Denial Of Service (DoS)

busybox is vulnerable to denial of service. An out-of-bounds heap read in unlzma leads to information leak and application crash when crafted LZMA-compressed input is decompressed...

Sandbox Escape

chrome is vulnerable to sandbox escape. The vulnerability exists due to a heap buffer overflow...

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists due to a race condition in ext4writeinlinedataend in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel...

Denial Of Service (DoS)

Redis is vulnerable to denial of service. The vulnerability exists due to the debuggers protocol parser to read data beyond the actual buffer...

Privilege Escalation

github.com/moby/moby is vulnerable to privilege escalation. Attempting to copy files to a malicious container using docker cp allows an attacker to change the permission for existing files in the host's system...

Denial Of Service (DoS)

chromium:edge is vulnerable to denial of service. Use after free in Extensions API in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Privilege Escalation

github.com/hashicorp/consul is vulnerable to Privilege Escalation. The vulnerability exists in Txn.Apply function because it's missing an authorization check in the Endpoint which allows an attacker to gain access to the system and perform unauthorized actions...

Privilege Escalation

matrixsynapse is vulnerable to privilege escalation. An unauthorised user knowing Room ID of a private room and setting room's history visibility to shared is allowed to enumerate the room's members, including their display names...

Denial Of Service

FFmpeg is vulnerable to denial of service. The vulnerability exists due to a null pointer dereference passed as argument to libavformat/aviobuf.c...

Denial Of Service (DoS)

nodejs-current is vulnerable to Denial Of Service DoS. The vulnerability exists due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames...

Denial Of Service

Linux kernel is vulnerable to denial of service. Linux fair scheduler has a use-after-free in shownumastats because NUMA fault statistics are inappropriately freed. A flaw was found in the Linux kernels implementation of displaying NUMA statistics, where displaying the scheduler statistics could...

Insecure SSL Configuration

curl uses insecure SSL configurations. The curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options and could potentially reuse a connection that is less secure or uses different security options such as capath, cainfo or certificate/issuer pinning...

Denial Of Service (DoS)

tor:edge is vulnerable to denial of service. The vl one of three use after free UAF bugs...

Denial Of Service (DoS)

pdfbox is vulnerable to denial of service. An attacker is able to cause an infinite loop by submitting a malicious PDF file...

Denial Of Service(DoS)

Apache HTTP Server is vulnerable to denial of service.A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

Denial Of Service (DoS)

htmldoc is vulnerable to denial of service. The vulnerability exists due to a NULL pointer dereference in the function imageloadjpeg in image.cxx...

Denial Of Service (DoS)

apache2 is vulnerable to denial of service. A null pointer dereference occurs when handling malicious HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service...

Cross-site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting. An attacker is able to inject malicious script via the comment because --! is not handled...

Denial Of Service (DoS)

golang is vulnerable to . Due to a pre-allocation optimization in zip.NewReader, an attacker can cause a denial of service condition using a malicious archive which would result in a panic or memory exhaustion...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A NULL pointer reference allows a local privileged user to cause a denial of service...

Information Disclosure

curl is vulnerable to information disclosure. The vulnerability exists in -t command line in CURLOPTTELNETOPTIONS because the option parser for sending NEWENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server which allows an attacker to...

Denial Of Service (DoS)

glibc is vulnerable to denial of service. The vulnerability exists when processing invalid multi-byte input sequences which could lead to an infinite loop in applications causing the system to crash...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A NULL pointer dereference in drivers/tty/serial/8250/8250core.c:serial8250isainitports allows local users to cause a denial of service by using the p-serialin pointer which is uninitialized...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability can be caused by a privileged local user through the kbdkeycode function of keyboard.c, where an out of bounds write was possible due to a missing bounds check...

Denial Of Service (DoS)

sqlite is vulnerable to denial of service. The vulnerability exists due to select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation...

Arbitrary Code Execution

libxml2 is vulnerable to arbitrary code execution. A use-after-free occurs in xmllint when --html and --push options are used, allowing an attacker to execute arbitrary code on the host OS by submitting malicious files...

