CVE-2023-31022

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service...

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

CVE-2021-31153

please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the searchpath function, the --check option, or the -d option...

CVE-2021-28117

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs that are neither https:// nor http:// based on the content of the store.kde.org web site. 5.18.7 is also a fixed version...

CVE-2019-19647

radare2 through 4.0.0 lacks validation of the content variable in the function rasmpseudoincbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted input...

CVE-2018-11378

The wasmdis function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file...

CVE-2018-11381

The stringscanrange function in radare2 2.5.0 allows remote attackers to cause a denial of service heap-based out-of-bounds read and application crash via a crafted binary file...

CVE-2018-10187

In radare2 2.5.0, there is a heap-based buffer over-read in the dalvikop function libr/anal/p/analdalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier...

CVE-2018-8809

In radare2 2.4.0, there is a heap-based buffer over-read in the dalvikop function of analdalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file...

CVE-2017-9762

The cmdinfo function in libr/core/cmdinfo.c in radare2 1.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted binary file...

CVE-2017-9430

Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service application crash or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv0. An example threat model is a web application...

CVE-2015-0855

The mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path...

CVE-2016-7536

magick/profile.c in ImageMagick allows remote attackers to cause a denial of service segmentation fault via a crafted profile...

CVE-2015-1330

unattended-upgrades before 0.86.1 does not properly authenticate packages when the 1 force-confold or 2 force-confnew dpkg options are enabled in the DPkg::Options:: apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors...

CVE-2014-0487

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors...

CVE-2012-5513

The XENMEMexchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service crash or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range...

CVE-2010-0049

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via HTML elements with right-to-left RTL text directionality...

CVE-2008-1803

Integer signedness error in the xrealloc function rdesktop.c in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channelprocess function was not specified by the original researcher...