Denial Of Service (DoS)

zlib is vulnerable to Denial Of Service DoS. The vulnerability exists due to a memory corruption when deflating if the input has many distant matches which will results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing...

Privilege Escalation

linux is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of the namespace isolation...

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability exists due to a lack of validation of access allowing and attacker to control the contents of an iframe sandboxed with allow-popups but not allow-scripts...

XML External Entity (XXE)

liquibase-core is vulnerable to XML external entity attacks. The XMLChangeLogSAXParser function of XMLChangeLogSAXParser.java does not disable access to external entities by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server...

Denial Of Service (DoS)

php7 and php8 are vulnerable to denial of service...

Remote Code Execution (RCE)

gnuplot is vulnerable to remote code execution.An attacker is able to exploit the vulnerability by injecting maliciously crafted script via shell metacharacters in Gnuplot commands...

Inappropriate Implementation In Navigation

Chrome has inappropriate implementation in navigation. The vulnerability exists due to an insecure function in google chrome allowing an attacker to compromise the system...

CRLF Injection

phpservermon/phpservermon is vulnerable to CRLF injection. The vulnerability exists because of the misconfiguration in nginx that allows a malicious attacker to gain CSRF token and set fake cookies...

Remote Code Execution (RCE)

thunderbird and firefox are vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the sandbox's script allowing embedding of additional content...

Network Packet Injection

kernel-rt is vulnerable to network package injection. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 i.e., LLC/SNAP header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent...

Improper Input Validation

Java SE is vulnerable to improper input validation. An attacker can perform service disruption through the ImageIO component in the oracle GraalVM enterprise edition...

Privilege Escalation

github.com/containerd/containerd is vulnerable to privilege escalation. The vulnerability exists due to insecure permission which allows an attacker to traverse directory contents and execute programs...

Denial Of Service (DoS)

Linux is vulnerable to denial of service. An attacker is able to exploit the vulnerability by triggering destruction of a large SEV VM...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A use-after-free in Blink XSLT allows an attacker to execute arbitrary code on the host OS...

Denial Of Service (DoS)

pydantic is vulnerable to denial of service. An attacker is able to exploit the vulnerability by passing either infinity , inf or floatinf or their negatives to datetime or data fields causing the validaton to run in loops with 100% CPU usage...

Denial Of Service (DoS)

bind9 is vulnerable to denial of service. The process terminates with a failed assertion check when receiving a malicious query for a record...

Use After Free

chromium:sid is vulnerable to use after free...

Information Disclosure

jetty-server is vulnerable to information disclosure. The URI normalisation in default compliance mode does not escape % encoded characters in the request metadata by common Servlet implementations, allowing access to sensitive resources within the WEB-INF directory via the use of URI with %2e or...

Denial Of Service (DoS)

openssl is vulnerable to denial of service. A NULL pointer dereference occurs when parsing a malicious renegotiation ClientHello message. This allows an attacker to remotely crash the application...

Denial Of Service (DoS)

pillow is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer overflow during the decoding of a malicious YCbCr file in RGBA mode. This CVE is due to an incomplete fix for CVE-2020-35654...

Privilege Escalation

Linux kerne is vulnerable to a local privilege escalation. Due to a wrong locking in net/vmwvsock/afvsock.c,the race conditions were implicitly introduced in the commits that added VSOCK multi-transport support...

Privilege Escalation

wpasupplicant is vulnerable to privilege escalation. The vulnerability exists in p2pcopyclientinfo of p2p.c, through a possible out of bounds write due to a missing bounds check...

Arbitrary Code Execution

jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the lack of sanitization of the org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPD class through deserialization...

Malicious Code Execution

postgresql is vulnerable to malicious code execution. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. It is possible due to Red Hat only CVE-2020-12351 regression, allowing a remote attacker in an adjacent range to crash the system...

Denial Of Service (DoS)

sqlite is vulnerable to denial of service DoS.Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c extension module in the way it implemented the snippet function.This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. It is possible due to uninitialized kernel data leak in userspace coredumps...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists due to a memory leak in af9005identifystate function in dvb-usb/af9005.c which allows an attacker to cause an application crash...

Remote Code Execution (RCE)

kernel is vulnerable to remote code execution RCE. The vulnerability exists through a buffer over-write in vgaconscroll...

Privilege Escalation

libvirt is vulnerable to arbitrary code execution. A double free memory issue affects the polkit access control driver and allows clients connecting to the read-write socket with limited ACL permissions to exploit the vulnerability to crash the libvirt daemon or potentially escalate their...

Information Leakage

FreeRADIUS is vulnerable to Information leak. It is possible due to aborting when needing more than 10 iterations...

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through parsing web content to memory corruption...

Arbitrary Code Execution

squid3 is vulnerable to arbitrary code execution. The vulnerability exists as squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer, that allows encoded URLs to bypass the urlregex check...

Use-after-free

samba is vulnerable to a use-after-free flaw. Due to a flaw in all samba LDAP server used in a AC DC configuration, a user can lead to an application crash...

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. Unexpected exception raised by DerInputStream results in a partial denial of service condition which results in an application crash...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. A heap-based buffer overflow in the mwifiexretwmmgetstatus function in drivers/net/wireless/marvell/mwifiex/wmm.c allows an attacker to execute arbitrary code on the system...

Unrestricted File Upload

telerik.web.ui allows unrestricted file uploads. A remote attacker is able to upload arbitrary files which can result in arbitrary code execution...

Arbitrary Code Execution

activesupport is vulnerable to arbitrary code execution. The vulnerability exists as the user input written to the cache store using the raw: true parameter can cause the cached code to be evaluated when read again...

Denial Of Service

kernel is vulnerable to denial of service. It was found that the kvmvmioctlassigndevice function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the Linux kernel in the way splitting two extents in ext4extconverttoinitialized worked. A local, unprivileged user with access to mount and unmount ext4 file systems could use this flaw to cause a denial of service...

Arbitrary Code Execution

thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Arbitrary Code Execution

thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. Missing sanity checks were found in setupargpages in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUGON, resulting in a local denial of service...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the flaw in sctpprocessunkparam, allowing a remote attacker to send a specially-crafted SCTP packet to an SCTP listening port on a target system, causing a denial of service...

Remote Code Execution (RCE)

Perl is vulnerable to Remote Code Execution RCE. The Safe module did not properly restrict the code of implicitly called methods such as DESTROY and AUTOLOAD on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe...

Denial Of Service (DoS)

apache http server is vulnerable to denial of service. A flaw was found in the way the moddav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash...

Cross-site Scripting (XSS)

Mozilla Firefox is vulnerable to cross-site scripting XSS. It happens due to the way Firefox handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. A website that allows arbitrary uploads and relies on the "Content-Disposition:...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A NULL pointer dereference flaws were found in the r128 driver in the Linux kernel. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial o...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution...

Arbitrary JavaScript Code Execution

seamonkey is vulnerable to arbitrary javascript code execution. The vulnerability exists as a flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters...