38326 matches found
Information Disclosure
Python is vulnerable to information disclosure. The vulnerability exists because Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...
DNS Rebinding
nodejs is vulnerable to DNS rebinding attacks. The vulnerability exists in the inspector component allowing an attacker to bypass the DNS rebinding protection if the, said attacker controls the victim's DNS server or can spoof its responses...
Heap Buffer Overflow
BusyBox is vulnerable to heap-based buffer overflow in the DHCP client udhcpc. It allows remote attackers to have unspecified impact via vectors involving OPTION6RD parsing...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. An incorrect umask configuration during file or directory modification in the way user create and delete object using NFSv4.2 or newer, if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2, allows a user with access...
Arbitrary Code Execution
github.com/golang/go is vulnerable to arbitrary code execution. The go command may execute arbitrary code at build time when users have “.” listed explicitly in their PATH and are running “go get” or build commands outside of a module or with module mode disabled...
Denial Of Service (DoS)
imagemagick is vulnerable to denial of service DoS. The vulnerability exists through the TIFFSetProfiles function in coders/tiff.c where TIFFGetField return values imply that data validation has occurred...
Denial Of Service(DoS)
lldpd is denial of serviceDoS. The buffer overflow in the lldpdecode function in daemon/protocols/lldp.c...
Denial Of Service (DoS)
libdbi-perl is vulnerable to denial of service. An untrusted pointer dereference allows a local attacker who is able to manipulate calls to dbddblogin6sv, cause a memory corruption and crash the application...
Arbitrary Code Execution
openexr is vulnerable to arbitrary code execution. An invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...
Denial Of Service (DoS)
qemu is vulnerable to denial of service. The vulnerability exists through hw/usb/hcd-ohci.c due to an infinite loop when a TD list has a loop allowing an attacker to cause an application crash...
Privilege Escalation
linux-kvm is vulnerable to privilege escalation. The vulnerability exists as the rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices...
Denial Of Service (DoS)
nsd is vulnerable to denial of service. An attacker is able to overwrite the PID file via a local symlink attack which will cause the application to crash...
Information Disclosure
php is vulnerable to information disclosure. The vulnerability exists as the DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte...
Privilege Escalation
Moodle is vulnerable to privilege escalation. Users students are able to add entries within groups they do not belong to...
DNS Rebinding Attack
firefox is vulnerable to DNS rebinding attack. The vulnerability exists as DNS over HTTPS intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver, and when a IPv4 address was mapped through IPv6...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The vulnerability exists due to a memory leak in the rtl8xxxusubmitinturb function which allows an attacker to crash the kernel...
Information Disclosure
guava is vulnerable to Information Disclosure. A folder with insecure permissions is created by the function com.google.common.io.Files.createTempDir. A local user will be able to steal secrets stored in this directory...
Information Disclosure
OpenJDK is vulnerable to information disclosure. The vulnerability exists through credentials sent over unencrypted LDAP connection...
XML External Entity (XXE)
jackson-databind is vulnerable to XML external entity XXE attack. The external DTDs and doctype declarations not disabled by default and allows an attacker to perform XXE attacks against the application using the library...
Arbitrary Code Execution
kernel is vulnerable to arbitrary code execution. A user-after-free occurs in trymergefreespace in fs/btrfs/free-space-cache.c when mounting malicious btrfs filesystem image and subsequently making a syncfs system call. This could potentially lead to arbitrary code execution on the OS...
Authorization Bypass
apache-ant is vulnerable to authorization bypass. The vulnerabiltiy exists through the mitigation for CVE-2020-1945 has changed the permissions of temporary files it created so that only the current user was allowed to access them, while the fixcrlf task deleted the temporary file and creates a n...
Arbitrary Code Execution
webkitgtk is vulnerable to arbitrary code execution.The attacker execute the maliciously crafted web content to create multiple memory corruption issue lead to arbitrary code execution...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through parsing web content that causes memory corruption...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content multiple memory corruption issues leading to arbitrary code execution...
Arbitrary Code Execution
webkitgtk is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content to cause the multiple memory corruption lead to arbitrary code execution...
