📦 Active Iq Unified Manager

This vulnerability is a buffer overflow in GLib's SOCKS4 proxy implementation due to an off-by-one error. It allows attackers to execute arbitrary code or cause denial of service by sending specially ...

This is a stack buffer overflow vulnerability in json-c's auxiliary sample program json_parse. It allows attackers to execute arbitrary code or cause denial of service by providing malicious JSON inpu...

A vulnerability in curl versions before 7.88.0 causes HSTS (HTTP Strict Transport Security) to fail when processing multiple URLs sequentially on the same command line. This allows sensitive informati...

An out-of-bounds read vulnerability in PCRE2 library's JIT compiler allows reading memory beyond allocated buffers during recursive regular expression processing. This affects any software using PCRE2...

CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j2 that allows attackers to execute arbitrary code by exploiting JNDI lookups in log messages. This affects a...

Node.js DNS library vulnerability allows remote code execution, XSS, and application crashes due to improper validation of DNS responses. Attackers can inject malicious hostnames leading to domain hij...

This vulnerability in glibc's wordexp function allows attackers to cause denial of service or potentially read arbitrary memory when processing malicious input. It affects any application using glibc'...

CVE-2021-3520 is an integer overflow vulnerability in the LZ4 compression library that allows attackers to trigger out-of-bounds writes by submitting crafted files. This can lead to application crashe...

This CVE-2021-20231 is a critical use-after-free vulnerability in GnuTLS that occurs when a client sends a key_share extension, potentially leading to memory corruption. Attackers could exploit this t...

This is a buffer overflow vulnerability in Python's ctypes module that could allow remote code execution. It affects Python applications that process untrusted floating-point numbers through ctypes. T...

This CVE describes a stack-based buffer overflow vulnerability in libxml2's xmlSnprintfElements function. Attackers can exploit this by providing malicious XML documents with DTD validation enabled, p...

This vulnerability allows attackers to bypass Windows' Mark-of-the-Web security feature when extracting files with 7-Zip. Attackers can craft malicious archives that, when extracted, don't inherit the...

This vulnerability in Apache Avro's Java SDK allows attackers to execute arbitrary code by exploiting schema parsing flaws. It affects all users of Apache Avro versions 1.11.3 and earlier. The vulnera...

This vulnerability allows attackers to cause a stack overflow by sending malicious Protocol Buffers data with deeply nested groups, potentially crashing applications. It affects any system using Googl...

CVE-2024-2398 is a memory leak vulnerability in libcurl that occurs when HTTP/2 server push headers exceed the 1000-header limit. This allows attackers to cause denial of service through resource exha...

Spring Framework applications using UriComponentsBuilder to parse external URLs with host validation are vulnerable to open redirect and SSRF attacks. Attackers can manipulate URLs to bypass validatio...

CVE-2024-28757 is an XML Entity Expansion vulnerability in libexpat that allows attackers to cause denial of service through resource exhaustion when external parsers are created via XML_ExternalEntit...

CVE-2024-26461 is a memory leak vulnerability in Kerberos 5's GSSAPI sealing implementation that can lead to denial of service through resource exhaustion. Systems using krb5 1.21.2 for authentication...

This vulnerability in BIND 9 DNS resolver allows attackers to cause uncontrolled memory growth by triggering specific query patterns that overwhelm cache cleanup mechanisms. Affected systems running B...

A vulnerability in BIND DNS servers where enabling both DNS64 and serve-stale features can cause named to crash during recursive resolution. This affects BIND 9 installations with these specific featu...

A vulnerability in GnuTLS causes Cockpit to reject certificate chains with distributed trust when using cockpit-certificate-ensure, allowing unauthenticated remote attackers to trigger denial of servi...

This vulnerability in 7-Zip's PPMd7 compression module allows attackers to craft malicious 7Z archives that trigger an integer underflow, leading to invalid memory reads. Successful exploitation could...

This CVE describes a use-after-free vulnerability in the NVMe/TCP subsystem of the Linux kernel that could allow attackers to execute arbitrary code or escalate privileges. It affects Linux systems wi...

A vulnerability in Python 3.11 through 3.11.4 allows path truncation via null bytes in os.path.normpath(). This can bypass security checks that previously rejected malicious filenames, potentially ena...

This vulnerability affects systems using certifi Python package versions before 2023.07.22, which included compromised e-Tugra root certificates. Attackers could perform man-in-the-middle attacks or s...

A vulnerability in BIND 9 DNS servers configured with DNSSEC validation and aggressive cache usage allows remote attackers to cause denial of service by sending specially crafted NSEC records. This af...

This vulnerability in OpenLDAP causes a null pointer dereference in the ber_memalloc_x() function, which can lead to denial of service (DoS) by crashing the LDAP service. Any system running vulnerable...

A vulnerability in curl versions before 8.0 allows attackers to inject malicious content during TELNET protocol negotiation when user input is accepted. This could lead to arbitrary code execution on ...

A path traversal vulnerability in curl's SFTP implementation allows attackers to bypass path filtering by using specially crafted paths containing tilde characters. This affects curl versions before 8...

This vulnerability in Python's urllib.parse component allows attackers to bypass URL blocklisting mechanisms by using URLs that begin with blank characters (like spaces or tabs). This affects applicat...

