Export limit exceeded: 23518 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23518 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24580 | 3 Debian, Djangoproject, Redhat | 6 Debian Linux, Django, Ansible Automation Platform and 3 more | 2025-03-18 | 7.5 High |
| An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. | ||||
| CVE-2024-7527 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-03-18 | 8.8 High |
| Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | ||||
| CVE-2023-1195 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-03-18 | 5.5 Medium |
| A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. | ||||
| CVE-2023-28410 | 2 Intel, Redhat | 2 I915 Graphics, Enterprise Linux | 2025-03-18 | 8.8 High |
| Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21055 | 3 Netapp, Oracle, Redhat | 9 Active Iq Unified Manager, Bluexp, Oncommand Insight and 6 more | 2025-03-18 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2023-1095 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more | 2025-03-18 | 5.5 Medium |
| In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. | ||||
| CVE-2023-0482 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Oncommand Workflow Automation, Amq Broker and 7 more | 2025-03-18 | 5.5 Medium |
| In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | ||||
| CVE-2022-48339 | 2 Gnu, Redhat | 3 Emacs, Enterprise Linux, Rhel Eus | 2025-03-18 | 7.8 High |
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | ||||
| CVE-2022-48338 | 2 Gnu, Redhat | 2 Emacs, Enterprise Linux | 2025-03-18 | 7.3 High |
| An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | ||||
| CVE-2022-48337 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Enterprise Linux and 1 more | 2025-03-18 | 9.8 Critical |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | ||||
| CVE-2022-32933 | 2 Apple, Redhat | 3 Macos, Enterprise Linux, Rhel Els | 2025-03-18 | 5.3 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. | ||||
| CVE-2023-0662 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-03-18 | 7.5 High |
| In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. | ||||
| CVE-2023-0568 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-03-18 | 7.5 High |
| In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | ||||
| CVE-2023-0475 | 2 Hashicorp, Redhat | 2 Go-getter, Openshift | 2025-03-18 | 4.2 Medium |
| HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. | ||||
| CVE-2023-23009 | 3 Debian, Libreswan, Redhat | 5 Debian Linux, Libreswan, Enterprise Linux and 2 more | 2025-03-17 | 6.5 Medium |
| Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. | ||||
| CVE-2024-45230 | 2 Djangoproject, Redhat | 2 Django, Ansible Automation Platform | 2025-03-17 | 7.5 High |
| An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | ||||
| CVE-2024-43044 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2025-03-14 | 8.8 High |
| Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library. | ||||
| CVE-2024-2609 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-03-14 | 6.1 Medium |
| The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. | ||||
| CVE-2024-21137 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2025-03-14 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2023-30774 | 3 Apple, Libtiff, Redhat | 3 Macos, Libtiff, Enterprise Linux | 2025-03-14 | 5.5 Medium |
| A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | ||||