26 matches found
CVE-2021-40438
CVE-2021-40438 is an SSRF flaw in Apache HTTP Server 2.4.x through older revisions where a crafted request URI path can cause mod_proxy to forward the request to an origin server chosen by the remote user. The issue affects Apache httpd 2.4.48 and earlier; the CVSSv3.1 base score is 9.0 (CRITICAL...
CVE-2021-34798
CVE-2021-34798 is a vulnerability in Apache HTTP Server where malformed requests may cause a NULL pointer dereference in the httpd core. The issue affects Apache HTTP Server 2.4.48 and earlier, and the resulting crash can lead to a Denial of Service. Multiple connected advisories confirm the same...
CVE-2021-36160
CVE-2021-36160 affects Apache HTTP Server mod_proxy_uwsgi. A crafted request URI-path can cause mod_proxy_uwsgi to read beyond allocated memory, triggering a DoS. The issue is reported for Apache httpd versions 2.4.30–2.4.48. Public sources in connected documents corroborate the impact as an out-...
CVE-2021-4197
CVE-2021-4197 is a Linux kernel vulnerability in the cgroup process migration permission checks. A local attacker could escalate privileges due to incorrect permission validation for cgroup-associated processes (affecting both cgroup v1 and v2). The issue is described across multiple sources as a...
CVE-2020-8648
CVE-2020-8648 is a use-after-free in the Linux kernel’s n_tty_receive_buf_common function (drivers/tty/n_tty.c), affecting kernel builds up to 5.5.2. It is a local vulnerability; exploitation could crash the kernel (DoS), with CVSS notes indicating local access and high impact on availability. Co...
CVE-2021-27219
GLib’s g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64-bit to 32-bit, affecting GNOME GLib up to 2.66.6 and 2.67.x up to 2.67.3. This can lead to memory corruption. Concrete impact is described across multiple advisories (glib2.0) and vendor bulletins; miti...
CVE-2019-19063
Concretely affected software: Linux kernel realtek rtlwifi USB driver (rtl_usb_probe in drivers/net/wireless/realtek/rtlwifi/usb.c). Root cause: two memory leaks in rtl_usb_probe() leading to memory exhaustion. Impact: potential denial of service due to unbounded memory consumption (through 5.3.1...
CVE-2019-19060
CVE-2019-19060 is a memory-leak vulnerability in the Linux kernel (discovered in adis_buffer.c: adis_update_scan_mode()) that can lead to memory exhaustion and DoS. Affected: Linux kernel versions before 5.3.9 (drivers/iio/imu/adis_buffer.c). Exploitation details are not provided in the documents...
CVE-2021-27218
CVE-2021-27218 concerns GNOME GLib. On 64-bit platforms, if g_byte_array_new_take() is called with a buffer of 4GB or more, the length is truncated modulo 2**32, causing unintended length truncation. Affected: GLib before 2.66.7 and 2.67.x before 2.67.4. Impact is described as length miscalculati...
CVE-2021-28153
GLib/GNOME GLib before 2.66.8 is affected by CVE-2021-28153: when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it may create the target as an empty file. This behavior could be security-relevant if the symlink is attacker-controlled...
CVE-2020-15436
The CVE-2020-15436 entry is confirmed by connected sources as a Linux kernel local-use-after-free vulnerability in fs/block_dev.c (pre-5.8). It enables a local attacker to gain elevated privileges or cause a denial of service by abusing improper access to a particular error field. The Linux kerne...
CVE-2019-19052
CVE-2019-19052 is a memory-leak vulnerability in the Linux kernel, specifically in drivers/net/can/usb/gs_usb.c within the gs_can_open() function. The issue allows a denial of service through memory consumption when usb_submit_urb() fails, affecting the kernel up to version before 5.3.11. The rea...
CVE-2023-27534
CVE-2023-27534 affects curl’s SFTP path handling in versions before 8.0.0, where tilde (~) processing can be misapplied when prefixing the first path element (e.g., /~2/foo). This can allow bypassing filters or potentially enable arbitrary code access on a targeted server; the issue is tied to th...
