Kernel due to a race condition of pollrefs. This flaw may cause a NULL pointer dereference...
CVE-2020-36649
A vulnerability was found in PapaParse. The affected function is present in the papaparse.js file. The manipulation leads to an inefficient regular expression complexity...
CVE-2023-0229
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context...
CVE-2022-40716
A flaw was found in the HashiCorp Consul package. In the affected versions of this package, a specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names...
CVE-2022-23516
An uncontrolled recursion vulnerability was found in rubygem loofah. While sanitizing certain sections, loofah is susceptible to stack exhaustion, which can result in a denial of service through CPU resource consumption...
CVE-2022-3108
An issue was discovered in the Linux kernel through 5.16-rc6. kfdparsesubtypeiolink in drivers/gpu/drm/amd/amdkfd/kfdcrat.c lacks check of the return value of kmemdup...
CVE-2022-3630
A memory leak flaw was found in the Linux kernel IPSec functionality. This issue could allow a local user to crash the system...
CVE-2022-46366
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the also unsupported 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no...
CVE-2022-4285
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599...
CVE-2020-35539
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2022-3598
An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition...
CVE-2022-39260
Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the...
CVE-2022-38249
Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the MTR component in version 1.0.4...
CVE-2022-2929
A vulnerability was found in the DHCP server where the "fqdnuniversedecode" function allocates buffer space for the contents of option 81 fqdn data received in a DHCP packet. The maximum length of a DNS "label" is 63 bytes. The function tests the length byte of each label contained in the "fqdn";...
CVE-2022-36056
A vulnerability was found in cosign, where it incorrectly verified an artifact when the embedded rekorBundle does not reference the given signature. This flaw allows an attacker to exploit integrity and confidentiality...
CVE-2022-32886
A vulnerability was found in webkitgtkm, where a buffer overflow issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2022-36067
A flaw was found in the vm2 sandbox when running untrusted code, as the sandbox setup does not manage proper exception handling. This flaw allows an attacker to bypass the sandbox protections and gain remote code execution on the hypervisor host or the host which is running the sandbox. Mitigatio...
CVE-2022-2663
A flaw was found in the Linux kernel in nfconntrackirc where the message handling can be confused and it incorrectly matches on the message. An attacker could exploit this vulnerability to bypass firewall when users are using unencrypted IRC with nfconntrackirc configured. Mitigation To mitigate...
CVE-2022-20148
In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CVE-2021-33646
A flaw was found in libtar. This security vulnerability occurs because the thread function in libtar doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...
CVE-2021-33644
A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in header struct being 0 to trigger a calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...
CVE-2022-2469
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...
CVE-2022-2869
A flaw was found in libtiff's tiffcrop tool that has a uint32t underflow, which leads to an out-of-bounds read and write in the extractContigSamples8bits routine. This flaw allows an attacker who supplies a crafted file to tiffcrop to trick a user into opening the crafted file with tiffcrop,...
CVE-2022-2191
A flaw was found in the Jetty-server package. This flaw allows an attacker to send invalid requests, causing a denial of service in the Jetty Server...
CVE-2022-21525
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2022-25758
A flaw was found in the scss-tokenizer package. Affected versions of this package are vulnerable to a regular expression denial of service ReDoS attacks...
CVE-2022-32742
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...
CVE-2022-2031
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...
CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. This flaw allows a malicious user to read the...
CVE-2022-34177
A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...
CVE-2022-29228
A flaw was found in Envoy. The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT in newer versions and corrupts memory on earlier versions...
CVE-2022-2000
An out-of-bounds write vulnerability was found in Vim's appendcommand function of the src/exdocmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflo...
CVE-2022-29227
A flaw was found in Envoy. Internal redirects for requests with bodies or trailers are not safe if the redirect prompts an Envoy-generated local reply. A remote attacker can exploit this to cause a denial of service. Mitigation Disable internal redirects if crashes are observed...
CVE-2018-10289
In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...
CVE-2022-26144
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code if CSP allows it in managepluginpage.php and managepluginuninstall.php when a crafted plugin is installed...
CVE-2021-23165
A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may lead to execute arbitrary code and denial of service...
CVE-2021-37970
Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-21209
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2022-21131
A flaw was found in hw. Improper access control for some IntelR XeonR processors may potentially allow an authenticated user to enable information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat...
CVE-2020-8698
A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...
CVE-2022-29173
A flaw was found in go-tuf. This flaw allows an attacker to cause clients to install older software than the software the client previously knew to be available and may include software with known vulnerabilities...
CVE-2022-29909
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
CVE-2022-29869
A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs...
CVE-2022-25645
A flaw was found in the dset package via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains a proto, constructor, or prototype. This flaw allows an attacker to craft a malicious object, bypassing this check and achieving prototype...