38355 matches found
Privilege Escalation
kernel is vulnerable to privilege escalation. An attacker may exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c...
Buffer Overflow
github.com/python/cpython is vulnerable to buffer overflow. The vulnerability exists because of the use sprintf which does not sanitize the input and its boundaries...
Denial Of Service (DoS)
openjpeg is vulnerable to denial of service. The vulnerability exists in opjt2encodepacket function of t2.c due to a null pointer dereference which allows an attacker to crash the application via malicious input...
Arbitrary File Deletion
xstream is vulnerable to arbitrary file deletion. XStream's default blacklist of the Security Framework does not blacklist the internal JAX-WS type ReadAllStream.FileStream and therefore, allows the deserialization of XML containing those untrusted type, subsequently leading to an arbitrary file...
Arbitrary Code Execution
SQLite is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary code via a buffer overflow when the FTS3 extension is enabled...
Arbitrary Code Execution
lighttpd is vulnerable to arbitrary code execution. A signed integer overflow allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code on the host OS malicious HTTP GET request due to mishandling of /%2F? in burlnormalize2Ftoslashfix in burl.c...
Command Injection
cmd/go in github.com/golang/go is vulnerable to command injection. An attacker is able to inject malicious command via cgoflags compiler flag argument...
Denial Of Service (DoS)
linux kernel is vulnerable to denial of service. An out-of-bounds error in scalar32minmaxor in kernel/bpf/verifier.c during the use of 64-bit values allows an attacker to crash the kernel...
Privilege Escalation
kernel is vulnerable to privilege escalation. A use-after-free flaw was found in the way the Linux kernel's filesystem subsystem handled a race condition in the cdevget of chardev.c function.This flaw allows a privileged local user to starve the resources, causing potentially escalating their...
Denial Of Service (DoS)
linux is vulnerable to denial of service DoS. The vulnerability exists through a memory out-of-bounds read flaw in the ext3/ext4 file system, in the way it accesses a directory with broken indexing, allowing a local user to crash the system if the directory exists...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. The vulnerabiltiy exists through memory errors...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption when parsing web content...
Information Disclosure
foreman is vulnerable to information disclosre. It is possible due to unauthorized cache read on RPM-based installations through local user...
Information Disclosure
kernel is vulnerable to information disclosure. An info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusbdec.c driver allows an attacker to obtain confidential information...
Open Redirection
Squid is vulnerable to Open Redirection. When certain web browsers are used, HTML in the hostname parameter is mishandled to cachemgr.cgi...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists through memory safety bugs...
Denial Of Service (DoS)
busybox is vulnerable to denial of service DoS. The vulnerability exists through an integer overflow issue in the DHCP client udhcpc...
Denial Of Service (DoS)
graphicsmagick is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference in ReadPNMImage in coders/pnm.c...
Unauthorized Modification And Access
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...
Denial Of Service (DoS)
samba is vulnerable to denial of service. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an attacker is able to cause a stack overflow leading to an application crash...
Sandbox Restrictions Bypass
openjdk is vulnerable to sandbox restrictions bypass. Bypass of boundary checks in nio.Buffer via concurrent access allows an attacker to escape the sandbox and obtain higher privileges...
Authorization Bypass
actionpack is vulnerable to authorization bypass. An attacker is be able to execute any migrations that are pending for a Rails app running in production mode...
Denial Of Service (DoS)
unbound is vulnerable to Denial of Service DoS. The attack exists because of an Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
Remote Code Execution (RCE)
Microsoft Chakracore is vulnerable to remote code execution RCE. It does not properly handle the JIT bails out when there is an object marked as temporary during an implicit call, allowing objects stored on the stack to be used outside of the function during the DeadStore pass of GlobOpt...
Denial Of Service (DoS)
ghostscript is vulnerable to denial of service DoS. The vulnerability exists as the memgetbitsrectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file...
Remote Code Execution (RCE)
udp.c in the Linux kernel is vulnerable Remote Code Execution RCE. It allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag...
Man-in-the-Middle (MitM)
kenrel is vulnerable to man-in-the-middle attack. Certain ipv6 protocols are not encrypted over ipsec tunnel, allowing an attacker to intercept and modify network traffic...
Denial Of Service (DoS)
openjdk is vulnerable to regex denial of service. A regular expression DoS in Scanner allows an attacker to crash the application...
Insecure Password Reset Mechanism
wordpress uses an insecure password reset mechanism. A user's password reset link does not become invalidated upon a successful password change. This would allow an attacker to reset the user's password again if the password reset link was discovered...
Information Disclosure
openssl is vulnerable to information disclosure. It was discovered that the Datagram Transport Layer Security DTLS protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way CIFS shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted,...
Denial Of Service (DoS)
pidgin is vulnerable to denial of service. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime OSCAR protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this...
Brute-force Attack
postgresql is vulnerable to brute-force attacks. The vulnerability exists as a signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...
Access Control Bypass
firefox is vulnerable to access controls restrictions bypass. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this...
Arbitrary Code Execution
thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a heap overflow flaw in the Linux kernel's EFI GUID Partition Table GPT implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially-crafted partition tables...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists as a buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables...
Arbitrary Code Execution
webkitgtk is vulnerable to arbitrary code execution. Multiple memory corruption flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application...
Privilege Escalation
java-1.6.0-ibm is vulnerable to privilege escalation. The vulnerability exists in the IBM Java 2 Runtime Environment...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...
Privilege Escalation
kernel is vulnerable to privilege escalation. A miscalculation of the size of the free space of the initial directory entry in a directory leaf block was found in the Linux kernel Global File System 2 GFS2 implementation. A local, unprivileged user with write access to a GFS2-mounted file system...
Denial Of Service (DoS)
java is vulnerable to denial of service DoS. The vulnerability exists in in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit...
Privilege Escalation
The kernel is vulnerable to Privilege Escalation.A system with SELinux enforced was more permissive in allowing local users in the unconfinedt domain to map low memory areas even if the mmapminaddr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists due to missing boundary checks in the Virtual Dynamic Shared Objects vDSO implementation. This could allow a local unprivileged user to cause a denial of service or escalate privileges...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists as several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox...
Arbitrary Command Execution
php is vulnerable to arbitrary command execution. The vulnerability exists as it was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service...
Privilege Escalation
kernel is vulnerable to privilege escalation. A flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. An out-of-bounds array access in xfrmpolicyunlink allows an attacker to crash the OS due to the way directory validation are handled...