CVE-2019-19054
CVE-2019-19054: A memory leak in the Linux kernel cx23888_ir_probe() function (drivers/media/pci/cx23885/cx23888-ir.c) through version 5.3.11 can lead to denial of service via memory consumption when kfifo_alloc() fails. Connected Nessus advisories (UNITY_LINUX_UTSA-2026-004170 and related entrie...
CVE-2019-19057
CVE-2019-19057 affects the Linux kernel mwifiex PCIe wireless driver (drivers/net/wireless/marvell/mwifiex/pcie.c). Two memory leaks in mwifiex_pcie_init_evt_ring() can occur through failures in mwifiex_map_pci_memory(), allowing a local attacker to trigger memory consumption and a denial of serv...
CVE-2021-20197
CVE-2021-20197 is a local race-condition vulnerability in GNU Binutils (affecting ar, objcopy, strip, ranlib) up to version 2.35. An unprivileged user can exploit a symlink-based race window when these tools run as a privileged user to gain ownership of arbitrary files. The provided documents con...
CVE-2023-27538
CVE-2023-27538 affects libcurl/curl (curl/libcurl) and related packages. The issue is an authentication bypass in libcurl prior to v8.0.0 where a previously established SSH connection could be reused despite an SSH option change, due to two SSH settings being omitted from the configuration match,...
CVE-2019-19061
CVE-2019-19061 is tied to a memory leak in the Linux kernel’s ADIS16400 IIO IMU driver: adis_update_scan_mode_burst() in drivers/iio/imu/adis_buffer.c before 5.3.9. The issue can cause denial of service via memory exhaustion. Affected component: Linux kernel (ADIS16400 IIO IMU driver). Root cause...
CVE-2021-31879
CVE-2021-31879 affects GNU Wget by not omitting the Authorization header when redirecting to a different origin. Public details show: upstream GNU Wget up to 1.21.1 is vulnerable; Alpine Linux advisories indicate wget older than 1.21.2-1 are affected and that upgrading resolves the issue; other e...
CVE-2020-35496
CVE-2020-35496 describes a vulnerability in binutils’ bfd_pef_scan_start_address() that could trigger a NULL pointer dereference when processing a crafted file with the BFD/PEF code, impacting affected binutils versions prior to 2.34. The issue arises from a flaw in how the function handles dwarf...
CVE-2020-35493
CVE-2020-35493 is a Binutils vulnerability in bfd/pef.c that can cause a heap-based buffer overflow and an out-of-bounds read, potentially impacting availability. It affects binutils versions prior to 2.34. Remediation: upgrade Binutils to version 2.34 or newer (or apply vendor-specific patches i...
CVE-2019-19053
CVE-2019-19053 affects the Linux kernel (through 5.3.11). A memory leak in the function rpmsg_eptdev_write_iter() (drivers/rpmsg/rpmsg_char.c) can be triggered when copy_from_iter_full() fails, leading to a denial of service via memory consumption. The connected Nessus entries (Unity Linux UTSA a...
CVE-2023-27537
CVE-2023-27537 is a double‑free vulnerability in libcurl
CVE-2019-19044
CVE-2019-19044 affects the Linux kernel prior to 5.3.11, via two memory leaks in v3d_submit_cl_ioctl() in drivers/gpu/drm/v3d/v3d_gem.c. The leaks can cause memory exhaustion and denial of service when kcalloc() or v3d_job_init() fail. The issue is addressed by upgrading to kernel 5.3.11 or apply...
CVE-2020-35494
CVE-2020-35494 targets GNU Binutils: a flaw in /opcodes/tic4x-dis.c can cause a denial of service via processing crafted input, due to use of uninitialized memory. Affected are binutils versions prior to 2.34. Impact is availability (partial confidentiality/none integrity per description). The co...
CVE-2020-35495
CVE-2020-35495 is a null pointer dereference in binutils/bfd/pef.c (bfd_pef_parse_symbols) triggered by specially crafted input processed by objdump. It affects Binutils prior to 2.34 and can impact availability via crash. Remediation is upgrading to a newer Binutils version; IBM/Netezza advisori...