71772 matches found
CVE-2021-43779
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of...
CVE-2021-33033
The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...
CVE-2020-27777
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further increase their privileges to...
CVE-2020-10683
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...
CVE-2016-0777
The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key...
CVE-2014-0226
Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service heap-based buffer overflow, or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard...
CVE-2013-1461
The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service NULL pointer dereference and service crash via a SOAPAction header that lacks a pound sign character, a different vulnerability than...
CVE-2007-5769
Double free vulnerability in the getreply function in ftp.c in netkit ftp netkit-ftp 0.17 20040614 and later allows remote FTP servers to cause a denial of service application crash and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is...
CVE-2004-2043
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service crash via a long database name, as demonstrated using the gsec command...
CVE-2022-20128
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-2201
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...
CVE-2024-0985
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
CVE-2023-39197
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking conntrack in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol...
CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...
CVE-2023-22067
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...
CVE-2023-4573
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...
CVE-2023-2828
Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
CVE-2023-23109
In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv...
CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data...
CVE-2022-3304
Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-39410
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2022-24829
Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api...
CVE-2021-0072
Improper input validation in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable information disclosure via local access...
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
CVE-2021-40537
Server Side Request Forgery SSRF vulnerability exists in owncloud/userldap 0.15.4 in the settings of the userldap app. Administration role is necessary for exploitation...
CVE-2021-26291
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...
CVE-2015-5600
The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service CPU consumptio...
CVE-2010-1233
Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects...
CVE-2007-1353
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copyfromuser function accessing an uninitialized stack buffer...
CVE-2006-5051
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free...
CVE-2024-28240
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...
CVE-2023-38545
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host na...
CVE-2023-32250
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...
CVE-2023-24180
Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmaploader.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted elf file...
CVE-2022-47943
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2WRITE, when there is a large length in the zero DataOffset case...
CVE-2022-40961
During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 105...
CVE-2021-4159
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating som...
CVE-2022-23960
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...
CVE-2021-45402
The checkaluop function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."...
CVE-2021-33110
Improper input validation for some IntelR Wireless BluetoothR products and KillerTM BluetoothR products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access...
CVE-2021-0076
Improper Validation of Specified Index, Position, or Offset in Input in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access...
CVE-2022-0318
Heap-based Buffer Overflow in vim/vim prior to 8.2...
CVE-2021-3997
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp...
CVE-2021-23214
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...
CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...
CVE-2020-6572
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page...
CVE-2020-1935
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...