Denial Of Service (DoS)

openjdk is vulnerable to Denial of Service DoS. A remote attacker is able to cause a partial denial of service conditions resulting in application crashes...

Remote Code Execution(RCE)

libxpm is vulnerable to Remote Code ExecutionRCE. When processing .Z or .gz file extensions, the library calls external programs to compress and uncompress files. This could allow a malicious user to execute other programs by manipulating the PATH environment variable...

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution due to improper input validation leading to memory corruption causing the application to halt, crash, or arbitrary code execution...

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution which occurs when processing maliciously crafted HTML content in WebKit allowing a remote attacker to trick the victim into visiting a specially crafted website,...

Remote Code Execution

xwayland is vulnerable to remote code execution. The handler for the ScreenSaverSetAttributes request may write to memory after it has been freed leading to local privileges elevation on systems where the server is running privileged and remote code execution for ssh X forwarding sessions...

Authorization Bypass

xen is vulnerable to authorization bypass. The vulnerability exists while adding logic to support XDP eXpress Data Path, allowing for SKBs having references pointers retained for further processing to nevertheless be freed...

Remote Code Execution (RCE)

heimdal is vulnerable to remote code execution. The vulnerability exists due to an invalid free in ASN.1 codec which allows an attacker to inject and execute arbitrary codes into the system...

Information Disclosure

H2 Database Engine is vulnerable to information disclosure. The vulnerability is caused by the webAdminPassword argument, which allows an administrator to specify the password in plaintext. An attacker can get the password for the H2 web admin console by looking at the running processes...

Information Disclosure

Postgresql JDBC Driver is vulnerable to Information Disclosure. The vulnerability exists due to StreamWrapper parameterized constructor in StreamWrapper.java creating a temporary file if the InputStream is larger than 51200 bytes which allows an attacker to read the file due to incorrect file...

Information Disclosure

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Optimizer component, allowing attackers to cause an application crash and modify the critical data or all MySQL Server accessible data through multiple protocols...

Type Confusion

chromium is vulnerable to type confusion. The vulnerability exists in V8 in Google Chrome which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Optimizer component, allowing an attacker to cause an application crash and modify some MySQL Server accessible data through the multiple protocols...

Arbitrary Code Execution

badaso/core is vulnerable to arbitrary code executions. The vulnerability is due to the application not properly validating the data uploaded by users which allows an attacker to perform arbitrary code execution...

Denial Of Service (DoS)

go is vulnerable to denial of service DoS attacks. A remote attacker is able to allocate unbounded amounts of memory using Reader.Read via passing a maliciously crafted archive, causing a system crash due to resource exhaustion...

Denial Of Service (DoS)

Linux is vulnerable to denial of service.The vulnerability exists in xfrmexpandpolicies in net/xfrm/xfrmpolicy.c that would cause a refcount to be dropped twice resulting in an application crash...

Command Injection

snyk-go-plugin is vulnerable to command injection. The vulnerability exists in execute function of sub-process.js because shell for child processes is not properly disabled which allows an attacker to run arbitrary commands on the host system...

Server-Side Request Forgery

org.apache.xmlgraphics:batik-bridge is vulnerable to server-side request forgery. The vulnerability exists in the createImageGraphicsNode function in SVGImageElementBridge.java because the function logic does not properly restrict external resources, which allows remote attackers to cause SSRF...

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to heap based overflow in inscompladd of insexpand.c which allows an attacker to cause an application crash...

SQL Injection

loopback-connector-postgresql is vulnerable to sql injection attacks. The vulnerability exists in buildExpression function in postgresql.js because the user provided inputs for contains loopback filter are not properly sanitized which allows an attacker to inject and execute arbitrary sql command...

Denial Of Service (DoS)

undertow is vulnerable to Denial Of Service DoS. The vulnerability exists in read function in AjpServerRequestConduit.java because the exceptions are not handled properly for large AJP requests which allows an attacker to send a malicious request and trigger server errors causing an application...

Directory Traversal

rsync is vulnerable to Directory Traversal. The vulnerability exists due to a lack of validation of file names allowed, allowing a malicious rsync server or Man-in-The-Middle attacker to overwrite arbitrary files in the rsync client target directory and subdirectories...

Out-Of-Bounds Read

vim:sid is vulnerable to out of bounds read. A remote attacker is able to perform out of bound reads...

Heap-based Buffer Overflow

vim is vulnerable to heap-based buffer overflow. An out-of-bounds write vulnerability in vimregsubboth function in the src/regexp.c file allows remote attackers to cause an application crash, possibly reading and modifying some amount of memory contents...

