38126 matches found
Arbitrary Code Execution
poppler is vulnerable to arbitrary code execution. An integer overflow flaw in the processing of PDF files allows an attacker to create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists through unchecked kstrdup of fwstr in drmloadedidfirmware leads to denial of service...
Denial Of Service (DoS)
imagemagick is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer over-read in AdaptiveThresholdImage in MagickCore/threshold.c...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. An out-of-bounds array access in xfrmpolicyunlink allows an attacker to crash the OS due to the way directory validation are handled...
HTTP Request Splitting
twisted is vulnerable to HTTP request splitting. The vulnerability exists as requests with both Content-Length and Transfer-Encoding headers would have honored the first header.This vulnerability is similar to CVE-2020-10108...
Cross-site Scripting (XSS)
wordpress is vulnerable to cross-site scripting XSS. The vulnerability exists as wpksesbadprotocol fails to validate that uri attributes do not contain invalid/or unauthorized protocols...
Arbitrary Code Execution
mozilla firefox is vulnerable to arbitrary code execution. Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion...
Information Disclosure
OpenJDK is vulnerable to information disclosure. The vulnerability exists through the use of unsafe RSA-MD5 checkum in Kerberos TGS...
Timing Attack
symfony/symfony is vulnerable to timing attack. When checking the signature of an URI an ESI fragment URL for instance, the URISigner did not used a constant time string comparison function, allowing a remote attacker to guess the URI by analyzing the server response time...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists through a memory leak in registerqueuekobjects in net/core/net-sysfs.c...
Denial Of Service (DoS)
Mozilla Firefox is vulnerable to denial of service DoS. The attack exists because it causes a Stack buffer overflow in WebRTC networking...
Denial Of Service (DoS)
OpenJDK is vulnerable to denial of service DoS. The vulnerability exists through an Integer overflow in bounds check in SunGraphics2D...
XML External Entity (XXE)
DiffPlug Spotless is vulnerable to XML external entities XXE. The XML formatter has resolveExternalURI setting to true by default and it loads external DTD...
Denial Of Service (DoS)
nginx HTTP/2 is vulnerable to denial of service DoS. It does not prevent the attacker from creating multiple request streams and flooding using PRIORITY frames continuously in a way that causes substantial churn to the priority tree, causing an excessive resource consumption...
Same-origin Policy Violation
Mozilla Firefox is vulnerable to same-origin policy violation. The vulnerability exists due to an error in how same-origin policy which allows an attacker to data theft...
Denial Of Service (DoS)
sqlite3 is vulnerable to denial of service. A divide-by-zero bug in the whereLoopAddBtreeIndex function allows an attacker to crash the application...
Safer Restriction Bypass
Ghostscript is vulnerable to safer restriction bypass. The attack is possible due to a flaw of exposing .forceput through .pdfhookDSCCreator when hooking errors, allowing an attacker to bypass the -dSAFER restrictions by sending a malicious PostScript file...
Arbitrary Code Execution
php is vulnerable to arbitrary code execution. A heap-based buffer over-read in the mbstring regular expression functions allows an attacker to execute arbitrary code on the system...
Denial Of Service (DoS)
mysql is vulnerable to Denial of Service DoS. The vulnerability exists as Server Replication has an unspecified vulnerability causing an application crash...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists through a heap address information leak while using L2CAPPARSECONFRSP...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists through vfio DMA mappings...
Denial Of Service (DoS)
libopenjpeg.so is vulnerable to denial of service DoS. The functions pinextpcrl, pinextcprl, and pinextrpcl in openmj2/pi.c cause Division-by-zero error, leading to an application crash...
Directory Traversal
pip is vulnerable to directory traversal. During installation of a remote package via pip install , a malicious server can send a Content-Disposition header containing ../ to join the temporary directory and the filename as download path, which allows for arbitrary file write and potentially code...
Improper Signature Validation
Ruby is vulnerable to improper signature validation vulnerability. This occurs in the tarball in package.rb which allows to install mis-signed gem...
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of service attacks. A remote authenticated attacker could exploit a flaw in the Storage Engines component to cause denial of service conditions...
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of service attacks. A remote authenticated attacker could exploit a flaw in the Memcached component to cause denial of service conditions...
Information Disclosure
Linux kernel is vulnerable to information disclosure vulnerability. This is because Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. A privileged user could read some memory contents...
Denial Of Service (DoS)
Oniguruma is vulnerable to denial-of-service attacks. A remote unauthenticated attacker could exploit the flawed function leftadjustcharhead of the component Regular Expressionresult causing an invalid pointer dereference resulting in denial-of-service conditions...
Denial Of Service (DoS)
PHP is vulnerable to denial of serviceDoS attacks. This is because the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function which could lead to a crash of the PHP interpreter...
Denial Of Service (DoS)
PHP is vulnerable to denial of service DoS attacks. The vulnerability exists in the ext/intl/msgformat/msgformatformat.c in PHP. Remote attackers could cause a denial of service or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument...
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Client programs component which leads to unauthorized attacker to cause a hang or frequently repeatable crash complete DoS...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service DoS attacks. The vulnerability exists in the Linux kernel Virtualization Module CONFIGKVM for the Intel processor family CONFIGKVMINTEL when a guest was to flood the I/O port 0x80 with write requests leading to a crash in the host kernel...
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of service attacks. A remote authenticated user with low privileges could compromise MySQL Server via multiple protocols resulting in a system crash. Affected is the component DDL...
NULL Pointer Dereference
Linux kernel is vulnerable to NULL pointer dereference attacks. This is due to mishandling of node-splitting in assocarray implementation in assocarrayinsertintoterminalnode function in lib/assocarray.c. A local users could cause a denial of service via a crafted application, as demonstrated by t...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of serviceDoS attacks. The vulnerability exists in the ip6find1stfragopt function in net/ipv6/outputcore.c. A remote attacker could cause integer overflows by leveraging the ability to open a raw socket which results in application crash...
Denial Of Service (DoS)
Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Information Disclosure
Pidgin is vulnerable to information disclosure. A remote unauthenticated attacker could exploit the vulnerable XMPP Message Handler component and obtain sensitive information from process memory via a crafted XMPP message...
Use-After-Free
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in keyrejectandlink an uninitialised variable would eventually lead to arbitrary free...
Information Disclosure
mysql is vulnerable to information disclosure vulnerability. Remote authenticated users could affect integrity via vectors related to Server: InnoDB Plugin...
Privilege Escalation
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially...
Out-of-bounds Read
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Denial Of Service (DoS)
nginx is vulnerable to denial of service DoS. The vulnerability exists through a null pointer dereference flaw when saving client request body to a temporary file...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking packet loss by setting an invalid M...
Denial Of Service (DoS)
mysql is vulnerable to denial of service DoS attacks. An unspecified vulnerability allows an local users to affect availability via vectors related to DML causing the application to crash...
Sensitive Information Disclosure
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Information Disclosure
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...
Cross-site Scripting (XSS)
jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...
Information Disclosure
libvirt is vulnerable to information disclosure. It was discovered that the virDomainSnapshotGetXMLDesc and virDomainSaveImageGetXMLDesc functions did not sufficiently limit the usage of the VIRDOMAINXMLSECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a...
Use-After-Free
kernel-rt is vulnerable to use-after-free. The vulnerability exists in sctpassocupdate function in net/sctp/associola.c which allows an attacker to cause a memory corruption resulting an application crash...