zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Max CVSS
7.5
EPSS Score
0.28%
Published
2022-03-25
Updated
2023-08-04
vim is vulnerable to Heap-based Buffer Overflow
Max CVSS
7.8
EPSS Score
0.10%
Published
2021-12-19
Updated
2022-09-01
vim is vulnerable to Out-of-bounds Read
Max CVSS
7.1
EPSS Score
0.09%
Published
2021-12-25
Updated
2022-11-02
vim is vulnerable to Use After Free
Max CVSS
7.8
EPSS Score
0.10%
Published
2021-12-27
Updated
2022-11-02
vim is vulnerable to Use After Free
Max CVSS
7.8
EPSS Score
0.10%
Published
2021-12-29
Updated
2022-11-02
vim is vulnerable to Use After Free
Max CVSS
7.8
EPSS Score
0.14%
Published
2021-12-31
Updated
2022-11-09
vim is vulnerable to Out-of-bounds Read
Max CVSS
5.5
EPSS Score
0.12%
Published
2021-12-31
Updated
2022-11-09
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
Max CVSS
8.2
EPSS Score
32.28%
Published
2021-12-20
Updated
2022-11-02
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Max CVSS
9.8
EPSS Score
8.33%
Published
2021-12-20
Updated
2023-04-03
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
Max CVSS
7.8
EPSS Score
0.09%
Published
2022-02-14
Updated
2022-09-30
vim is vulnerable to Out-of-bounds Read
Max CVSS
7.8
EPSS Score
0.09%
Published
2022-01-06
Updated
2022-11-02
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Max CVSS
5.5
EPSS Score
0.17%
Published
2022-02-09
Updated
2023-11-09
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
Max CVSS
7.5
EPSS Score
1.34%
Published
2022-03-15
Updated
2022-11-09
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
Max CVSS
6.1
EPSS Score
0.29%
Published
2022-03-18
Updated
2022-10-06
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
Max CVSS
9.3
EPSS Score
0.09%
Published
2022-03-18
Updated
2022-10-06
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
Max CVSS
7.5
EPSS Score
42.76%
Published
2022-03-14
Updated
2022-11-02
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Max CVSS
9.8
EPSS Score
1.56%
Published
2022-03-14
Updated
2022-11-02
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Max CVSS
9.1
EPSS Score
0.45%
Published
2022-03-14
Updated
2022-11-02
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
Max CVSS
7.5
EPSS Score
0.41%
Published
2022-02-26
Updated
2022-11-02
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.
Max CVSS
4.3
EPSS Score
0.11%
Published
2022-05-26
Updated
2023-01-09
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!