Denial Of Service (DoS)

ceph is vulnerable to denial of service. A NULL pointer exception allows an attacker to crash the RGW process via a malicious tagging XML...

Denial Of Service (DoS)

exim is vulnerable to denial of service. The vulnerability exists due to a Use After Free in smtpreset in certain situations that may be common for builds with OpenSSL...

Remote Code Execution (RCE)

exiv2 is vulnerable to remote code execution. The vulnerability exists due to a heap overflow in the writing function...

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists due to insufficient data validation that allows a remote attacker to leak cross-origin data via a crafted HTML page...

Remote Code Execution (RCE)

webkit2gtk is vulnerable to remote code execution. The vulnerability exists due to a use after free issue which is processed from a crafted web content...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a use after free in navigation...

Privilege Escalation

chromium is vulnerable to privilege escalation. Inappropriate implementation in Network allows an attacker to perform an action which is otherwise not permitted...

Denial Of Service (DoS)

github.com/containers/storage/commit is vulnerable to Denial Of Service DoS. The decompression functionality allows an attacker to crash the application by pulling in malicious tools that resembles podman or cri-o during container image pulls...

Privilege Escalation

kernel-rt is vulnerable to privilege escalation. The vulnerability exists due to an out-of-bounds read in the Linux kernel drivers/scsi/scsitransportiscsi.c which is adversely affected by the ability of an unprivileged user to craft Netlink messages...

Heap Buffer Overflow

A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser...

Privilege Escalation

linux is vulnerable to privilege escalation. RM Memory Management Double Free Privilege Escalation Vulnerability...

Regular Expression Denial Of Service (ReDoS)

hosted-git-info is vulnerable to regular expression denial of service ReDoS. An attacker can provide a malicious string via shortcutMatch in the function fromUrl in index.js to crash the application...

Regular Expression Denial Of Service (ReDos)

xstream is vulnerable to regular expression denial of service. A remote attacker is able to occupy a thread that consumes excessive CPU resources for long period of time...

Denial Of Service (DoS)

qemu is vulnerable to denial of service DoS. A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on...

Denial Of Service (DoS)

json-smart is vulnerable to denial of service DoS attacks. An unhandled NumberFormatException thrown from the function extractFloat in JSONParserBase.java allows a remote attacker to crash programs or leak sensitive information...

Authorization Bypass

moodle/moodle is vulnerable to authorization bypass. When creating a user account, it was possible to verify the account without having access to the verification email link/secret...

Out-of-bounds Write

kernel is vulnerable to out-of-bounds write. The vulnerability exists in set of files which allows an attacker to make out-of-bounds writes...

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. An attacker is able to manipulate the processed input stream and replace or inject objects which would result in the execution of arbitrary code loaded from a remote server...

Out-of-Bounds Access

openjpeg is vulnerable to out-of-bounds write. An attacker is able to inject a malicious input during conversion and encoding, causing an out-of-bounds write...

Information Disclosure

tomcat-coyote is vulnerable to information leakage. When responding to new h2c connection requests, a request mix-up occurs with h2c as the request headers and a limited amount of request body is duplicated from one request to another, resulting in the request being seen by another user...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS. It is possible because of a NULL-ptr deref in the spkttyioreceivebuf2 function in spkttyio.c...

DNS Rebinding

nodejs is vulnerable to DNS rebinding attacks. The vulnerability exists in the inspector component allowing an attacker to bypass the DNS rebinding protection if the, said attacker controls the victim's DNS server or can spoof its responses...

Heap Buffer Overflow

BusyBox is vulnerable to heap-based buffer overflow in the DHCP client udhcpc. It allows remote attackers to have unspecified impact via vectors involving OPTION6RD parsing...

Privilege Escalation

Qemu is vulnerable to privilege escalation attack. A race condition flaw was found in the 9pfs server implementation of QEMU. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability i...