Denial Of Service

libtiff.so is vulnerable to denial of service DoS attacks. A malicious user is able to cause denial of service conditions via a crafted TIFF file through TIFFVGetField function, resulting in an application crash...

Privilege Escalation

Zulip is vulnerable to Privilege Escalation. An attacker may exploit the vulnerability by sending a maliciously crafted API call that grants administrator privileges to a bot in control...

Remote Code Execution

flysystem is vulnerable to remote code execution. An attacker is able to upload and execute malicious code on the system under attack via the component File Handler...

Privilege Escalation

gafana is vulnerable to privilege escalation. An attacker can take over another user's account in the grafana instance by supplying a login name through the specified OAuth IdP when the attacker's external user id is linked to a grafana account, and the attacker knows the grafana user name of the...

Information Disclosure

opensshkeyparser is vulnerable to information disclosure. The vulnerability exists in readfixedbytes function in pascalstylebytestream.py because the exception message is not properly handled which allows an attacker to gain access to view and modify the length of a raw field value of a key...

Information Disclosure

guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists in serveral functions in RedirectMiddleware.php because the change in port is not considered a change in origin when sending requests with header files which allows an attacker to gain access to sensitive header...

Remote Code Execution (RCE)

watertools is vulnerable to remote code execution. When the package is installed, it opens a malicious backdoor in the package allowing an attacker to inject and execute arbitrary codes and gain access to sensitive user information and digital currency keys as well as escalate privileges...

Type Confusion

chromium is vulnerable to type confusion. A remote attacker is able to cause type confusion attacks through heap corruption in v8 module via a crafted HTML page...

Use After Free

A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev commit b5f1eacd and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Denial Of Service (DoS)

busybox is vulnerable denial of service. The vulnerability exists due to a NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...

Information Disclosure

intel-microcode is vulnerable to information disclosure. Incomplete cleanup of microarchitectural fill buffers allow an authenticated attacker to potentially enable information disclosure via local access...

Use-After-Free

vim is vulnerable to Use After Free. The vulnerability exists due to a memory corruption in the system which allows an attacker to cause an application crash...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization to the input size allowing an attacker to crash the system via a malicious request to a lua script that calls r:parsebody0...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters...

Type Confusion

chromium is vulnerable to type confusion. Heap corruption via a crafted HTML page allows remote attackers to obtain confidential user information by accessing restricted resources using type confusion attacks...

Privilege Escalation

cups is vulnerable to privilege escalation. The vulnerability exists due to gain elevated privileges which allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key...

Information Disclosure

strapi is vulnerable to information disclosure. A remote authenticated attacker with access to the Strapi admin panel is able to gain access to private and sensitive data, such as email and password reset tokens and compromise other users’ accounts by successfully invoking the password reset...

Command Injection

fribidi is vulnerable to command injection. The vulnerability exists in fribidi which allows an attacker to inject and execute arbitrary codes...

Information Disclosure

eventsource is vulnerable to information disclosure. The vulnerability exists in few function in eventsource.js due to the leakage of cookies and authorization headers to external sites which allows an attacker to steal user credentials and perform unauthorized actions...

Denial Of Service (DoS)

linux-gkeop is vulnerable to denial of service. A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udffilewriteiter function for the malicious UDF image. A local user could use this flaw to crash the system...

Access Control Bypass

ceph is vulnerable to access control bypass. The vulnerability exists due to a flaw which allows key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

Denial Of Service (DoS)

Spring Security OAuth is vulnerable to denial of service. The vulnerability exists due to a lack of restriction of the number of request initiating the Authorization Request for the Authorization Code Grant allowing an attacker to exhaust the system resources sending multiple requests with a sing...

Privilege Escalation

jenkins-2-plugins is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of the path allowing an attacker to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

Use After Free

linux is vulnerable to use-after-free. The vulnerability exists in the Linux Kernel in "tcnewtfilter" which allows a local attacker to gain privilege escalation which can lead to sensitive information disclosure, modification or a potential ddos attack...

Denial Of Service (DoS)

go:edge is vulnerable to denial of service DoS attacks. A malicious user is able to cause an application crash via a large amount of PEM data...

Denial Of Service (DoS)

subversion is vulnerable to denial of service. The vulnerability exists due to a use after free memory corruption...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service. The vulnerability exists due to an integer overflow in xmlmemory.c...