Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9517 | 12 Apache, Apple, Canonical and 9 more | 28 Http Server, Traffic Server, Mac Os X and 25 more | 2025-01-14 | 7.5 High |
| Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. | ||||
| CVE-2019-9516 | 12 Apache, Apple, Canonical and 9 more | 24 Traffic Server, Mac Os X, Swiftnio and 21 more | 2025-01-14 | 6.5 Medium |
| Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. | ||||
| CVE-2019-9515 | 12 Apache, Apple, Canonical and 9 more | 36 Traffic Server, Mac Os X, Swiftnio and 33 more | 2025-01-14 | 7.5 High |
| Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | ||||
| CVE-2019-14907 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-01-14 | 6.5 Medium |
| All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). | ||||
| CVE-2019-9514 | 13 Apache, Apple, Canonical and 10 more | 44 Traffic Server, Mac Os X, Swiftnio and 41 more | 2025-01-14 | 7.5 High |
| Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | ||||
| CVE-2023-34152 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2025-01-13 | 9.8 Critical |
| A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | ||||
| CVE-2023-33460 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2025-01-08 | 6.5 Medium |
| There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. | ||||
| CVE-2023-29405 | 3 Fedoraproject, Golang, Redhat | 5 Fedora, Go, Ceph Storage and 2 more | 2025-01-06 | 9.8 Critical |
| The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. | ||||
| CVE-2023-29404 | 3 Fedoraproject, Golang, Redhat | 5 Fedora, Go, Ceph Storage and 2 more | 2025-01-06 | 9.8 Critical |
| The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. | ||||
| CVE-2023-2455 | 3 Fedoraproject, Postgresql, Redhat | 9 Fedora, Postgresql, Enterprise Linux and 6 more | 2025-01-06 | 5.4 Medium |
| Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. | ||||
| CVE-2022-38023 | 5 Fedoraproject, Microsoft, Netapp and 2 more | 18 Fedora, Windows Server 2008, Windows Server 2008 R2 and 15 more | 2025-01-02 | 8.1 High |
| Netlogon RPC Elevation of Privilege Vulnerability | ||||
| CVE-2022-29145 | 3 Fedoraproject, Microsoft, Redhat | 7 Fedora, .net, .net Core and 4 more | 2025-01-02 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2022-29117 | 3 Fedoraproject, Microsoft, Redhat | 7 Fedora, .net, .net Core and 4 more | 2025-01-02 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2022-23267 | 3 Fedoraproject, Microsoft, Redhat | 9 Fedora, .net, .net Core and 6 more | 2025-01-02 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2022-21986 | 3 Fedoraproject, Microsoft, Redhat | 6 Fedora, .net, Visual Studio 2019 and 3 more | 2025-01-02 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||
| CVE-2023-33170 | 3 Fedoraproject, Microsoft, Redhat | 7 Fedora, .net, Visual Studio and 4 more | 2025-01-01 | 8.1 High |
| ASP.NET and Visual Studio Security Feature Bypass Vulnerability | ||||
| CVE-2023-21538 | 3 Fedoraproject, Microsoft, Redhat | 5 Fedora, .net, Powershell and 2 more | 2025-01-01 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||
| CVE-2018-20060 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Urllib3, Ansible Tower and 1 more | 2024-12-27 | N/A |
| urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | ||||
| CVE-2022-1949 | 2 Fedoraproject, Redhat | 4 Fedora, 389 Directory Server, Directory Server and 1 more | 2024-12-13 | 7.5 High |
| An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | ||||
| CVE-2023-36664 | 4 Artifex, Debian, Fedoraproject and 1 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2024-12-05 | 7.8 High |
| Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||||