Remote Code Execution (RCE)

mariadb is vulnerable to remote code execution. The vulnerability exist due to an incorrect security descriptor...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. An incorrect umask configuration during file or directory modification in the way user create and delete object using NFSv4.2 or newer, if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2, allows a user with access...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A use-after-free error in the Fonts component allows a remote attacker to execute arbitrary code on the target system when the victim visits a malicious web page...

Denial Of Service (DoS)

privoxy is vulnerable to denial of service. A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self...

Arbitrary Code Execution

github.com/golang/go is vulnerable to arbitrary code execution. The go command may execute arbitrary code at build time when users have “.” listed explicitly in their PATH and are running “go get” or build commands outside of a module or with module mode disabled...

Information Disclosure

jenkins-2-plugins is vulnerable to information disclosure. The vulnerability exists as low-privilege users can access Jenkins controller environment variables...

DNS Cache Poisoning

dnsmasq is vulnerable to DNS cache poisoning. The vulnerability exists when getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak CRC32 hash of the query name...

Directory Traversal

flink-runtime in vulnerable to Directory Traversal. An attacker is able to read any file accessible by the JobManager process on the local filesystem of the JobManager through the RES interface of the JobManager process...

Denial Of Service(DoS)

lldpd is denial of serviceDoS. The buffer overflow in the lldpdecode function in daemon/protocols/lldp.c...

Phishing Attacks

curl is vulnerable to phishing attacks. malicious server can redirect FTP to malicious host via PASV reponse...

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists in the ReadBMPImage function of the coders/bmp.c due to the infinite loop, allowing a malicious user to crash the application via a crafted bmp file...

Denial Of Service (DoS)

qemu is vulnerable to denial of service DoS. The vulnerability exists in hw/pci/msix.c, allowing a malicious user to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation...

Cross Site Request Forgery (CSRF)

GnuPG is vulnerable to Cross Site Request Forgery CSRF, Information Disclosure and DoS. The attack is possible when a victim performs a web key directory request...

Denial Of Service (DoS)

Artifex Software GhostScript is vulnerable to denial of service attacks. A remote attacker could cause buffer overflows in mjcolorcorrect in contrib/japanese/gdevmjc.c via a crafted PDF file resulting in denial of service conditions...

Privilege Escalation

linux kernel is vulnerable to privilege escalation. A local attacker with monitor perf events permissions is able to corrupt memory and obtain higher privileges...

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists through hw/usb/hcd-ohci.c due to an infinite loop when a TD list has a loop allowing an attacker to cause an application crash...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service. Local attackers are able to inject conntrack netlink configuration to overflow a local buffer and cause a crash in ctnetlinkparsetuplefilter in net/netfilter/nfconntracknetlink.c...

Denial Of Service (DoS)

nss is vulnerable to denial of service DoS. The vulnerability exists through the way NSS handled CCS ChangeCipherSpec messages in TLS 1.3...

Denial Of Service (DoS)

Node.js is vulnerable to Denial of Service. An attacker may trigger Denial of Service by sending DNS request and getting the application to resolve a DNS record with a larger number of response...

Information Disclosure

php is vulnerable to information disclosure. The vulnerability exists as the DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte...

Privilege Escalation

Moodle is vulnerable to privilege escalation. Users students are able to add entries within groups they do not belong to...

Information Disclosure

firefox is vulnerable to information disclosure. When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function takes a variable amount of time depending on the content of the underlying image. This can result in potential cross-origin information...

Arbitrary Code Execution

chakracore is vulnerable to arbitrary code execution. A memory corruption vulnerability allows an attacker to execute arbitrary code on the host OS. This CVE ID is different from CVE-2020-17048...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists due to a memory leak in the rtl8xxxusubmitinturb function which allows an attacker to crash the kernel...

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. The vulnerability exists when specifying series alias such as test data or elastic search, which allows special characters, caused by the bs-typeahead directive that evals the select options passed to it...

Information Disclosure

guava is vulnerable to Information Disclosure. A folder with insecure permissions is created by the function com.google.common.io.Files.createTempDir. A local user will be able to steal secrets stored in this directory...