Denial Of Service(DoS)

lldpd is denial of serviceDoS. The buffer overflow in the lldpdecode function in daemon/protocols/lldp.c...

Arbitrary Code Execution

openexr is vulnerable to arbitrary code execution. An invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...

DNS Rebinding Attack

firefox is vulnerable to DNS rebinding attack. The vulnerability exists as DNS over HTTPS intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver, and when a IPv4 address was mapped through IPv6...

Remote Code Execution (RCE)

XStream is vulnerable to remote code execution RCE. The processed stream at unmarshalling time contains type information to recreate the formerly written objects, and new instances are created based on these type information. The vulnerability allows an attacker to manipulate the processed input...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists due to a memory leak in the rtl8xxxusubmitinturb function which allows an attacker to crash the kernel...

Use-after-free

kernel is vulnerable to use-after-free. It is possible because of a flaw in drivers/bluetooth/hcildisc.c...

Information Disclosure

guava is vulnerable to Information Disclosure. A folder with insecure permissions is created by the function com.google.common.io.Files.createTempDir. A local user will be able to steal secrets stored in this directory...

Information Disclosure

OpenJDK is vulnerable to information disclosure. The vulnerability exists through credentials sent over unencrypted LDAP connection...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. A user-after-free occurs in trymergefreespace in fs/btrfs/free-space-cache.c when mounting malicious btrfs filesystem image and subsequently making a syncfs system call. This could potentially lead to arbitrary code execution on the OS...

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution.The attacker execute the maliciously crafted web content to create multiple memory corruption issue lead to arbitrary code execution...

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through parsing web content that causes memory corruption...

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content multiple memory corruption issues leading to arbitrary code execution...

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content to cause the multiple memory corruption lead to arbitrary code execution...

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution. The vulnerability exists through a memory corruption issue...

Information Disclosure

WebKitGTK+ is vulnerable to information disclosure. Processing maliciously crafted web content may result in the disclosure of process memory...

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. A memory corruption issue allows an attacker to execute arbitrary code on the host OS...

Out-of-bounds (OOB) Read/Write

OpenEXR is vulnerable to out-of-bounds read/write. It is possible via std::vector out-of-bounds read and write in ImfTileOffsets.cpp...

Cross-site Scripting (XSS)

djangorestframework is vulnerable to cross-site scripting XSS. The vulnerability exists as the use of urlizequotedlinks in restframework/templates/restframework/base.html does not sanitize...

Format String Attack

tensorflow is vulnerable to format string attacks. The vulnerability exists as the fill argument of tf.strings.asstring reaches a printf call without sanitization...

Arbitrary Code Execution

graphicsmagick is vulnerable to arbitrary code execution. The vulnerability exists through a NULL pointer dereference in the WritePCLImage function in coders/pcl.c during writes of monochrome images...

Denial Of Service (DoS)

squid is vulnerable to denial of service DoS. The vulnerability exists due to an incorrect input validation, causing a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy...

Privilege Escalation

Linux kernel is vulnerable to privilege escalation. A memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity...

Denial Of Service (DoS)

qemu is vulnerable to denial of service DoS. The vulnerability exists through a race condition during file renaming, through v9fswstat in hw/9pfs/9p.c...

Denial Of Service (DoS)

graphicsmagick:xenial is vulnerable to denial of service DoS. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS. There is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c...

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service. A remote attacker is able to cause a denial of service condition by submitting a malicious string that when parsed via the Redmi and Mi Pad regexes, would result in excessive resource consumption...

Man-in-the-Middle (MitM)

activemq-broker is vulnerable to man-in-the-middleMitM attack. It binds the server to jmxrmi entry after creating JMX RMI registry using LocateRegistry.createRegistry, leading to the connection to the registry without authentication and allowing rebinding of jmxrmi to any other entity. Therefore,...

Session Fixation

symphonycms/symphony-2 is vulnerable to session fixation. The vulnerability exists as it does not regenerate the user's PHPSESSID cookie value upon a successful authentication. If a user's PHPSESSID cookie value can be modified by means of application logic or another vulnerability, an attacker...

Arbitrary Code Execution

CVSis vulnerable to arbitrary code execution. When configured to use SSH for remote repositories, a remote attacker is able to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by -oProxyCommand=id;localhost:/bar...

Denial Of Service (DoS)

SQLite is vulnerable to denial of service. An attacker is able to cause a denial of service segmentation fault condition via a malicious window-function query due to a mishandling during the AggInfo object's initialization...

Cross-site Scripting (XSS)

webkit2gtk is vulnerable to cross-site scripting XSS. The vulnerability exists as it fail to properly restrict input in web content...

Denial Of Service (DoS)

github.com/etcd-io/etcd is vulnerable to denial of service. An attacker is able to cause a panic in the decodeRecord method and a denial of service condition in a RAFT participant when decoding the WAL by forging a large frame size...

Information Disclosure

kernel is vulnerable to information disclosure. The prctl function can be used to enable indirect branch speculation even after it has been disabled. This same call will incorrectly report it being 'force disabled' when it is not...

Information Disclosure

jetty-server is vulnerable to information disclosure. An HTTP 431 error occurs when large response headers are received, causing the HTTP response headers to be released to ByteBufferPool twice. This results in a double release and memory corruption and causes confidential information to be...

Remote Code Execution

docker is vulnerable to remote code execution. The vulnerability exists due to a security regression of CVE-2019-5736 due to inclusion of vulnerable runc...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free in block/bfq-iosched.c related to bfqidleslicetimerbody...

Denial Of Service (DoS)

bind is vulnerable to denial of service DoS. The vulnerability exists as a logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c...

Arbitrary Code Execution

commons-configuration2 is vulnerable to arbitrary code execution. The package uses a third-party library that, by default, allows the instantiation of arbitrary classes to parse if the YAML contains special statements. This allows an attacker to execute arbitrary code on the host application if t...

Privilege Escalation

kernel is vulnerable to privilege escalation. The USB monitor driver allows for a local privilege escalation due to an out-od-bounds check...

Denial Of Service (DoS)

curl and libcurl is vulnerable to denial of service DoS. The platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. Memory leaks in the acphwinit function in drivers/gpu/drm/amd/amdgpu/amdgpuacp.c allows an attacker to crash the system...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the b43 driver in the Linux kernel. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially-crafted frame to that interface could cause a denial of...

Denial Of Service (DoS)

kernel is vulnerable to Denial of Service DoS. The vulnerability exists as a flaw was found in the Linux kernel's clock implementation on 32-bit, SMP symmetric multiprocessing systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service...

Privilege Escalation

util-linux is vulnerable to privilege escalation. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems...

Arbitrary Code Execution

ruby is vulnerable to arbitrary code execution. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal...

Arbitrary Code Execution

thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Unspecified Vulnerability

IBM Java Runtime Environment has unspecified vulnerability, allowing remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors...

Denial Of Service (DoS)

kernel is vulnerabel to denial of service. Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service...

Arbitrary Code Execution

gimp is vulnerable to arbitrary code execution. A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause...

Information Disclosure

Kernel is vulnerable to information disclosure. The attack is possible because a flaw in the dccprcvstateprocess function could allow a remote attacker to cause a denial of service, even when the socket was already closed...