# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-0435 |
787 |
|
Overflow |
2022-03-25 |
2023-01-19 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. |
2 |
CVE-2021-44142 |
125 |
|
Exec Code |
2022-02-21 |
2022-02-23 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. |
3 |
CVE-2021-20325 |
119 |
|
Overflow |
2022-02-18 |
2022-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in Red Hat Enterprise Linux 8.4. CVE-2021-20325 was assigned to that Red Hat specific security regression and it does not affect the upstream versions of httpd. |
4 |
CVE-2021-3621 |
78 |
|
|
2021-12-23 |
2022-10-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
5 |
CVE-2021-3466 |
120 |
|
Overflow |
2021-03-25 |
2021-12-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. |
6 |
CVE-2020-27846 |
115 |
|
Bypass |
2020-12-21 |
2021-03-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
7 |
CVE-2020-25719 |
362 |
|
|
2022-02-18 |
2022-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. |
8 |
CVE-2020-10696 |
22 |
|
Dir. Trav. |
2020-03-31 |
2020-04-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. |
9 |
CVE-2020-0603 |
119 |
|
Exec Code Overflow |
2020-01-14 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. |
10 |
CVE-2019-14896 |
787 |
|
DoS Exec Code Overflow |
2019-11-27 |
2023-02-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A heap-based buffer overflow vulnerability was found in the Linux kernel's Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. |
11 |
CVE-2019-14287 |
755 |
|
Bypass |
2019-10-17 |
2022-04-18 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. |
12 |
CVE-2019-10196 |
665 |
|
DoS |
2021-03-19 |
2021-03-25 |
9.0 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Complete |
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. |
13 |
CVE-2019-10164 |
787 |
|
Exec Code Overflow |
2019-06-26 |
2020-10-02 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account. |
14 |
CVE-2019-5736 |
78 |
|
Exec Code |
2019-02-11 |
2021-12-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. |
15 |
CVE-2019-3855 |
787 |
|
Exec Code Overflow |
2019-03-21 |
2020-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. |
16 |
CVE-2018-14618 |
190 |
|
Overflow |
2018-09-05 |
2019-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) |
17 |
CVE-2017-15103 |
20 |
|
Exec Code |
2017-12-18 |
2023-02-02 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A security-check flaw was found in the way the Heketi server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. |
18 |
CVE-2017-3106 |
704 |
|
Exec Code |
2017-08-11 |
2022-11-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. |
19 |
CVE-2017-3074 |
787 |
|
Exec Code Mem. Corr. |
2017-05-09 |
2023-01-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution. |
20 |
CVE-2017-3073 |
416 |
|
Exec Code Mem. Corr. |
2017-05-09 |
2023-01-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution. |
21 |
CVE-2017-3072 |
787 |
|
Exec Code Mem. Corr. |
2017-05-09 |
2023-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. |
22 |
CVE-2017-3071 |
416 |
|
Exec Code |
2017-05-09 |
2023-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution. |
23 |
CVE-2017-3070 |
787 |
|
Exec Code Mem. Corr. |
2017-05-09 |
2023-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution. |
24 |
CVE-2017-3069 |
787 |
|
Exec Code Mem. Corr. |
2017-05-09 |
2023-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution. |
25 |
CVE-2017-3068 |
787 |
|
Exec Code Mem. Corr. |
2017-05-09 |
2023-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution. |
26 |
CVE-2016-6662 |
264 |
|
Exec Code Bypass |
2016-09-20 |
2021-08-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. |
27 |
CVE-2016-0639 |
|
|
|
2016-04-21 |
2019-02-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. |
28 |
CVE-2015-4603 |
|
|
Exec Code |
2016-05-16 |
2019-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. |
29 |
CVE-2015-4602 |
|
|
DoS Exec Code |
2016-05-16 |
2019-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. |
30 |
CVE-2015-0408 |
|
|
|
2015-01-21 |
2022-05-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. |
31 |
CVE-2015-0395 |
|
|
|
2015-01-21 |
2022-05-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. |
32 |
CVE-2015-0240 |
17 |
|
Exec Code |
2015-02-24 |
2023-02-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). |
33 |
CVE-2014-6601 |
|
|
|
2015-01-21 |
2022-05-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. |
34 |
CVE-2014-3585 |
347 |
|
|
2019-11-22 |
2023-02-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
It was found that the redhat-upgrade-tool did not check GPG signatures on downloaded and installed packages during the upgrade process. |
35 |
CVE-2014-2483 |
|
|
|
2014-07-17 |
2022-05-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." |
36 |
CVE-2013-1591 |
189 |
|
Overflow |
2013-01-31 |
2019-05-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop. |
37 |
CVE-2011-2767 |
94 |
|
Exec Code |
2018-08-26 |
2019-09-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. |
38 |
CVE-2011-2717 |
74 |
|
Exec Code |
2019-11-27 |
2019-12-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. |
39 |
CVE-2007-1007 |
|
|
DoS Exec Code |
2007-02-20 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. |
40 |
CVE-2006-6235 |
|
|
Exec Code |
2006-12-07 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. |
41 |
CVE-2005-3625 |
399 |
|
DoS |
2005-12-31 |
2018-10-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
42 |
CVE-2004-0946 |
|
|
Exec Code Overflow |
2005-01-10 |
2018-10-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request. |
43 |
CVE-2004-0904 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. |
44 |
CVE-2004-0903 |
|
|
Exec Code Overflow |
2005-01-27 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. |
45 |
CVE-2004-0902 |
|
|
DoS Exec Code Overflow |
2005-01-27 |
2018-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. |
46 |
CVE-2004-0889 |
|
|
DoS Exec Code Overflow |
2005-01-27 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. |
47 |
CVE-2004-0888 |
|
|
DoS Exec Code Overflow |
2005-01-27 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. |
48 |
CVE-2004-0882 |
|
|
Exec Code Overflow |
2005-01-27 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. |
49 |
CVE-2004-0607 |
|
|
Bypass |
2004-12-06 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. |
50 |
CVE-2004-0557 |
|
|
Exec Code Overflow |
2004-08-06 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields. |