15 matches found
CVE-2021-3156
CVE-2021-3156 is a heap-based buffer overflow in sudo that enables privilege escalation to root. The issue arises in the argument parsing path and is exploitable via commands using sudoedit -s with a trailing backslash, leading to memory corruption. Affected release information in the provided do...
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2019-10086
CVE-2019-10086 affects Apache Commons BeanUtils 1.9.2, where a BeanIntrospector addition could suppress access to the classloader via the class property on Java objects. The issue stems from not applying the suppression by default in PropertyUtilsBean, enabling potential risk across affected depl...
CVE-2019-1559
OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...
CVE-2020-10188
CVE-2020-10188 affects the telnetd server of netkit telnet (up to 0.17). The issue is a buffer overflow caused by incorrect bounds checks in handling short writes and urgent data (netclear/nextitem), enabling remote arbitrary code execution by unauthenticated attackers. Connected advisories confi...
CVE-2020-12723
CVE-2020-12723 : In Perl, regcomp.c allows a buffer overflow in the regex compiler due to crafted regular expressions, caused by recursive S_study_chunk calls. The issue affects Perl before 5.30.3, notably on 32‑bit platforms. Reports in Connected documents indicate fixes have been released (e.g....
CVE-2020-10878
Perl before 5.30.3 contains an integer overflow in the regular expression compiler (related to PL_regkind[OP(n)] == NOTHING). A crafted regex can produce malformed bytecode with a possibility of instruction injection, as documented by multiple advisories and CVEs (e.g., CVE-2020-10878). Public re...
CVE-2020-10543
CVE-2020-10543 affects Perl before 5.30.3 on 32-bit platforms, where nested regular expression quantifiers cause a heap-based buffer overflow (integer overflow) in the regex compiler. The connected advisories confirm fixes/updates for Perl (e.g., CloudLinux, AlmaLinux, ALAS2), indicating remediat...
CVE-2018-1270
Summary: CVE-2018-1270 affects Spring Framework versions 5.0.x before 5.0.5 and 4.3.x before 4.3.15 (and older unsupported) via the spring-messaging module, which can expose STOMP over WebSocket endpoints to a simple in-memory broker. A malicious actor can craft a message to the broker that leads...
CVE-2018-1258
CVE-2018-1258 affects Spring Framework 5.0.5 when used with any Spring Security version, enabling an authorization bypass for method security. An unauthorized user could access restricted methods. The connected advisory from F5 reiterates the same vulnerability description and lists affected prod...
CVE-2018-1271
The CVE-2018-1271 issue affects Spring Framework versions 5.0 before 5.0.5 and 4.3 before 4.3.15 (and older unsupported) where Spring MVC can be configured to serve static resources from the Windows file system. A malicious user can issue a crafted URL to trigger a directory traversal when resour...
CVE-2018-1275
CVE-2018-1275 affects Spring Framework’s spring-messaging module: STOMP over WebSocket exposure in 5.0.x (pre-5.0.5) and 4.3.x (pre-4.3.16). A malicious message to the in‑memory STOMP broker can lead to remote code execution. Public advisories note fixes in respective branches; for Debian 9, libs...
CVE-2018-1272
CVE-2018-1272 affects Spring Framework: versions 5.0 before 5.0.5 and 4.3 before 4.3.15 (and older unsupported) have a flaw in multipart request handling where an injected extra multipart in a server A→server B flow can cause server B to misread a part, potentially enabling privilege escalation. ...
CVE-2018-11039
CVE-2018-11039 affects the Spring Framework, where the HiddenHttpMethodFilter in Spring MVC allows web apps to change the HTTP request method to any method (including TRACE). This can enable an attacker with an existing XSS vulnerability to escalate to an XST (Cross Site Tracing) attack. Affected...
CVE-2018-1257
CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...