Vulnerabilities (CVE)

Filtered by CWE-20
Total 9379 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13750 5 Canonical, Debian, Fedoraproject and 2 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2023-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
CVE-2020-15503 3 Debian, Fedoraproject, Libraw 3 Debian Linux, Fedora, Libraw 2023-02-03 5.0 MEDIUM 7.5 HIGH
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
CVE-2020-1747 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 1 more 2023-02-03 10.0 HIGH 9.8 CRITICAL
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
CVE-2019-17348 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
CVE-2019-17347 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
CVE-2019-17346 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 7.2 HIGH 8.8 HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
CVE-2018-16472 2 Cached-path-relative Project, Debian 2 Cached-path-relative, Debian Linux 2023-02-03 5.0 MEDIUM 7.5 HIGH
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
CVE-2018-3948 1 Tp-link 2 Tl-r600vpn, Tl-r600vpn Firmware 2023-02-03 5.0 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.
CVE-2019-20485 3 Debian, Fedoraproject, Redhat 3 Debian Linux, Fedora, Libvirt 2023-02-03 2.7 LOW 5.7 MEDIUM
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
CVE-2021-44769 1 Lannerinc 2 Iac-ast2500a, Iac-ast2500a Firmware 2023-02-03 N/A 6.5 MEDIUM
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2021-3442 1 Redhat 1 Openshift Api Management 2023-02-02 N/A 5.4 MEDIUM
A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality.
CVE-2018-10874 1 Redhat 4 Ansible Engine, Openstack, Virtualization and 1 more 2023-02-02 4.6 MEDIUM 7.8 HIGH
CVE-2018-10874 ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution
CVE-2017-12171 2 Apache, Redhat 5 Http Server, Enterprise Linux, Enterprise Linux Desktop and 2 more 2023-02-02 6.4 MEDIUM 6.5 MEDIUM
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
CVE-2016-8612 3 Apache, Netapp, Redhat 3 Http Server, Storage Automation Store, Enterprise Linux 2023-02-02 3.3 LOW 4.3 MEDIUM
An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process.
CVE-2016-5009 1 Redhat 7 Ceph, Ceph Storage Mon, Ceph Storage Osd and 4 more 2023-02-02 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash.
CVE-2016-8650 1 Linux 1 Linux Kernel 2023-02-02 4.9 MEDIUM 5.5 MEDIUM
A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key.
CVE-2017-15137 1 Redhat 2 Openshift, Openshift Container Platform 2023-02-02 5.0 MEDIUM 5.3 MEDIUM
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
CVE-2016-8631 1 Redhat 1 Openshift 2023-02-02 4.0 MEDIUM 7.7 HIGH
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
CVE-2017-15124 1 Qemu 1 Qemu 2023-02-02 7.8 HIGH 7.5 HIGH
VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
CVE-2016-3705 5 Canonical, Debian, Hp and 2 more 6 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 3 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion.