71772 matches found
CVE-2022-45868
The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...
CVE-2022-3664
A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has...
CVE-2022-2858
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction...
CVE-2022-2964
A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...
CVE-2022-40307
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free...
CVE-2021-3521
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...
CVE-2022-1641
Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction...
CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
CVE-2022-2210
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2...
CVE-2022-31285
An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h...
CVE-2022-1789
With shadow paging enabled, the INVPCID instruction results in a call to kvmmmuinvpcidgva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference...
CVE-2022-29581
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions...
CVE-2022-0604
Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...
CVE-2022-28356
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/afllc.c...
CVE-2022-1016
A flaw was found in the Linux kernel in net/netfilter/nftablescore.c:nftdochain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker...
CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...
CVE-2021-33139
Improper conditions check in firmware for some IntelR Wireless BluetoothR and KillerTM BluetoothR products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access...
CVE-2021-0175
Improper Validation of Specified Index, Position, or Offset in Input in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access...
CVE-2022-21299
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
CVE-2022-21296
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
CVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...
CVE-2021-28714
Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...
CVE-2021-45485
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/outputcore.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses...
CVE-2021-3573
A use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hciunregisterdev together with one of the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo,...
CVE-2020-24588
The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames which is mandatory as part of 802.11...
CVE-2020-25671
A vulnerability was found in Linux Kernel, where a refcount leak in llcpsockconnect causing use-after-free which might lead to privilege escalations...
CVE-2020-3702
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...
CVE-2020-13899
An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...
CVE-2019-17017
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.4 and Firefox 72...
CVE-2019-16905
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing...
CVE-2019-12407
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive...
CVE-2019-15090
An issue was discovered in drivers/scsi/qedi/qedidbg.c in the Linux kernel before 5.1.12. In the qedidbg family of functions, there is an out-of-bounds read...
CVE-2019-12819
An issue was discovered in the Linux kernel before 5.0. The function mdiobusregister in drivers/net/phy/mdiobus.c calls putdevice, which will trigger a fixedmdiobusinit use-after-free. This will cause a denial of service...
CVE-2019-2537
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
CVE-2018-20677
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...
CVE-2018-5803
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash...
CVE-2017-7525
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
CVE-2017-1001000
The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...
CVE-2016-10200
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service use-after-free by making multiple bind system calls without properly ascertaining whether a socket has the SOCKZAPPED status, related to...
CVE-2014-9912
The geticudispvaluesrcphp function in ext/intl/locale/localemethods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service buffer overflow or possibly have...
CVE-2015-4643
Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...
CVE-2015-2348
The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...
CVE-2014-9293
The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...
CVE-2014-3781
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request...
CVE-2013-2028
The ngxhttpparsechunked function in http/ngxhttpparse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service crash and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based...
CVE-2011-1675
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMITFSIZE value, a related issue to CVE-2011-1089...
CVE-2011-1071
The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to...
CVE-2010-2103
Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...
CVE-2009-2768
The loadflatsharedlibrary function in fs/binfmtflat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by executing a shared flat binary, which triggers a...
CVE-2009-0661
Wee Enhanced Environment for Chat WeeChat 0.2.6 allows remote attackers to cause a denial of service crash via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read...