179 matches found
CVE-2021-41617
CVE-2021-41617 affects OpenSSH sshd (versions 6.2–8.x prior to 8.8) where certain non-default configurations allow local privilege escalation because supplemental groups are not initialized as expected when AuthorizedKeysCommand/AuthorizedPrincipalsCommand run under a different user. This can cau...
CVE-2020-14145
The CVE-2020-14145 entry concerns the OpenSSH client, with versions 5.7–8.4 (and notes that 8.5/8.6 may also be affected) exhibiting an observable discrepancy in the algorithm negotiation that leads to information leakage. The impact is a potential man-in-the-middle attack during initial connecti...
CVE-2024-26462
CVE-2024-26462 affects krb5 1.21.2 and is a memory-leak vulnerability in /krb5/src/kdc/ndr.c. The issue can cause memory exhaustion and potential denial of service; exploitation status is not provided in the documents, but related advisories/patches indicate upgrading to 1.21.3 or newer to mitiga...
CVE-2016-20012
CVE-2016-20012 : OpenSSH up to 8.7 may leak information by testing whether a given username/public key combination is known to the SSH server, since a challenge is sent only if that combo could be valid for a login. This could enable user enumeration. The IBM bulletin notes the vendor does not re...
CVE-2024-6387
CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...
CVE-2024-26458
CVE-2024-26458 is documented in IBM Security Bulletins as affecting IBM Application Gateway (versions 23.10–25.09) with Kerberos 5 (krb5) 1.21.2 memory leak in /krb5/src/lib/rpc/pmap_rmt.c. IBM lists remediation: update to fixed IBM Application Gateway release and container image. Upgrading via d...
CVE-2021-23017
CVE-2021-23017 affects nginx's resolver. A security issue arises from an off-by-one in ngx_resolver_copy when DNS labels are followed by a root-domain pointer, allowing a crafted UDP response to overwrite the least significant byte of the next heap chunk metadata. This can lead to a worker proces...
CVE-2021-3156
CVE-2021-3156 is a heap-based buffer overflow in sudo that enables privilege escalation to root. The issue arises in the argument parsing path and is exploitable via commands using sudoedit -s with a trailing backslash, leading to memory corruption. Affected release information in the provided do...
CVE-2024-26461
CVE-2024-26461 affects Kerberos 5 (krb5) 1.21.2, with a memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Several advisories (e.g., AlmaLinux ALSA-2024:3268, Astra Linux bulletin, CBLMARINER entries) confirm the issue and indicate a patched version: krb5 1.21.3-1 (or newer). The connected docu...
CVE-2018-25032
CVE-2018-25032 affects zlib prior to 1.2.12 and causes memory corruption during deflate when the input contains many distant matches. The linked Astra Linux advisory reiterates the zlib memory corruption in zlib before 1.2.12, and multiple Mariner/CBL advisories show affected packages (e.g., teck...
CVE-2015-20107
The CVE-2015-20107 issue affects CPython’s mailcap module through Python 3.10.8 (and back-ported fixes to 3.7–3.9). Root cause: mailcap.findmatch does not escape system-mailcap commands, enabling shell-command injection when untrusted input is used (e.g., via unvalidated filenames/arguments). Doc...
CVE-2024-2961
CVE-2024-2961 affects the GNU C Library (glibc) versions 2.39 and older. The iconv() implementation may overflow the output buffer by up to 4 bytes when converting strings to ISO-2022-CN-EXT, potentially crashing the application or overwriting adjacent memory. Publicly documented in glibc advisor...
CVE-2016-5195
CVE-2016-5195 (Dirty COW) : A race condition in the Linux kernel’s memory management (mm/gup.c) allows a local user to gain write access to read‑only mappings via a faulty copy‑on‑write handling. Affected: kernel 2.x–4.x prior to 4.8.3. Exploitation was observed in the wild around Oct 2016. Impac...
CVE-2020-15999
CVE-2020-15999 corresponds to a heap-based buffer overflow in FreeType that can be triggered by crafted font/PNG data, potentially via a malicious HTML page, affecting freetype usage in Google Chrome before 86.0.4240.111. Public advisories describe the issue as a heap overflow in Load_SBit_Png an...
CVE-2021-3177
CVE-2021-3177: A buffer overflow in PyCArg_repr of Python’s ctypes (_ctypes/callproc.c) may allow remote code execution when untrusted floating-point input is passed (e.g., 1e300 to c_double.from_param) due to unsafe use of sprintf. Affected: Python 3.x up to 3.9.1. Remediation exists in multiple...
CVE-2021-3426
CVE-2021-3426 corresponds to a vulnerability in Python’s pydoc where the getfile feature could be abused to read arbitrary files. The linked sources confirm the issue affects Python versions prior to specific releases (e.g., Python before 3.8.9, 3.9.3, and 3.10.0a7 per the CVE description) and no...
