38326 matches found
Denial Of Service (DoS)
JHEAD is vulnerable to denial of service. The vulnerability exists due to a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections allowing an attacker to crash the system with a maliciously crafted jpeg image...
Denial Of Service (DoS)
openexr is vulnerable to denial of service.The vulnerability exists in CompositeDeepScanLine::setFrameBuffer function of ImfCompositeDeepScanLine.cpp due to a heap-based buffer overflow which allows an attacker to crash the application via malicious input...
Denial Of Service (DoS)
wireshark:edge is vulnerable to denial of service. Crash in the RFC 7468 dissector allows denial of service via packet injection or crafted capture file...
Insecure Cryptography
cryptsetup is vulnerable to insecure cryptography. A malicious attacker can modify on-disk metadata to simulate decryption in progress with crashed reencryption step and persistently decrypt part of the LUKS device...
Remote Code Execution (RCE)
vim is vulnerable to remote code execution. The vulnerability exists due to a use-after-free allowing an attacker to execute malicious code in the system...
Denial Of Service (DoS)
systemd is vulnerable to denial of service DoS attacks. An uncontrolled recursion in systemd-tmpfiles may lead to denial of service at boot time...
Out-of-bounds Memory Access When Inserting Text In Edit Mode
firefox is vulnerable to Out of bounds Access. An attacker is able to exploit the vulnerability by inserting text in Edit mode...
Denial Of Service (DoS)
thunderbird and firefox are vulnerable denial of service. The vulnerability exists due to a GC Rooting Failure When Calling Wasm Instance Methods...
Denial Of Service (DoS)
Insufficient access control in the IntelR PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access...
Cross-Site Scripting (XSS)
ckeditor4 is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of HTML in the Advance Content Filter ACF module which allows an attacker to inject maliciously crafted HTML containing Javascript code...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. Uncontrolled resource consumption in some IntelR Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. An uncontrolled resource consumption in some IntelR...
Privilege Escalation
samba is vulnerable to escalation of privilege. The vulnerability exists due to the lack of sanitization of user's authorization when RODC read-only domain controller is used when printing administration ticket...
Improper Input Validation
pip suffers from improper input validation. The library does not properly handle unicode separators in git references. An attacker can use this flaw to install a different revision on a repository...
Privilege Escalation
chrome is vulnerable to privilege escalation. The vulnerability exists due to a type confusion in the v8 component in chrome...
Directory Traversal
babel is vulnerable to directory traversal. The library does not clean the locale identifiers properly before loading from file, allowing a malicious user to load arbitrary locale .dat files...
Denial Of Service (DoS)
rh-mysql80-mysql is vulnerable to denial of service. An attacker can crash the application via the Server: Optimizer component...
Business Logic Flaws
rustc has a business logic flaw. The vulnerability exists due to the iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess...
Denial Of Service (DoS)
chromium is vulnerable to denial of service. An attacker is able to crash the system by exploiting a heap corruption via a maliciously crafted HTML page...
Denial Of Service (DoS)
Redis is vulnerable to denial of service. An attacker may exploit the vulnerability by injecting a malicious requests over multiple connections can cause the server to allocate significant amount of memory causing it to crash...
Denial Of Service (DoS)
Redis is vulnerable to denial of service. An integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very larg...
Bypass Of Secure Validation
Apache Santuario is vulnerable to bypass of secure validation. Lack of secure handling of secureValidation property allows an attacker to abuse an XPath Transform and to extract any local .xml files in a RetrievalMethod element during the creation of a KeyInfo from a KeyInfoReference element...
Denial Of Service(DoS)
netty-codec is vulnerable to denial of service. The vulnerability exists due to lack of allocation size restriction on the decompressed output data in the Bzip2 decompression decoder function, leading to an OOME...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The vulnerability exists due to the system allowing OS users to cause host OS memory corruption via rtasargs.nargs...
Remote Code Execution (RCE)
@npmcli/arborist is vulnerable to remote code execution. The vulnerability exists due to a symlink dependency where an attacker is able to create arbitrary contents to be written to any location on the filesystem...
Denial Of Service
qemu is vulnerable to denial of service. The vulnerability exists when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full, a malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash of QEMU...
Denial Of Service (DoS)
go is vulnerable to Denial Of Service DoS. The vulnerability exists due to a race condition where the system is trying to access the same resources leading to denial of service...
