📦 Ontap Select Deploy Administration Utility

This vulnerability in dpkg allows directory traversal when extracting specially crafted source packages, enabling attackers to write arbitrary files outside the intended extraction directory. It affec...

An out-of-bounds read vulnerability in PCRE2 library's JIT compiler allows reading memory beyond allocated buffers during recursive regular expression processing. This affects any software using PCRE2...

This vulnerability in glibc's wordexp function allows attackers to cause denial of service or potentially read arbitrary memory when processing malicious input. It affects any application using glibc'...

CVE-2021-3520 is an integer overflow vulnerability in the LZ4 compression library that allows attackers to trigger out-of-bounds writes by submitting crafted files. This can lead to application crashe...

CVE-2020-36329 is a use-after-free vulnerability in libwebp that allows attackers to execute arbitrary code or cause denial of service. This affects any application using vulnerable versions of libweb...

CVE-2020-36330 is an out-of-bounds read vulnerability in libwebp versions before 1.0.1, allowing attackers to read sensitive memory data or cause denial-of-service. It affects systems using libwebp fo...

This is a buffer overflow vulnerability in Python's ctypes module that could allow remote code execution. It affects Python applications that process untrusted floating-point numbers through ctypes. T...

This CVE describes a heap buffer overflow vulnerability in the Freetype font rendering library used by Google Chrome. A remote attacker could exploit this by tricking users into visiting a malicious H...

This CVE involves the removal of GLOBALTRUST root certificates from the certifi Python package due to compliance issues. Systems using affected certifi versions may trust certificates issued by GLOBAL...

This vulnerability in ONTAP Select Deploy administration utility allows read-only users to escalate their privileges to higher administrative levels. It affects ONTAP Select Deploy versions 9.12.1.x, ...

CVE-2024-2398 is a memory leak vulnerability in libcurl that occurs when HTTP/2 server push headers exceed the 1000-header limit. This allows attackers to cause denial of service through resource exha...

CVE-2024-26461 is a memory leak vulnerability in Kerberos 5's GSSAPI sealing implementation that can lead to denial of service through resource exhaustion. Systems using krb5 1.21.2 for authentication...

CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. By crafting malicious GLIBC_TUNABLES environment va...

This CVE describes a privilege escalation vulnerability in VMware vSphere where a malicious actor with Guest Operation Privileges in a target virtual machine can elevate their privileges if that VM ha...

This vulnerability affects systems using certifi Python package versions before 2023.07.22, which included compromised e-Tugra root certificates. Attackers could perform man-in-the-middle attacks or s...

This vulnerability in Python's urllib.parse component allows attackers to bypass URL blocklisting mechanisms by using URLs that begin with blank characters (like spaces or tabs). This affects applicat...

This CVE describes a timing side-channel vulnerability in GnuTLS that allows attackers to perform Bleichenbacher-style attacks against RSA encryption. By sending specially crafted messages to vulnerab...

This SQLite vulnerability allows array-bounds overflow when processing extremely large string arguments (billions of bytes) through certain C API functions. It affects applications using vulnerable SQ...

This vulnerability in npm causes workspace operations to ignore .gitignore and .npmignore exclusion rules, potentially exposing sensitive files. Anyone who used npm pack or npm publish in workspaces w...

This vulnerability in Python's mailcap module allows shell command injection when applications call mailcap.findmatch() with untrusted input. Attackers can execute arbitrary commands on affected syste...

This vulnerability in zlib allows memory corruption during compression (deflating) when processing input with many distant matches. It affects any software using vulnerable zlib versions for compressi...

This vulnerability in libtiff allows an attacker to cause denial of service by passing a null pointer to memcpy() when processing specially crafted TIFF files. The flaw occurs in the TIFFFetchNormalTa...

This CVE allows local Windows users to escalate privileges by hijacking the system search path. The Python installer on Windows can incorrectly add user-writable directories to PATH during repair oper...

CVE-2022-23308 is a use-after-free vulnerability in libxml2's validation component that allows attackers to potentially execute arbitrary code or cause denial of service. It affects applications that ...

CVE-2022-24407 is a SQL injection vulnerability in Cyrus SASL authentication library. It allows attackers to inject arbitrary SQL commands via unescaped passwords in SQL INSERT/UPDATE statements. Syst...

This vulnerability in Python's urllib.parse module allows injection attacks via crafted URLs containing carriage return (\r) or line feed (\n) characters in the path component. Attackers can exploit t...

This vulnerability in GNU Binutils allows attackers to trigger a heap-based buffer overflow via the stab_xcoff_builtin_type function in stabs.c. It can cause denial of service or potentially allow arb...

CVE-2021-3778 is a heap-based buffer overflow vulnerability in Vim text editor that could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects users who open...

CVE-2021-3770 is a heap-based buffer overflow vulnerability in Vim text editor that allows attackers to execute arbitrary code by tricking users into opening specially crafted files. This affects all ...

CVE-2021-3580 is a vulnerability in nettle's RSA decryption functions where specially crafted ciphertext can cause application crashes and denial of service. This affects systems using nettle cryptogr...

CVE-2021-3530 is a stack exhaustion vulnerability in GNU libiberty's rust-demangle.c that allows crafted symbols to cause denial of service through application crashes. This affects systems using GNU ...

CVE-2021-3516 is a use-after-free vulnerability in libxml2's xmllint tool that allows attackers to execute arbitrary code or cause denial of service by submitting specially crafted XML files. This aff...

A memory corruption vulnerability in ISC DHCP allows attackers to cause denial of service by crashing dhclient or dhcpd processes when they parse malicious lease files. The vulnerability affects DHCP ...

CVE-2020-36332 is a memory exhaustion vulnerability in libwebp library versions before 1.0.1. When processing specially crafted WebP images, libwebp allocates excessive memory, potentially causing den...

A use-after-free vulnerability in libxml2 versions before 2.9.11 allows attackers to submit crafted XML files to applications using this library, potentially leading to arbitrary code execution. This ...

This vulnerability in Nettle cryptographic library allows attackers to forge digital signatures by exploiting incorrect elliptic curve multiplication with out-of-range scalars. Systems using Nettle fo...

This OpenSSL vulnerability allows certificate chain validation to be bypassed when the X509_V_FLAG_X509_STRICT flag is explicitly set. It affects applications using OpenSSL 1.1.1h-1.1.1j that enable s...

An integer overflow vulnerability in libtiff's tif_getimage.c allows attackers to execute arbitrary code when a user opens a malicious TIFF file. This affects any application using vulnerable versions...

This GRUB2 vulnerability allows attackers to corrupt memory by one byte for each quote in menu input due to an incorrect length calculation. It affects systems using GRUB2 versions prior to 2.06, pote...

This vulnerability in GRUB2 allows privileged attackers to bypass Secure Boot protections by using the cutmem command to remove memory address ranges. This could enable loading of unauthorized code or...

This CVE-2020-25632 vulnerability in GRUB2 allows attackers to unload kernel modules that other modules depend on, creating a use-after-free condition that can lead to arbitrary code execution. It aff...

A critical memory corruption vulnerability in GNU Binutils' linker component (ld) allows remote attackers to potentially execute arbitrary code or cause denial of service. This affects systems using B...

A memory corruption vulnerability exists in GNU Binutils' bfd_putl64 function within the ld component. This allows remote attackers to potentially execute arbitrary code or cause denial of service by ...