206311 matches found
CVE-2018-25011
A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2019-25042
A flaw was found in unbound. An out-of-bounds write in the rdatacopy function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...
CVE-2019-25032
A flaw was found in unbound. An integer overflow in regionalalloc function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker and can be big enough. The highest threat from this vulnerability is to data confidentiality and integrity as well as servi...
CVE-2021-3520
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability...
CVE-2021-3514
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...
CVE-2020-36193
A flaw was found in the ArchiveTar package. ArchiveTar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing "dot dot" sequences /../ to modify...
CVE-2021-28952
A flaw was found in the Linux kernel. The soundwire device driver has a buffer overflow when an unexpected port ID number is encountered. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2021-28650
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplet...
CVE-2019-3867
A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Mitigation Toggle FEATUREPERMANENTSESSIONS to False in quay.conf...
CVE-2020-26973
The Mozilla Foundation Security Advisory describes this flaw as: Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass...
CVE-2020-35653
A flaw was found in python-pillow. The PcxDecode in Pillow has a buffer over-read when decoding a crafted PCX file due to the user-supplied stride value trusted for buffer calculations. The highest threat from this vulnerability is to system availability...
CVE-2020-27846
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2020-8908
A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure...
CVE-2020-29370
An issue was discovered in kmemcacheallocbulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71...
CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...
CVE-2020-27753
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported tha...
CVE-2020-13584
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability...
CVE-2020-26965
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...
CVE-2020-25651
A flaw was found in the SPICE file transfer protocol. File data from the host system can partially or fully end up in the client connection of an unauthorized local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highe...
CVE-2020-24750
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and system availability. Mitigation The following conditions are needed for an...
CVE-2020-14370
An information disclosure flaw was found in containers/podman. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container leak into subsequent containers. This flaw allows an...
CVE-2020-16307
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. Mitigation Mitigation for this issue is either not available or...
CVE-2020-14300
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2016-9962, which was previously fixed via RHSA-2017:0116. This issue could allow a malicious or compromised container to compromise the...
CVE-2020-13361
An out-of bounds access flaw was found in the ES1370 audio device emulator of the QEMU. This flaw occurs in the 'audiopcmswread', while reading an audio byte stream from a channel if the channel frame count is set to a malicious value. A guest user or process may use this flaw to crash the QEMU...
CVE-2020-13253
An out-of-bounds read-access flaw was found in the SD Memory Card emulator of the QEMU. This flaw occurs while performing block write commands via sdhciwrite, if a guest user has sent an 'address' which is out-of-bounds of 's-wpgroups'. A guest user or process may use this flaw to crash the QEMU...
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
CVE-2020-10720
A flaw was found in the Linux kernel’s implementation of GRO. This flaw allows an attacker with local access to crash the system. Mitigation Disabling GSO on the cards using ethtool will prevent this codepath from being taken...
CVE-2019-12519
A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow...
CVE-2020-10687
A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...
CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. Mitigation An use...
CVE-2019-11249
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...
CVE-2018-12126
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA STore Address and STD STore Data sub-operations. These sub-operations allow the processor to hand-off address generation...
CVE-2017-6001
It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sysperfeventopen calls when both try and move the same pre-existing software group into a hardware context...
CVE-2020-6822
The Mozilla Foundation Security Advisory describes this flaw as: On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code...
CVE-2020-7053
A use-after-free flaw was found in the Linux kernel’s GPU driver functionality when destroying GEM context. A local user could use this flaw to crash the system or potentially escalate their privileges. Mitigation In case of dedicated graphic card presence and i915 GPU is not being used, you can...
CVE-2020-1927
A flaw was found in Apache HTTP Server httpd versions 2.4.0 to 2.4.41. Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL...
CVE-2020-6096
A signed comparison vulnerability was found in GNU libc in the ARMv7 implementation of memcpy. The flaw affects the third argument to memcpy that specifies the number of bytes to copy. An underflow on the third argument could lead to undefined behavior such as out-of-bounds memory write and...
CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
CVE-2019-14896
A heap-based buffer overflow vulnerability was found in the Linux kernel's Marvell WiFi chip driver. A remote attacker could cause a denial of service system crash or, possibly execute arbitrary code, when the lbsibssjoinexisting function is called after a STA connects to an AP...
CVE-2019-10178
It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...
CVE-2019-17361
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...
CVE-2020-2654
Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
CVE-2019-5108
A flaw was found in the Linux kernel’s implementation of the WiFi station handoff code. An attacker within the radio range could use this flaw to deny a valid device from joining the access point. Mitigation At this time there is no known mitigations to this issue other than to install the update...
CVE-2018-3283
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Logging. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
CVE-2019-15213
A use-after-free flaw was found in the USB DVB media access driver in the Linux kernel. This flaw could allow an attacker to crash the system at device disconnect or for a kernel information leak problem to occur. The highest threat from this vulnerability is to system availability. Mitigation...
CVE-2019-0193
A flaw was found in Apache Solr’s DataImportHandlerDIH. A DIH configuration containing scripts coming from a request's dataConfig parameter allows an attacker to perform remote code execution. Mitigation Edit solrconfig.xml to configure all DataImportHandler usages with an "invariants" section...
CVE-2018-13785
In libpng 1.6.34, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service...
CVE-2019-19526
A use-after-free flaw was found in the pn533usbprobe USB interface in the Linux kernel. If the driver registration fails it needs to do all the cleanup activity and free all the related resources. A malicious USB device can cause this process to fail, causing a use-after-free vulnerability. Syste...
CVE-2019-18801
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents leading to a query-of-death scenario or may be used to bypass Envoy's...
CVE-2019-12068
A flaw was found in QEMU's LSI53C895A device emulator. When executing LSI scripts, a crafted sequence of I/O requests may cause the emulator to enter into an infinite loop. This vulnerability could be executed locally and would affect the availability of the system...