CVE Daily
← All tags

Tag: Hashicorp Boundary

All CVEs associated with "Hashicorp Boundary". Page 4/6 • 672 CVEs.

Subscribe CVEs: RSS for “Hashicorp Boundary”  ·  RSS (High+Critical only)

About “Hashicorp Boundary”

A curated feed of “Hashicorp Boundary”-related CVEs appears below. We currently track 672 CVEs for this tag (all time). In the last 365 days, 336 were published. Average CVSS is 7.3 (all time; 7.4 over 365d), and 63% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-125 - Out-of-bounds Read, CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer.

In our taxonomy this topic maps to a LOW impact class. Remote access tools expose critical entry points. Patch, enforce MFA, restrict split tunneling, and monitor authentication events. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-03-17
Medium

CVE-2025-2401

Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, due to the lack of proper boundary checking.

CVSS: 5.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2025-03-06
High

CVE-2024-50600

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD le…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-52924

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, M…

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-52923

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, M…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2025-03-03
High

CVE-2024-51954

There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker…

CVSS: 8.5 CWE: CWE-284 - Improper Access Control View on NVD
2025-02-26
High

CVE-2022-49612

In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions power_supply_temp2resist_simple and power_supply_ocv2…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-49547

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between concurrent dio writes when low on free data space When reserving data space for a direct IO write we…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
High

CVE-2022-49261

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: add missing boundary check in vm_access A missing bounds check in vm_access() can lead to an out-of-bounds read or…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-49174

In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit In case of flex_bg feature (which is by default enabled), extents for a…

CVSS: 5.5 CWE: N/A View on NVD
2025-02-05
High

CVE-2025-23239

When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit…

CVSS: 8.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2025-01-31
High

CVE-2025-21680

In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the…

CVSS: 7.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
2025-01-21
Medium

CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is kn…

CVSS: 6.8 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
2025-01-11
High

CVE-2024-57838

In the Linux kernel, the following vulnerability has been resolved: s390/entry: Mark IRQ entries to fix stack depot warnings The stack depot filters out everything outside of the top interrupt cont…

CVSS: 7.1 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
2025-01-06
Medium

CVE-2024-56761

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT…

CVSS: 5.5 CWE: N/A View on NVD
2024-12-12
Medium

CVE-2024-12289

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate…

CVSS: 5.9 CWE: CWE-460 - Improper Cleanup on Thrown Exception View on NVD
Critical

CVE-2024-47775

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-12-02
High

CVE-2024-53981

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-11-27
High

CVE-2024-41126

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating syst…

CVSS: 8.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-11-14
Low

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-…

CVSS: 3.1 CWE: CWE-348 - Use of Less Trusted Source View on NVD
2024-11-09
High

CVE-2024-50250

In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very ve…

CVSS: 7.1 CWE: N/A View on NVD
2024-11-07
High

CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEM_UNINIT's meaning Lonial reported an issue in the BPF verifier where check_mem_size_reg() has the foll…

CVSS: 7.1 CWE: N/A View on NVD
2024-11-05
High

CVE-2024-50115

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as b…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-10-29
High

CVE-2024-7807

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-10-21
Medium

CVE-2022-48947

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventua…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2022-48946

In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, the…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2024-47698

In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Ensure index in rtl2832_pid_filter does not exceed 31 to…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-47697

In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Ensure index in rtl2830_pid_filter does not exceed 31 to…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2024-10-17
Medium

CVE-2024-27766

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is c…

CVSS: 5.7 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2023-39593

Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation…

CVSS: 5.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2023-26785

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the Mari…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2024-10-13
High

CVE-2024-6959

A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a mult…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2024-10-09
Medium

CVE-2024-47661

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uint8_t and it i…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2024-09-27
High

CVE-2024-46852

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: D…

CVSS: 7.8 CWE: CWE-193 - Off-by-one Error View on NVD
2024-09-23
Medium

CVE-2022-48945

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3…

CVSS: 5.5 CWE: N/A View on NVD
2024-09-20
High

CVE-2024-41721

An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution.

CVSS: 8.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-09-05
High

CVE-2024-32668

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can e…

CVSS: 8.2 CWE: CWE-193 - Off-by-one Error View on NVD
2024-09-04
Medium

CVE-2024-44972

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extent_write_locked_range() [BUG] For subpage + zoned case, the following workload can lead…

CVSS: 5.5 CWE: N/A View on NVD
2024-08-26
Medium

CVE-2024-43913

In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl. Split the alloca…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
2024-07-18
High

CVE-2024-41111

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerab…

CVSS: 7.2 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2024-07-17
Medium

CVE-2024-20416

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulne…

CVSS: 6.5 CWE: CWE-130 - Improper Handling of Length Parameter Inconsistency View on NVD
2024-07-16
Medium

CVE-2022-48806

In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX Commit effa453168a7 ("i2c: i801: Don't silently correct invalid transfer s…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2022-48795

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix data TLB miss in sba_unmap_sg Rolf Eike Beer reported the following bug: [1274934.746891] Bad Address (null pointer…

CVSS: 5.5 CWE: N/A View on NVD
2024-07-12
Medium

CVE-2024-40984

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-40901

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_b…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2024-07-05
High

CVE-2024-39480

In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use s…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-06-20
High

CVE-2022-48732

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject acces…

CVSS: 7.8 CWE: CWE-193 - Off-by-one Error View on NVD
2024-06-19
High

CVE-2024-38572

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Currently, there is no terminator entry for ath12k_qmi_msg_handlers…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-38542

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index ov…

CVSS: 7.1 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2024-6144

Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected insta…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2024-06-13
Medium

CVE-2024-5949

Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected…

CVSS: 6.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-5948

Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affec…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2024-06-11
High

