38355 matches found
Denial Of Service (DoS)
com.liferay.layout.admin.web is vulnerable to denial of service. The vulnerability exists due to improper handle of user privileges in script.jsp file allows a remote attacker to restrict system access to the legitimate users...
Use After Free
chromium is vulnerable to use after free. The vulnerability exists in Optimization Guide which allows an attacker to cause a memory corruption...
Denial Of Service (DoS)
samba is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of permission when adding service principals names SPNs to an account...
Buffer Overflow
mruby is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to a lack of sanitization...
Denial Of Service (DoS)
linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists due to an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service. The vulnerability exists due to the use-after-free in the NFC stack, allowing an attacker to crash the application...
Denial Of Service (DoS)
linux-oracle:hirsute is vulnerable to denial of service. A memory leak in the ccprunaesgcmcmdfunction in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause an application crash...
Cross-site Scripting (XSS)
lxml is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute crafted and SVG embedded scripts through the data URIs in clean.py...
Denial Of Service (DoS)
thunderbird and firefox are vulnerable to denial of service. The vulnerability exist due to an incorrect type conversion of sizes from 64bit to 32bit integers which allows an attacker to corrupt memory...
Denial Of Service (DoS)
kernel-rt is vulnerable to denial of service DoS attacks. A flaw out of bounds memory access in the Linux kernel bluetooth subsystem was found in the way when some data being read about the bluetooth device with the hciextendedinquiryresultevt call. A local user could use this flaw to crash the...
Denial Of Service (DoS)
linux is vulnerable to denial of service. The vulnerability exists due to a race condition in ext4writeinlinedataend in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel...
Denial Of Service (DoS)
linux is vulnerable to denial of service. The vulnerability exists due to an out-of-bounds OOB memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel...
HTTP Request Smuggling (HRS)
nodejs is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists due to an error related to a space in headers which allows an attacker to poison the web cache, bypassing the web application...
Man-In-The-Middle Attack (MitM)
curl is vulnerable to Man in the middle attack. The vulnerability exists due to a lack of clearing of previous cached responses, treating them as valid and authenticated...
Denial Of Service (DoS)
RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...
Prototype Pollution
set-value is vulnerable to prototype pollution. Lack of validation in type of user-provided keys in the path parameter causes a bypass of CVE-2019-10747. The exploit is possible when the user-provided keys used in the path parameter are arrays...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. Lack of checking that shape of the input or the target shape have both a non-zero number of elements causes an integral division by 0 exception...
Denial Of Service (DoS)
ruby2.7:sid is vulnerable to Denial Of Service DoS. It is possible to execute arbitrary code via | and tags in a filename...
Man In The Middle (MitM)
ruby2.7 is vulnerable to Man In the Middle Attack. An attacker may bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.”...
Denial Of Service (DoS)
glibc is vulnerable to denial of service. The vulnerability exists when processing invalid multi-byte input sequences which could lead to an infinite loop in applications causing the system to crash...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists through sending ioctl commands to midi devices that could trigger a use-after-free issue where a write to this specific memory while freed...
Remote Code Execution (RCE)
libxml2 is vulnerable to remote code execution. The vulnerability exists due to a use after free in libxml2 in xmlXIncludeDoProcess in xinclude.c...
Remote Code Execution
redis is vulnerable to remote code execution. An integer overflow occurs during the execution of a STRALGO LCS command, resulting in heap corruption and potential code execution...
Authorization Bypass
java is vulnerable to Authorization Bypass. A difficult to exploit vulnerability allows unauthenticated attacker with network access to affect intgrity of the system. The attack requires human interaction from a person other than the attacker...
Denial Of Service (DoS)
etcd is vulnerable to denial of service. A panic occurs in decodeRecord method when a large slice is processed due to a lack of validation on the size of record...
Denial Of Service (DoS)
chromium is vulnerable to denial of service. An out-of-bounds read in sctploadaddressesfrominit in usrsctp allows an attacker to crash the application...
Arbitrary Code Execution
grub is vulnerable to arbitrary code execution. An attacker is able to remove address ranges from memory via the cutmem command to bypass Secure Boot protections...
Privilege Escalation
grub2 is vulnerable to privilege escalation. The vulnerability exists as variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with ...
Remote Code Execution
bind9 is vulnerable to remote code execution. A buffer overflow in GSSAPI security policy negotiation can result in remote code execution...
Privilege Escalation
kernel is vulnerable to privilege escalation. An attacker may exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c...
Buffer Overflow
github.com/python/cpython is vulnerable to buffer overflow. The vulnerability exists because of the use sprintf which does not sanitize the input and its boundaries...
Arbitrary Code Execution
jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the lack of sanitization of the org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS class through deserialization...
Denial Of Service (DoS)
openjpeg is vulnerable to denial of service. The vulnerability exists in opjt2encodepacket function of t2.c due to a null pointer dereference which allows an attacker to crash the application via malicious input...
Arbitrary Code Execution
SQLite is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary code via a buffer overflow when the FTS3 extension is enabled...
Arbitrary Code Execution
lighttpd is vulnerable to arbitrary code execution. A signed integer overflow allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code on the host OS malicious HTTP GET request due to mishandling of /%2F? in burlnormalize2Ftoslashfix in burl.c...
Information Disclosure
php is vulnerable to information disclosure in exifreaddata...
Command Injection
cmd/go in github.com/golang/go is vulnerable to command injection. An attacker is able to inject malicious command via cgoflags compiler flag argument...
Validation Bypass
httpclient is vulnerable to validation bypass. A malformed authority component in the request URIs that is passed to the library as java.net.URI object would result in the request execution for a wrong target host...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption...
Information Disclosure
webkitgtk4 is vulnerable to information disclosure. The vulnerability exists through the drawing of web page elements that causes browsing history to be revealed...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption when parsing web content...
Arbitrary Code Execution
glibc is vulnerable to arbitary code execution.It is possible because LDPREFERMAP32BITEXEC doe not ignore in setuid binaries...
Arbitrary Code Execution
GraphicsMagick is vulnerable to arbitrary code execution. A segmentation violation in the WriteMAPImage function in coders/map.c when processing a non-colormapped image allows an attacker to execute arbitrary code on the host OS. This vulnerability is different from CVE-2017-11642...
Privilege Escalation
android kernel is vulnerable to privilege escalation. A use-after-free in the video driver allows an attacker to obtain higher privileges...
Information Disclosure
kernel is vulnerable to information disclosure. An info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusbdec.c driver allows an attacker to obtain confidential information...
Sweet32 Attack
OpenVPN is vulnerable to Sweet32 Attack. When using a 64-bit block cipher, it is easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...
Denial Of Service (DoS)
busybox is vulnerable to denial of service DoS. The vulnerability exists through an integer overflow issue in the DHCP client udhcpc...
Denial Of Service (DoS)
chrony is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writin...
Denial Of Service (DoS)
mysql is vulnerable to denial of service DoS. The vulnerability exists in Server Logging...
Unauthorised Access
openjdk7 is vulnerable to unauthorized. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data...