71772 matches found
CVE-2023-23586
Due to a vulnerability in the iouring subsystem, it is possible to leak kernel memory information to the user process. timensinstall calls currentissinglethreaded to determine if the current process is single-threaded, but this call does not consider iouring's ioworker threads, thus it is possibl...
CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...
CVE-2023-22320
OpenAM Web Policy Agent OpenAM Consortium Edition provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerabilityCWE-22. Furthermore, a crafted URL may be evaluated incorrectly...
CVE-2022-40304
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...
CVE-2022-2884
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...
CVE-2022-37048
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in getl2lenprotocol at common/get.c:344. NOTE: this is different from CVE-2022-27941...
CVE-2022-36946
nfqnlmangle in net/netfilter/nfnetlinkqueue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service panic because, in the case of an nfqueue verdict with a one-byte nftapayload attribute, an skbpull can encounter a negative skb-len...
CVE-2022-28615
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
CVE-2022-28389
mcbausbstartxmit in drivers/net/can/usb/mcbausb.c in the Linux kernel through 5.17.1 has a double free...
CVE-2021-23632
All versions of package git are vulnerable to Remote Code Execution RCE due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git =...
CVE-2022-23943
Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions...
CVE-2021-3596
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt and uses the value directly, which leads to a crash and segmentation fault...
CVE-2021-43300
Stack overflow in PJSUA API when calling pjsuarecordercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation...
CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2021-3764
A memory leak flaw was found in the Linux kernel's ccprunaesgcmcmd function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability...
CVE-2021-33909
fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05...
CVE-2020-26558
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...
CVE-2020-1917
xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...
CVE-2021-26910
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation...
CVE-2020-24335
An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets...
CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...
CVE-2019-18210
Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...
CVE-2020-7059
When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...
CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...
CVE-2019-17498
In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...
CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...
CVE-2019-7283
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...
CVE-2017-14868
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...
CVE-2017-2636
Race condition in drivers/tty/nhdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service double free by setting the HDLC line discipline...
CVE-2017-6074
The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service double free via an application that makes an IPV6RECVPKTINF...
CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...
CVE-2015-1158
The addjob function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted 1 IPPCREATEJOB or 2 IPPPRINTJOB...
CVE-2014-8884
Stack-based buffer overflow in the ttusbdecfedvbsdiseqcsendmastercmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service system crash or possibly gain privileges via a large message length in an ioctl call...
CVE-2010-4345
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spooldirectory directive...
CVE-2004-0790
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service reset TCP connections via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks;...
CVE-2024-51489
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messag...
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2021-47039
In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in doformat The function uses "type" as an array index: q = unitdrive.disktype-queue; Unfortunately the bounds check on "type" isn't done until later in the function. Fix this by moving the bounds...
CVE-2024-25982
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk...
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
CVE-2023-28322
An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...
CVE-2023-29000
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt file...
CVE-2023-24329
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...
CVE-2023-21722
.NET Framework Denial of Service Vulnerability...
CVE-2022-37436
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...
CVE-2022-41089
.NET Framework Remote Code Execution Vulnerability...
CVE-2022-40735
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "appropriately short exponents" can be used when there are adequate subgroup constraints, and these sho...
CVE-2022-3667
A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotel...
CVE-2022-41845
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4Array::EnsureCapacity in Core/Ap4Array.h...
CVE-2022-32296
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...