Remote Code Execution (RCE)
webkit2gtk is vulnerable to remote code execution. The vulnerability exists due to a use-after-free vulnerability exists in WebKitGTK browser...
Denial Of Service (DoS)
sshd-core is vulnerable to denial of service. SFTP and port forwarding feature of the library allows an attacker to send maximum data to cause the boundary overflow on BufferedIoOutputStream writing, causing an OutOfMemory error...
Denial Of Service (DoS)
openexr:stretch is vulnerable to denial of service. An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEX. An attacker could use this flaw to crash an application compiled with OpenEXR...
Information Disclosure
libvirt is vulnerable to information disclosure. An attacker is able to access files of other users when the system generates SELiinux MCS category pairs for VMs' dynamic labels...
Denial Of Service (DoS)
cxf-rt-rs-json-basic is vulnerable to denial of service. An attacker is able to cause a thread to be stuck in an infinite loop due to an insecure parsing of JSON in JsonMapObjectReaderWriter...
Denial Of Service (DoS)
linux kernel is vulnerable to denial of service. The vulnerability exists due to a NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality...
Arbitrary Code Execution
unbound is vulnerable to arbitrary code execution. An integer overflow in the regional allocator via the ALIGNUP macro allows an attacker to execute arbitrary code on the host OS...
Information Disclosure
bouncycastle is vulnerable to information disclosure. The vulnerability exists due to a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...
Denial Of Service (DoS)
trousers is vulnerable to denial of service. The vulnerability exists when daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks which allows the tss user to create or corrupt existing files, which could possibly lead to a DoS attack...
Denial Of Service (DoS)
usbsgcancel in drivers/usb/core/message.c in the Linux kernel has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. A use-after-free flaw was found in usbsgcancel in drivers/usb/core/message.c in the USB core subsystem. This flaw allows a local attacker with a...
Insecure Deserialization
wire allows insecure deserialization. The way the type information is handled in its serialization format allows an attacker to pass malicious payloads a different type for the receiving end to the deserializer and potentially cause unexpected application behavior...
Remote Code Execution (RCE)
graphviz is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by loading a malicious file into the lib/common/shapes.c component...
Denial Of Service (DoS)
lz4 is vulnerable to denial of service. An integer overflow occurs when one of the memmove arguments is set to negative, resulting in an application crash...
Information Disclosure
samba is vulnerable to information disclosure. The vulnerability exists due to a flaw that could allow an attacker to read data beyond the end of the array...
Directory Traversal
babel is vulnerable to directory traversal. The vulnerability allows an attacker to load arbitrary locale .dat files which contain serialized Python objects. This can potentially lead to arbitrary code execution If an attacker is able to load a malicious local .dat file through Babel.Locale...
Information Disclosure
chromium is vulnerable to information disclosure. The vulnerability exists due to insufficient data validation that allows a remote attacker to leak cross-origin data via a crafted HTML page...
Use After Free
webkit2gtk is vulnerable to a use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution...
Regular Expression Denial Of Service (ReDoS)
hosted-git-info is vulnerable to regular expression denial of service ReDoS. An attacker can provide a malicious string via shortcutMatch in the function fromUrl in index.js to crash the application...
Regular Expression Denial Of Service (ReDos)
xstream is vulnerable to regular expression denial of service. A remote attacker is able to occupy a thread that consumes excessive CPU resources for long period of time...
Regular Expression Denial Of Service (ReDoS)
ua-parser-js is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability by sending a malicious User-Agent header under the device type causing the system to process the header for an extended period of time...
Denial Of Service (DoS)
json-smart is vulnerable to denial of service DoS attacks. An unhandled NumberFormatException thrown from the function extractFloat in JSONParserBase.java allows a remote attacker to crash programs or leak sensitive information...
Authorization Bypass
moodle/moodle is vulnerable to authorization bypass. When creating a user account, it was possible to verify the account without having access to the verification email link/secret...
Remote Code Execution (RCE)
xstream is vulnerable to remote code execution. An attacker is able to manipulate the processed input stream and replace or inject objects which would result in the execution of arbitrary code loaded from a remote server...
Out-of-Bounds Access
openjpeg is vulnerable to out-of-bounds write. An attacker is able to inject a malicious input during conversion and encoding, causing an out-of-bounds write...