Privilege Escalation

exim4 is vulnerable to privilege escalation. The vulnerability exists due to insufficient validation of user-supplied input when processing new line characters. A remote attacker can inject a new line character into the spool header file and modify the mail queue...

Arbitrary Code Execution

exim4 is vulnerable to arbitrary code execution. An integer overflow in receiveaddrecipient could potentially allow an attacker to execute arbitrary code on the host OS...

Remote Code Execution (RCE)

webkit2gtk is vulnerable to remote code execution, the vulnerability exists due to an out-of-bounds write issue...

Cross-site Scripting (XSS)

lxml is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary script via HTML action attribute into defs.linkattrs in html/defs.py...

Cross-site Scripting (XSS)

pki-core is vulnerable to cross-site scripting XSS. An attacker could inject a specially crafted value that will be executed on the victim's browser if an attacker has a valid nonce...

Information Disclosure

chromium:sid is vulnerable to information disclosure. It allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

Regular Expression Denial-of-Service (ReDoS)

pillow is vulnerable to regular expression denial of service. Usage of an insecure regex allows an attacker to cause excessive CPU consumption when parsing a malicious PDF file...

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS. The vulnerability exists through a use after free in the Linux kernel infiniband hfi1 driver, found in the way user calls Ioctl after open dev file and fork...

XML External Entity (XXE)

batik-svgbrowser is vulnerable to XML external entity attacks. An attacker is able to submit HTTP GET requests on behalf of the server using malicious arguments...

OS Command Injection

systeminformation is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad etc...

Open Redirection

rails is vulnerable to open redirection. Inadequate validation and regex matching of URLs allows an attacker to bypass validation checks using a malicious Host header and redirect users to a malicious website...

Arbitrary Code Execution

qemu is vulnerable to arbitrary code execution. An out-of-bound heap buffer access via an interrupt ID field could potentially allow an attacker to execute arbitrary code on the host OS...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability exists through an out-of-bounds access in the function buildaudioprocunit in the file sound/usb/mixer.c...

Sandbox Restrictions Bypass

chromium is vulnerable to arbitrary code execution. An inappropriate implementation flaw in the iframe sandbox component allows an attacker to bypass sandbox restrictions...

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability exists due to a use-after-free error when processing COOKIE-ECHO chunk in a SCTP packet. An attacker can inject malicious data to the browser, triggering a use-after-free error and execute arbitrary code on the system...

Authorization Bypass

curl is vulnerable to authorization bypass. The vulnerability is present only if OpenSSL is the designated TLS backend. OCSP stapling is not enabled by default by libcurl, it needs to be explicitly enabled by the application to get used...

Arbitrary Code Execution

openjfx is vulnerable to arbitrary code execution.An easy-to-exploit vulnerability allows an unauthenticated attacker to compromise and takeover the Java SE...

Arbitrary Code Execution

libapache2-mod-fcgid is vulnerable to arbitrary code execution. A heap-based buffer overflow in the fcgidheaderbucketread function in fcgidbucket.c allows remote attackers to execute arbitrary code on the host OS...

Remote Code Execution (RCE)

Google Chrome is vulnerable to remote code execution. The vulnerability existed because of an integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux. An attacker is able to execute arbitrary code via a crafted HTML page...

Privilege Escalation

cephx is vulnerable to privilege escalation attacks. This is because cephx authentication protocol does not verify ceph clients correctly. An attacker who has access to the ceph cluster network is able to sniff packets on the network...

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS. An attacker having high privilege with network access via multiple protocols can compromise MySQL Server...

Denial Of Service (DoS)

math/big in github.com/golang/go is vulnerable to denial of service. An attacker can send a divisor or modulo argument larger than 3168 bits on 32-bit architectures or 6336 bits on 64-bit architectures to a number of math/big.Int methods Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqr...

Overwriting Variables

postgresql is vulnerable to overwriting variables. The vulnerability exists because \gset allows overwriting specially treated variables...

Information Disclosure

kernel is vulnerable to information disclosure.It incorrectly writes to the /proc/sys/vm/cmmtimeout file.This flaw allows to local user see the kernel stack information leak on s390/s390x...