Arbitrary Code Execution
webkitgtk is vulnerable to arbitrary code execution. The vulnerability exists through a memory corruption issue...
Arbitrary Code Execution
WebKitGTK+ is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...
Arbitrary Code Execution
WebKitGTK+ is vulnerable to arbitrary code execution. A memory corruption issue allows an attacker to execute arbitrary code on the host OS...
HTTP Request Splitting
squid is vulnerable to HTTP Request Splitting. Insecure parsing of the Transfer-Encoding header allows an attacker to split an HTTP request and perform cache poisoning...
Cross-site Scripting (XSS)
djangorestframework is vulnerable to cross-site scripting XSS. The vulnerability exists as the use of urlizequotedlinks in restframework/templates/restframework/base.html does not sanitize...
Format String Attack
tensorflow is vulnerable to format string attacks. The vulnerability exists as the fill argument of tf.strings.asstring reaches a printf call without sanitization...
Denial Of Service (DoS)
wireshark is vulnerable to denial of service. An attacker is able to crash the MIME Multipart dissector by injecting a malformed packet onto the wire or by convincing a user to read a malicious packet trace file...
Denial Of Service (DoS)
graphicsmagick is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference vulnerability in the function ReadCINEONImage in coders/cineon.c...
Arbitrary Code Execution
ruby is vulnerable to arbitrary code execution. An attacker is able to inject code in the first argument to the command argument to Shell or Shelltest in lib/shell.rb...
Denial Of Service (DoS)
squid is vulnerable to denial of service DoS. The vulnerability exists due to an incorrect input validation, causing a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy...
Privilege Escalation
Linux kernel is vulnerable to privilege escalation. A memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity...
Denial Of Service (DoS)
graphicsmagick:xenial is vulnerable to denial of service DoS. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file...
Denial Of Service (DoS)
chromium-browser is vulnerable to denial of service DoS. SkPath.cpp in Skia, as used in Google Chrome on Windows and OS X and on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service uninitialized memory access and...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service DoS. There is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c...
Man-in-the-Middle (MitM)
activemq-broker is vulnerable to man-in-the-middleMitM attack. It binds the server to jmxrmi entry after creating JMX RMI registry using LocateRegistry.createRegistry, leading to the connection to the registry without authentication and allowing rebinding of jmxrmi to any other entity. Therefore,...
Session Fixation
symphonycms/symphony-2 is vulnerable to session fixation. The vulnerability exists as it does not regenerate the user's PHPSESSID cookie value upon a successful authentication. If a user's PHPSESSID cookie value can be modified by means of application logic or another vulnerability, an attacker...
Server-side Request Forgery (SSRF)
phpBB is vulnerable to server side request forgery SSRF. The vulnerability exists as it does not properly limit the dimensions of images posted, allowing an attacker to use the image dimension check function to send requests on behalf of the server...
Denial Of Service (DoS)
VLC is vulnerable to denial of service DoS. The vulnerability exists as an exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without...
Buffer Over-reads
tcpdump is vulnerable to a buffer over-read. The vulnerability exists due to a flaw in print-fr.c:mfrprint...
Denial Of Service (DoS)
libvirt is vulnerable to denial of service DoS. The vulnerability exists as an issue was discovered in qemuDomainGetStatsIOThread in qemu/qemudriver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving...
Cross-site Scripting (XSS)
webkit2gtk is vulnerable to cross-site scripting XSS. The vulnerability exists as it fail to properly restrict input in web content...
Information Disclosure
openjdk is vulnerable to information disclosure. HostnameChecker does not ensure X.509 certificate names are in normalized form, potentially resulting in an unauthorized read access...
Remote Code Execution
docker is vulnerable to remote code execution. The vulnerability exists due to a security regression of CVE-2019-5736 due to inclusion of vulnerable runc...
Denial Of Service (DoS)
unbound is vulnerable to denial of service DoS. The vulnerability exists due to an incomplete fix for CVE-2020-12662 in RHEL7...
Cross-Site Scripting (XSS)
dijit is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Editor's LinkDialog plugin...