CVE-2023-4911
CVE-2023-4911 is a buffer overflow in the GNU C Library ld.so when processing GLIBC_TUNABLES, enabling local privilege escalation via malicious GLIBC_TUNABLES values when launching binaries with SUID. Affected: glibc, with versions older than 2.38-6 (per CBLMARINER:34733) and older listings notin...
CVE-2023-27043
CVE-2023-27043 : The Python email module (email/_parseaddr.py) misparses e-mail addresses with a special character, causing the addr-spec to be taken from the wrong RFC2822 header field. This can allow bypassing domain-based signup protections (e.g., restricting to @company.example.com). The Astr...
CVE-2023-24329
The CVE-2023-24329 issue is in Python's urllib.parse (before 3.11.4) where URLs starting with blank characters bypass blocklists. In practice, this can undermine domain/protocol filtering and potentially enable SSRF or related impacts as described. Affected versions include Python releases prior ...
CVE-2022-2068
The Connected documents corroborate CVE-2022-2068 as a real OpenSSL issue: c_rehash can pass certificate filenames to shell commands, enabling local command execution. Fixed in OpenSSL 3.0.4 (affecting 3.0.0–3.0.3), in OpenSSL 1.1.1p (affecting 1.1.1–1.1.1o), and in OpenSSL 1.0.2zf (affecting 1.0...
CVE-2022-37434
CVE-2022-37434 describes a heap-based buffer over-read/overflow in zlib’s inflate() (inflate.c) when handling a large gzip header extra field. The vulnerability is limited to code paths that call inflateGetHeader, and is fixed in subsequent zlib revisions. Connected advisories indicate affected e...
CVE-2021-3737
CVE-2021-3737 is a vulnerability in Python’s HTTP client where an improperly handled HTTP response from a server could cause the client script to enter an infinite loop, leading to CPU-based DoS and affecting availability. The issue is documented across multiple advisories and packages (e.g., Pyt...
CVE-2022-31676
Summary: CVE-2022-31676 affects VMware Tools / open-vm-tools (versions including 12.0.0, 11.x.y, 10.x.y). A local non-administrative guest OS user can escalate privileges to root inside the VM. Root cause / impact: Local privilege escalation within the guest VM as described in multiple security a...
CVE-2023-25136
OpenSSH sshd 9.1 contains a pre-authentication double-free in the handling of options.kex_algorithms, fixed in 9.2. Public reports note a remote, unauthenticated attacker could potentially jump to arbitrary addresses in sshd’s address space, with one third-party saying remote code execution is th...
CVE-2019-1559
OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...
CVE-2021-3733
CVE-2021-3733 describes a Regular Expression Denial of Service (ReDoS) in urllib’s AbstractBasicAuthHandler. An attacker who controls a malicious HTTP server that a client connects to can trigger a ReDoS during an authentication request with a crafted payload, potentially affecting availability o...
CVE-2022-0391
CVE-2022-0391 affects the Python urllib.parse.urlparse path handling, where input is not sanitized and allows literal CR/LF characters, enabling crafted URLs to trigger injection-like issues. Public docs (Python history, Debian LTS/DLA notes, Astra Linux bulletin) corroborate that the vulnerabili...
CVE-2021-23336
CVE-2021-23336 affects Python CPython across multiple branches (0 and before 3.6.13; 3.7.0 before 3.7.10; 3.8.0 before 3.8.8; 3.9.0 before 3.9.2). The vulnerability is Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs using parameter cloaking with semicolons, causing the pr...
CVE-2021-3449
CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...
CVE-2021-4189
CVE-2021-4189 affects Python’s FTP (ftplib) client: in PASV mode it trusts the host from the PASV response by default, enabling a malicious FTP server to trick clients into connecting back to an attacker-specified IP/port (potential port scanning). Debian LTS postings and other advisories explici...
CVE-2023-37920
CVE-2023-37920 affects the Python Certifi package: Certifi before 2023.07.22 includes the e-Tugra root certificates, which were removed in 2023.07.22 due to security concerns. The vulnerability is documented with high/critical impact in CVSS vectors across sources, and advisories across multiple ...
CVE-2022-24407
CVE-2022-24407 affects Cyrus SASL 2.1.17–2.1.27 (before 2.1.28); the SQL plugin (plugins/sql.c) fails to escape passwords in SQL INSERT/UPDATE, allowing a remote attacker to execute arbitrary SQL commands. This can enable privilege/escalation scenarios as described in vendor advisories. The mitig...
CVE-2019-16168
CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...
