Lucene search

K

696 matches found

CVE
CVE
added 2023/07/20 3:15 a.m.29817 views

CVE-2023-38408

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because ...

9.8CVSS8.3AI score0.67828EPSS
CVE
CVE
added 2023/10/10 2:15 p.m.4475 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.9441EPSS
CVE
CVE
added 2023/10/11 10:15 p.m.3096 views

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new ...

7.5CVSS7.3AI score0.0015EPSS
CVE
CVE
added 2023/06/09 11:15 a.m.2855 views

CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond...

5.3CVSS5.5AI score0.00023EPSS
CVE
CVE
added 2022/04/13 4:15 p.m.2819 views

CVE-2015-20107

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided...

8CVSS7.8AI score0.00886EPSS
CVE
CVE
added 2023/09/22 2:15 p.m.2551 views

CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authentica...

8.8CVSS7.2AI score0.17333EPSS
CVE
CVE
added 2023/09/12 3:15 p.m.1403 views

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS8.5AI score0.93949EPSS
CVE
CVE
added 2023/10/23 7:15 a.m.1320 views

CVE-2023-45802

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing ...

5.9CVSS8.3AI score0.9441EPSS
CVE
CVE
added 2022/10/19 10:15 p.m.1241 views

CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

7.8CVSS7.1AI score0.0085EPSS
CVE
CVE
added 2022/11/07 12:15 a.m.1194 views

CVE-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network n...

7.8CVSS7.9AI score0.00024EPSS
CVE
CVE
added 2023/10/03 6:15 p.m.1187 views

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS8.2AI score0.81669EPSS
CVE
CVE
added 2022/09/26 4:15 p.m.1152 views

CVE-2022-3075

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS8.9AI score0.0059EPSS
CVE
CVE
added 2023/01/18 5:15 p.m.1138 views

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affect...

7.8CVSS7.7AI score0.50157EPSS
CVE
CVE
added 2022/11/01 6:15 p.m.1101 views

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verifi...

7.5CVSS8.2AI score0.85704EPSS
CVE
CVE
added 2023/04/14 7:15 p.m.1080 views

CVE-2023-2033

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.9AI score0.08655EPSS
CVE
CVE
added 2022/08/05 7:15 a.m.1036 views

CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHe...

9.8CVSS9.9AI score0.92678EPSS
CVE
CVE
added 2023/10/18 4:15 a.m.1014 views

CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes. If the host name is...

9.8CVSS9.4AI score0.22672EPSS
CVE
CVE
added 2023/02/17 3:15 p.m.1009 views

CVE-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

7.5CVSS7.8AI score0.01309EPSS
CVE
CVE
added 2022/08/23 8:15 p.m.1005 views

CVE-2022-31676

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

7.8CVSS7.8AI score0.00068EPSS
CVE
CVE
added 2022/11/01 6:15 p.m.961 views

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verificat...

7.5CVSS8.1AI score0.22051EPSS
CVE
CVE
added 2023/01/12 3:15 p.m.959 views

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with ...

6.5CVSS6.7AI score0.00501EPSS
CVE
CVE
added 2023/04/19 4:15 a.m.956 views

CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS8.2AI score0.00392EPSS
CVE
CVE
added 2023/05/26 6:15 p.m.956 views

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuild_proxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent thro...

6.1CVSS6.8AI score0.06121EPSS
CVE
CVE
added 2022/09/26 4:15 p.m.928 views

CVE-2022-2856

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.

6.5CVSS6.6AI score0.03079EPSS
CVE
CVE
added 2023/09/28 4:15 p.m.884 views

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9.2AI score0.01679EPSS
CVE
CVE
added 2023/03/23 9:15 p.m.880 views

CVE-2023-0056

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

6.5CVSS6.3AI score0.00148EPSS
CVE
CVE
added 2022/09/20 11:15 p.m.878 views

CVE-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All inst...

6.6CVSS7.2AI score0.00748EPSS
CVE
CVE
added 2023/06/13 5:15 p.m.854 views

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

3.9CVSS5.1AI score0.00558EPSS
CVE
CVE
added 2022/09/28 11:15 p.m.849 views

CVE-2022-31629

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

6.5CVSS7.2AI score0.24317EPSS
CVE
CVE
added 2022/02/15 4:15 p.m.828 views

CVE-2022-21698

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and ...

7.5CVSS8.8AI score0.00265EPSS
CVE
CVE
added 2023/02/03 6:15 a.m.818 views

CVE-2023-25136

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-p...

6.5CVSS6.8AI score0.90014EPSS
CVE
CVE
added 2022/11/18 11:15 p.m.769 views

CVE-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

8.8CVSS8.6AI score0.02028EPSS
CVE
CVE
added 2023/10/04 5:15 p.m.767 views

CVE-2023-43804

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak informati...

8.1CVSS8AI score0.00554EPSS
CVE
CVE
added 2023/09/18 5:15 p.m.761 views

CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data,...

6.5CVSS7.2AI score0.00105EPSS
CVE
CVE
added 2022/12/14 9:15 p.m.754 views

CVE-2022-2601

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacke...

8.6CVSS8.7AI score0.00069EPSS
CVE
CVE
added 2023/09/20 1:15 p.m.750 views

CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, c...

7.5CVSS7.9AI score0.00211EPSS
CVE
CVE
added 2023/06/05 10:15 p.m.742 views

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.00543EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.731 views

CVE-2022-38023

Netlogon RPC Elevation of Privilege Vulnerability

8.1CVSS8.3AI score0.0032EPSS
CVE
CVE
added 2023/08/23 12:15 a.m.729 views

CVE-2023-4431

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

8.1CVSS7.6AI score0.00128EPSS
CVE
CVE
added 2023/08/08 7:15 p.m.723 views

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.8AI score0.00133EPSS
CVE
CVE
added 2022/07/20 8:15 p.m.715 views

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents consi...

6.1CVSS6AI score0.06383EPSS
CVE
CVE
added 2022/12/23 3:15 p.m.701 views

CVE-2022-43551

A vulnerability exists in curl

7.5CVSS7.3AI score0.0004EPSS
CVE
CVE
added 2022/09/09 2:15 p.m.700 views

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 ...

7.5CVSS7.5AI score0.00355EPSS
CVE
CVE
added 2022/09/28 11:15 p.m.673 views

CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

5.5CVSS6.4AI score0.00026EPSS
CVE
CVE
added 2023/03/31 4:15 a.m.667 views

CVE-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

5.3CVSS5.7AI score0.00758EPSS
CVE
CVE
added 2022/09/21 11:15 a.m.666 views

CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

5.3CVSS6.5AI score0.00375EPSS
CVE
CVE
added 2022/10/12 11:15 p.m.654 views

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-fo...

7.5CVSS6.1AI score0.00071EPSS
CVE
CVE
added 2022/07/06 6:15 p.m.652 views

CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has qua...

7.5CVSS7.8AI score0.03437EPSS
CVE
CVE
added 2023/08/15 4:15 p.m.643 views

CVE-2023-32006

The use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

8.8CVSS9.1AI score0.00053EPSS
CVE
CVE
added 2023/09/21 7:15 p.m.638 views

CVE-2023-41993

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

8.8CVSS8.8AI score0.08736EPSS
Total number of security vulnerabilities696