Packet Injection

kernel is vulnerable to packet injection. The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept second or subsequent broadcast fragments even when sent in plaintext and process them as full unfragmented frames...

Improper Input Validation

Java SE is vulnerable to improper input validation. An attacker can perform service disruption through the JSSE component in the oracle GraalVM enterprise edition...

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists due to an incorrect connection-setup ordering in fs/nfs/nfs4client.c...

Denial Of Service (DoS)

xen is vulnerable to denial of service. An out-of-memory occurs when an unbounded queue of single threaded events are received faster than the thread is able to handle...

Privilege Escalation

kernel-rt is vulnerable to privilege escalation. The vulnerability exists due to certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGESIZE value which allows an unprivileged user to send a Netlink message that is associated with iSCSI, and has...

Directory Traversal

busybox is vulnerable to directory traversal. A remote attacker is able to perform a symlink attack to gain access to files outside of the current working directory...

Privilege Escalation

chromium is vulnerable to privilege escalation. The vulnerability exists because of insufficient policy enforcement in Cryptohome...

Heap Buffer Overflow

FreeType is vulnerable to heap-based buffer overflow due to integer truncation in LoadSBitPng...

Authorization Bypass

OpenJDK is vulnerable to authorization bypass. The vulnerability exists through incomplete check for invalid characters in URI to path conversion...

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerabiltiy exists through memory errors...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. A use after free vulnerability in ipreass in ipinput.c of libslirp allows an attacker to crash the application using malicious packets...

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS. The vulnerability exists in through a malicious USB device in the drivers/usb/class/cdc-acm.c driver...

Insecure Direct Object Reference

telerik.web.ui is vulnerable to insecure direct object reference. User input is not validated and used directly by RadAsyncUpload without modification or validation. This can potentially result in arbitrary file uploads and executino of arbitrary code...

Server-side Request Forgery (SSRF)

batik-svgrasterizer is vulnerable to server side request forgery SSRF. It is possible as it does not prevent an attacker to make malicious GET requests on behalf of the server through the use of xlink:hrefattributes which allows access to internal resources...

Insecure Deserialization

camel-netty is vulnerable to insecure deserialization. If no codec is specified, it allows objects deserialization using java serialization and deserialization by default rather than restricting only to Strings...

Information Disclosure

kernel is vulnerable to information disclosure. An information leak bug caused by a malicious USB device in the drivers/net/can/usb/peakusb/pcanusbcore.c driver allows an attacker to obtain confidential information...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT Programmable Interval Timer IRQs interrupt requests when there was no virtual interrupt controller set up. A malicious user in the kvm group on the host could force this situatio...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as it was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large...

Authorization Bypass

kernel is vulnerable to authorization bypass. In KVM Kernel-based Virtual Machine environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests and other SCSI commands on the host, and...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists as it was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page...

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw was found in the way MySQL handled SELECT statements with subqueries in the WHERE clause, that assigned results to a user variable. A remote, authenticated attacker could use this flaw to crash the MySQL server daemon mysqld. This issue only caused...

Authentication Bypass

java is vulnerable to authentication bypass. A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or...

DNS Spoofing

ruby is vulnerable to DNS spoofing. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A deficiency in the clone system call when called with the CLONEPARENT flag permits the caller the parent process to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent proce...

Deserialization Of Untrusted Object

jackson-databind is vulnerable to deserialization of untrusted data. It was possible for an untrusted class, org.springframework.aop.config.MethodLocatingFactoryBean, and org.springframework.beans.factory.config.BeanReferenceFactoryBean, to be used as a serialization gadget through polymorphic...

Denial Of Service (DoS)

urllib3 is vulnerable to denial of service. The encodeinvalidchars function in util/url.py allows an attacker to cause a denial of service condition through long processing time due to an inefficient algorithm when parsing invalid characters, potentially resulting in an application crash when...

Denial Of Service (DoS)

nginx HTTP/2 is vulnerable to denial of service DoS. The attack is possible because it cannot control an attacker from sending a large amount of data request by manipulating window size and stream priority to force server to queue the data in 1-byte chunks, exhausting CPU and/or memory...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a fix race condition between mmgetnotzero/gettaskmm and core dumping...

Authorization Bypass

openjdk is vulnerable to authorization bypass. An input validation flaw was found in the URL class implementation in the Networking component of OpenJDK which allows a remote attacker to perform unauthorized read, update, insert or delete actions...

Path Traversal

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for ...

Privilege Escalation

Apache HTTP Server is vulnerable to privilege escalation. This is because, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. An attacker could replay the HTTP requests across servers without...

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Denial Of Service (DoS) Through Memory Consumption

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Integer Overflow

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. CVE-2015-4024 An uninitialized pointer use flaw was found ...

Path Traversal

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

Memory Corruption And Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code with the...

Privilege Escalation

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...

Arbitrary Code Execution

kernel-rt is vulnerable to arbitrary code execution. The vulnerability exists as it uses incorrect uid and gid values during credentials passing in the scmsetcred function...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution

Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script...

Denial Of Service (DoS)

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP Border Gateway Protocol routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF Open Shortest Path First routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd...

Cross-site Scripting (XSS)

bootstrap is vulnerable to Cross-site Scripting XSS. The attack exists because it does not escape the data-template, data-content and data-title options for tooltip/popover plugins, allowing to inject malicious script through it...

Use After Free

httpd24 is vulnerable to information disclosure attacks. The vulnerability exists as Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This...

Information Disclosure

keycloak-saml-core is vulnerable to sensitive information disclosure. The attack exists because SAML messages are being parsed by replacing the string to obtain the attribute values with the system property in StaxParserUtil class. Therefore, attacker can just parse the chosen system property nam...

Authorization Bypass

Linux kernel is vulnerable to authorization bypass. When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands...

Directory Information Disclosure

Tomcat is vulnerable to directory information disclosure. When accessing a directory protected by a security constraint with a URL that did not need in a slash, Tomcat would redirect to the URL with the trailing slash, confirming the presence of the file, even if no access is permitted...

Denial Of Service (DoS)

OpenSSL is susceptible to denial of service attack. During buffer reading and writing with the SSLMODERELEASEBUFFERS mode, TLS/SSL client or server using OpenSSL can crash while processing SSL/TLS due to the flaw in ssl3readbytes function in s3pkt.c in OpenSSL...

Cross-site Scripting (XSS)

notebook is vulnerable to a cross-site scripting XSS attack. The library does not properly sanitize URLs passed through a directory name, allowing a malicious user to inject and execute arbitrary Javascript...

Denial Of Service (DoS)

openssl is vulnerable to denial of service DoS attacks. A malicious user can pass a large prime number during a TLS handshake that can cause the client to take a long time generating a key for this, leading to the client hanging and possibly crashing...

Blockwise Chosen-boundary Attacks

github.com/openshift/origin is vulnerable to blockwise chosen-boundary attacks aka the "BEAST" attack. It encrypts data by using CBC mode with chained initialization vectors which allows attackers to obtain plaintext HTTP headers through blockwise chosen-boundary attacks on HTTPS sessions. This...