This CVE describes a timing side-channel vulnerability in GnuTLS that allows attackers to perform Bleichenbacher-style attacks against RSA encryption. By sending specially crafted messages to vulnerab...

This vulnerability in curl versions before 7.83.1 could cause the wrong file to be deleted when using the --no-clobber option with --remove-on-error. It affects systems using curl with these specific ...

Rsyslog's TCP syslog reception modules contain a heap buffer overflow vulnerability when octet-counted framing is used. This can cause segmentation faults or system malfunctions, with potential for re...

CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands with script privileges when the script processes u...

A memory leak vulnerability in OpenSSL's OPENSSL_LH_flush() function causes unbounded memory growth when processing certificates or keys. This affects long-lived processes like TLS clients/servers usi...

CVE-2022-25647 is a deserialization vulnerability in Google's Gson library versions before 2.8.9. Attackers can exploit the writeReplace() method in internal classes to cause denial of service (DoS) a...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated remote attackers to access sensitive data from Java applications. It affects Java deployments running sandbox...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated attackers with network access to modify critical data without authorization. It affects Java deployments runn...

This vulnerability in Python's mailcap module allows shell command injection when applications call mailcap.findmatch() with untrusted input. Attackers can execute arbitrary commands on affected syste...

CVE-2022-28796 is a use-after-free vulnerability in the Linux kernel's jbd2 journaling subsystem caused by a transaction_t race condition. This allows local attackers to potentially escalate privilege...

This vulnerability in zlib allows memory corruption during compression (deflating) when processing input with many distant matches. It affects any software using vulnerable zlib versions for compressi...

This vulnerability allows a malicious USB device host to manipulate endpoint indexes in the Linux kernel's Xilinx USB gadget driver, leading to out-of-bounds array access. It affects Linux systems usi...

CVE-2020-36518 is a denial-of-service vulnerability in Jackson Databind where processing deeply nested JSON objects causes a Java StackOverflowError, crashing the application. This affects any Java ap...

This CVE allows local Windows users to escalate privileges by hijacking the system search path. The Python installer on Windows can incorrectly add user-writable directories to PATH during repair oper...

CVE-2022-23308 is a use-after-free vulnerability in libxml2's validation component that allows attackers to potentially execute arbitrary code or cause denial of service. It affects applications that ...

CVE-2022-24407 is a SQL injection vulnerability in Cyrus SASL authentication library. It allows attackers to inject arbitrary SQL commands via unescaped passwords in SQL INSERT/UPDATE statements. Syst...

This Linux kernel vulnerability allows remote attackers to bypass UDP source port randomization by exploiting flaws in ICMP error processing. Attackers can scan open UDP ports more effectively, compro...

This vulnerability in Python's urllib.parse module allows injection attacks via crafted URLs containing carriage return (\r) or line feed (\n) characters in the path component. Attackers can exploit t...

This vulnerability in Apache ActiveMQ Artemis allows attackers to cause a denial-of-service (DoS) condition by consuming excessive memory resources. Systems running vulnerable versions of ActiveMQ Art...

CVE-2021-46143 is an integer overflow vulnerability in Expat's XML parser that can lead to heap memory corruption. Attackers can exploit this by providing specially crafted XML input, potentially caus...

A vulnerability in Oracle MySQL's mysqldump client allows low-privileged attackers with network access to potentially access or modify sensitive data. The vulnerability affects MySQL Client versions 8...

This vulnerability allows attackers to create malicious OOXML files (like Excel, Word, or PowerPoint documents) with duplicate zip entries that can cause different applications to interpret the same f...

This OpenSSH vulnerability allows machine-in-the-middle attacks when VerifyHostKeyDNS is enabled. Attackers can impersonate legitimate servers by exploiting error code mishandling during host key veri...

A critical memory corruption vulnerability in GNU Binutils' linker component (ld) allows remote attackers to potentially execute arbitrary code or cause denial of service. This affects systems using B...

A memory corruption vulnerability exists in GNU Binutils' bfd_putl64 function within the ld component. This allows remote attackers to potentially execute arbitrary code or cause denial of service by ...

This vulnerability in MySQL Server's Optimizer component allows high-privileged attackers with network access to cause denial of service by crashing or hanging the server. Affected versions include My...

This vulnerability in Jetty's DosFilter allows unauthenticated attackers to send crafted requests that trigger OutOfMemory errors, leading to denial-of-service conditions. It affects servers using Jet...

This vulnerability in Apache Commons IO allows attackers to cause denial of service by consuming excessive CPU resources through maliciously crafted input to the XmlStreamReader class. It affects appl...

This AngularJS vulnerability allows attackers to bypass image source restrictions via improper sanitization of the 'srcset' attribute, enabling content spoofing attacks. It affects AngularJS versions ...

urllib3's CVE-2024-37891 allows the Proxy-Authorization header to leak during cross-origin redirects when configured incorrectly without using urllib3's built-in proxy support. This could expose proxy...

This vulnerability in Google Guava's createTempDir() method creates temporary directories with world-readable permissions on Unix-like systems, allowing any user on the same machine to potentially rea...