Search Results (23543 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6338 1 Redhat 2 Enterprise Virtualization, Rhev Manager 2025-04-20 N/A
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.
CVE-2017-5114 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 8.8 High
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
CVE-2017-5009 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2016-6489 3 Canonical, Nettle Project, Redhat 7 Ubuntu Linux, Nettle, Enterprise Linux and 4 more 2025-04-20 7.5 High
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
CVE-2016-6519 2 Openstack, Redhat 2 Manila, Openstack 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
CVE-2016-6794 6 Apache, Canonical, Debian and 3 more 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more 2025-04-20 5.3 Medium
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
CVE-2016-6796 6 Apache, Canonical, Debian and 3 more 16 Tomcat, Ubuntu Linux, Debian Linux and 13 more 2025-04-20 7.5 High
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
CVE-2022-23524 2 Helm, Redhat 2 Helm, Openshift 2025-04-18 5.3 Medium
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.
CVE-2022-23525 2 Helm, Redhat 2 Helm, Openshift 2025-04-18 5.3 Medium
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions.
CVE-2022-23526 2 Helm, Redhat 2 Helm, Openshift 2025-04-18 5.3 Medium
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.
CVE-2022-20572 2 Google, Redhat 2 Android, Enterprise Linux 2025-04-18 6.7 Medium
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel
CVE-2024-32619 2 Hdfgroup, Redhat 2 Hdf5, Enterprise Linux Ai 2025-04-18 7.4 High
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.
CVE-2024-32620 2 Hdfgroup, Redhat 2 Hdf5, Enterprise Linux Ai 2025-04-18 7.4 High
HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.
CVE-2024-32621 2 Hdfgroup, Redhat 2 Hdf5, Enterprise Linux Ai 2025-04-18 9.8 Critical
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer.
CVE-2024-32622 2 Hdfgroup, Redhat 2 Hdf5, Enterprise Linux Ai 2025-04-18 9.1 Critical
HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).
CVE-2024-32623 2 Hdfgroup, Redhat 2 Hdf5, Enterprise Linux Ai 2025-04-18 8.8 High
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).
CVE-2024-32624 2 Hdfgroup, Redhat 2 Hdf5, Enterprise Linux Ai 2025-04-18 7.4 High
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.
CVE-2024-33873 2 Hdfgroup, Redhat 2 Hdf5, Enterprise Linux Ai 2025-04-18 8.8 High
HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.
CVE-2024-33874 2 Hdfgroup, Redhat 2 Hdf5, Enterprise Linux Ai 2025-04-18 9.8 Critical
HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.
CVE-2024-33877 2 Hdfgroup, Redhat 2 Hdf5, Enterprise Linux Ai 2025-04-18 8.8 High
HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.