CVE-2021-3520
CVE-2021-3520 affects the lz4 library and is caused by an integer overflow that can lead to memmove being called with a negative size, resulting in out-of-bounds writes or a crash. Documented impacts emphasize availability (with possible confidentiality/integrity impact). Concrete remediation det...
CVE-2021-20305
CVE-2021-20305 affects Nettle prior to 3.7.2 where signature verification (GOST DSA, EDDSA, ECDSA) calls ECC multiply with out-of-range scalars, potentially producing incorrect results and allowing an attacker to force an invalid signature (leading to assertion failure or validation issues). Docu...
CVE-2021-3537
Summary: CVE-2021-3537 affects libxml2 up to 2.9.11. In XML mixed content parsing, errors were not propagated, causing a NULL dereference when an untrusted document is parsed in recovery mode and post-validated, with availability as the highest impact. The connected documents confirm the vulnerab...
CVE-2021-3517
CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...
CVE-2019-3855
CVE-2019-3855 is a libssh2 integer overflow in the transport read path that may cause an out-of-bounds write when processing server packets. The issue appears in libssh2 prior to 1.8.1 and could enable code exposure or other impact if a user connects to a malicious SSH server. Connected advisorie...
CVE-2019-25013
CVE-2019-25013 affects the GNU C Library (glibc) iconv, where processing invalid multi-byte input in EUC-KR can cause a buffer over-read. Connected advisories confirm the issue and map it to glibc versions affected (through 2.32) and note that Debian, AlmaLinux/Alma or Amazon Linux advisories add...
CVE-2022-45061
CVE-2022-45061 affects Python’s IDNA decoder; an unnecessary quadratic path may cause CPU DoS when processing long hostnames (e.g., in Location headers). Affects Python before 3.11.1; the fix is planned/has been released in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. Affected advisories (e.g., AL...
CVE-2019-17498
CVE-2019-17498 is an integer overflow in libssh2’s SSH_MSG_DISCONNECT bounds check (packet.c) on v1.9.0 and earlier. This can let a crafted SSH server cause an out-of-bounds memory read, enabling information disclosure or denial of service on the client. Public advisories confirm patches/upgrades...
CVE-2019-20388
CVE-2019-20388 affects libxml2 2.9.10. The Broadcom advisory BSNSA36819 confirms a memory leak in xmlSchemaValidateStream (xmlschemas.c) that can impact availability (memory exhaustion) when processing XML schemas. Affected component: libxml2’s xmlSchemaValidateStream; root cause relates to a lea...
CVE-2021-3450
CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...
CVE-2023-20900
CVE-2023-20900 is a vulnerability in Open VMware Tools (open-vm-tools) where a malicious actor with Guest Operation Privileges may elevate to a higher privilege via a more-privileged Guest Alias in the VM. The connected documents confirm Open VM Tools is affected and describe a SAML token signatu...
CVE-2021-25217
CVE-2021-25217 affects ISC DHCP (DHCP client/server) across multiple branches (notably 4.1-ESV-R16, 4.4.0–4.4.2; other 4.0/4.3 may be affected but untested). The vulnerability is a stack-based buffer overrun in parsing statements with colon-separated hex digits in config or lease files, potential...
CVE-2023-2975
OpenSSL’s AES-SIV implementation has a bug where empty associated data is not authenticated, potentially allowing misordering/removal of empty AD entries. The issue is CVE-2023-2975. Multiple advisories (AlmaLinux ALAS2023-2023-306 and Broadcom/Brocade updates) confirm patches are available; reme...
CVE-2022-35737
CVE-2022-35737 affects SQLite, with vulnerable versions 1.0.12–3.39.x, before 3.39.2. The issue is an array-bounds overflow triggered by very large string arguments to a C API, which can cause a crash and, in some advisories, potentially allow arbitrary code execution. The documented fix is to up...
CVE-2024-39689
Certifi-2024-39689 involves insufficient verification of data authenticity via the GlobalTrust root certificate. The issue stems from Certifi removing GLOBALTRUST roots in 2024.7.04, in line with Mozilla’s trust-store removals prompted by long-running compliance issues. Broadcom/BSNSA36222 confir...
CVE-2020-11655
SQLite through 3.31.1 is vulnerable to denial of service via a malformed window-function query caused by improper AggInfo initialization (CVE-2020-11655). Affected is the sqlite3 library used across distributions and apps; exploitation leads to segmentation faults. Remediation in the connected ad...
CVE-2021-3541
CVE-2021-3541 describes a vulnerability in libxml2 where exponential entity expansion can bypass protections and cause a denial of service. The Initial Description confirms the flaw and its DoS impact, and connected documents (e.g., Astra Linux bulletin and BSNSA entries) reiterate libxml2 involv...