CVE-2024-37293

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, c…

CVSS: 7.5 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2024-06-08
Medium

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the Sy…

CVSS: 5.5 CWE: N/A View on NVD
2024-05-21
High

CVE-2021-47303

In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling map_poke_track(), but on program rel…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2024-05-20
Medium

CVE-2024-35995

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit…

CVSS: 5.5 CWE: N/A View on NVD
2024-05-19
Medium

CVE-2024-35909

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Split 64bit accesses to fix alignment issues Some of the registers are aligned on a 32bit boundary, causing alig…

CVSS: 5.5 CWE: N/A View on NVD
2024-05-17
Medium

CVE-2024-35807

In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16…

CVSS: 5.5 CWE: N/A View on NVD
2024-05-15
Medium

CVE-2024-4837

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2024-05-01
High

CVE-2024-32018

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compil…

CVSS: 8.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Critical

CVE-2024-32017

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2024-31225

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a s…

CVSS: 8.3 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-04-28
Medium

CVE-2022-48644

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-04-12
Medium

CVE-2024-30401

An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C,…

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-04-04
High

CVE-2024-25699

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and…

CVSS: 8.5 CWE: CWE-287 - Improper Authentication View on NVD
2024-04-03
Medium

CVE-2024-26702

In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in func…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-03-18
High

CVE-2024-28054

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters…

CVSS: 7.4 CWE: CWE-436 - Interpretation Conflict View on NVD
2024-03-15
Medium

CVE-2024-28319

gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374

CVSS: 6.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-28318

gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325

CVSS: 7.1 CWE: CWE-787 - Out-of-bounds Write View on NVD
2024-03-11
High

CVE-2024-26616

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned [BUG] There is a bug report that, on a ext4-converted btr…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2024-03-02
Medium

CVE-2023-52581

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switc…

CVSS: 6.3 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2023-52530

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 d…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2024-02-26
High

CVE-2023-52474

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests hfi1 user SDMA request processing has two bugs that can c…

CVSS: 7.8 CWE: N/A View on NVD
2024-02-14
High

CVE-2023-50926

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-22093

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the att…

CVSS: 8.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2024-02-05
High

CVE-2024-1052

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a priva…

CVSS: 8.0 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-01-29
Medium

CVE-2023-40549

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the i…

CVSS: 6.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-01-05
Medium

CVE-2023-46835

The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table leve…

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-12-15
Medium

CVE-2023-33222

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-bas…

CVSS: 6.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2023-11-14
Critical

CVE-2023-28379

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker…

CVSS: 9.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2023-27882

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An…

CVSS: 9.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2023-10-27
Medium

CVE-2023-40123

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional exe…

CVSS: 5.5 CWE: N/A View on NVD
2023-10-25
High

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetri…

CVSS: 7.5 CWE: CWE-684 - Incorrect Provision of Specified Functionality View on NVD
High

CVE-2023-46136

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then…

CVSS: 8.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-10-19
High

CVE-2022-27813

Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to e…

CVSS: 8.1 CWE: CWE-1260 - Improper Handling of Overlap Between Protected Memory Ranges View on NVD
2023-10-13
High

CVE-2023-45130

Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted,…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2023-26366

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that co…

CVSS: 6.8 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2023-10-12
Medium

CVE-2023-43789

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-10-10
Medium

CVE-2023-43788

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read th…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-43785

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of me…

CVSS: 6.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-43746

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system.  A succe…

CVSS: 8.7 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
Critical

CVE-2023-41373

A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Applianc…

CVSS: 9.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-08-31
Medium

CVE-2023-39356

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the func…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-08-14
Medium

CVE-2023-21289

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges n…

CVSS: 5.5 CWE: N/A View on NVD
2023-07-11
High

CVE-2023-37271

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to sta…

CVSS: 8.4 CWE: CWE-913 - Improper Control of Dynamically-Managed Code Resources View on NVD
2023-06-13
Critical

CVE-2022-28550

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check t…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-05-03
Medium

CVE-2022-40318

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (as…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-40302

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (as…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-04-20
High

CVE-2023-2176

A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize t…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-04-04
Medium

CVE-2023-28841

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon componen…

CVSS: 6.8 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD
High

CVE-2023-28840

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon componen…

CVSS: 7.5 CWE: CWE-420 - Unprotected Alternate Channel View on NVD
2023-03-27
High

CVE-2023-28597

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web po…

CVSS: 8.3 CWE: CWE-501 - Trust Boundary Violation View on NVD
2023-02-28
Medium

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows…

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-02-09
High

CVE-2022-44572

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boun…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-02-08
Medium

CVE-2023-0690

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after…

CVSS: 5.0 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2023-02-01
High

CVE-2023-22374

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a…

CVSS: 8.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2023-01-13
Medium

CVE-2023-22409

An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). When an…

CVSS: 5.5 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
2022-12-20
Critical

CVE-2022-46319

Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-12-13
High

CVE-2022-2947

Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2022-12-07
High

CVE-2022-41800

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl R…

CVSS: 8.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2022-12-05
Medium

CVE-2022-35260

curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-base…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2022-10-27
Medium

CVE-2022-36182

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions…

CVSS: 6.1 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2022-09-01
Medium

CVE-2022-36054

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains a…

CVSS: 6.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2022-36130

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized…

CVSS: 9.9 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2022-08-04
High

CVE-2022-35243

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator rol…

CVSS: 8.7 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-31473

In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traver…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-06-30
High

CVE-2022-23720

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrat…

CVSS: 7.5 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2022-06-24
Medium

CVE-2022-32990

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).

CVSS: 5.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
2022-05-24
High

CVE-2022-29223

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descr…

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2022-05-09
Medium

CVE-2022-27114

There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the mallo…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2022-27224

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools sect…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD