38332 matches found
Denial Of Service (DoS)
ImageMagick is vulnerable to denial of service DoS. An attacker is able to send a malicious file to trigger undefined behavior in the form of math division by zero...
Cross-Site Scripting (XSS)
nanohttpd is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser via the GeneralHandler class that implements a basic GET handler which prints debug information as an HTML page...
Information Disclosure
Python is vulnerable to information disclosure. The vulnerability exists because Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...
Heap Buffer Overflow
BusyBox is vulnerable to heap-based buffer overflow in the DHCP client udhcpc. It allows remote attackers to have unspecified impact via vectors involving OPTION6RD parsing...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. An incorrect umask configuration during file or directory modification in the way user create and delete object using NFSv4.2 or newer, if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2, allows a user with access...
Denial Of Service (DoS)
imagemagick is vulnerable to denial of service DoS. The vulnerability exists through the TIFFSetProfiles function in coders/tiff.c where TIFFGetField return values imply that data validation has occurred...
Denial Of Service(DoS)
lldpd is denial of serviceDoS. The buffer overflow in the lldpdecode function in daemon/protocols/lldp.c...
Denial Of Service (DoS)
libdbi-perl is vulnerable to denial of service. An untrusted pointer dereference allows a local attacker who is able to manipulate calls to dbddblogin6sv, cause a memory corruption and crash the application...
Arbitrary Code Execution
openexr is vulnerable to arbitrary code execution. An invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...
Denial Of Service (DoS)
qemu is vulnerable to denial of service. The vulnerability exists through hw/usb/hcd-ohci.c due to an infinite loop when a TD list has a loop allowing an attacker to cause an application crash...
Privilege Escalation
linux-kvm is vulnerable to privilege escalation. The vulnerability exists as the rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices...
Denial Of Service (DoS)
nsd is vulnerable to denial of service. An attacker is able to overwrite the PID file via a local symlink attack which will cause the application to crash...
Information Disclosure
php is vulnerable to information disclosure. The vulnerability exists as the DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte...
Privilege Escalation
Moodle is vulnerable to privilege escalation. Users students are able to add entries within groups they do not belong to...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The vulnerability exists due to a memory leak in the rtl8xxxusubmitinturb function which allows an attacker to crash the kernel...
Information Disclosure
guava is vulnerable to Information Disclosure. A folder with insecure permissions is created by the function com.google.common.io.Files.createTempDir. A local user will be able to steal secrets stored in this directory...
Information Disclosure
OpenJDK is vulnerable to information disclosure. The vulnerability exists through credentials sent over unencrypted LDAP connection...
Arbitrary Code Execution
kernel is vulnerable to arbitrary code execution. A user-after-free occurs in trymergefreespace in fs/btrfs/free-space-cache.c when mounting malicious btrfs filesystem image and subsequently making a syncfs system call. This could potentially lead to arbitrary code execution on the OS...
Authorization Bypass
apache-ant is vulnerable to authorization bypass. The vulnerabiltiy exists through the mitigation for CVE-2020-1945 has changed the permissions of temporary files it created so that only the current user was allowed to access them, while the fixcrlf task deleted the temporary file and creates a n...
Arbitrary Code Execution
webkitgtk is vulnerable to arbitrary code execution.The attacker execute the maliciously crafted web content to create multiple memory corruption issue lead to arbitrary code execution...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through parsing web content that causes memory corruption...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content multiple memory corruption issues leading to arbitrary code execution...
Arbitrary Code Execution
webkitgtk is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content to cause the multiple memory corruption lead to arbitrary code execution...
Arbitrary Code Execution
webkitgtk is vulnerable to arbitrary code execution. The vulnerability exists through a memory corruption issue...
Arbitrary Code Execution
WebKitGTK+ is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...
Arbitrary Code Execution
WebKitGTK+ is vulnerable to arbitrary code execution. A memory corruption issue allows an attacker to execute arbitrary code on the host OS...
Cross-site Scripting (XSS)
djangorestframework is vulnerable to cross-site scripting XSS. The vulnerability exists as the use of urlizequotedlinks in restframework/templates/restframework/base.html does not sanitize...
Format String Attack
tensorflow is vulnerable to format string attacks. The vulnerability exists as the fill argument of tf.strings.asstring reaches a printf call without sanitization...
Denial Of Service (DoS)
wireshark is vulnerable to denial of service. An attacker is able to crash the MIME Multipart dissector by injecting a malformed packet onto the wire or by convincing a user to read a malicious packet trace file...
Arbitrary Code Execution
ruby is vulnerable to arbitrary code execution. An attacker is able to inject code in the first argument to the command argument to Shell or Shelltest in lib/shell.rb...
Denial Of Service (DoS)
squid is vulnerable to denial of service DoS. The vulnerability exists due to an incorrect input validation, causing a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy...
Privilege Escalation
Linux kernel is vulnerable to privilege escalation. A memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity...
Denial Of Service (DoS)
graphicsmagick:xenial is vulnerable to denial of service DoS. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file...
Denial Of Service (DoS)
chromium-browser is vulnerable to denial of service DoS. SkPath.cpp in Skia, as used in Google Chrome on Windows and OS X and on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service uninitialized memory access and...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service DoS. There is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c...
Session Fixation
symphonycms/symphony-2 is vulnerable to session fixation. The vulnerability exists as it does not regenerate the user's PHPSESSID cookie value upon a successful authentication. If a user's PHPSESSID cookie value can be modified by means of application logic or another vulnerability, an attacker...
Buffer Over-reads
tcpdump is vulnerable to a buffer over-read. The vulnerability exists due to a flaw in print-fr.c:mfrprint...
Denial Of Service (DoS)
libvirt is vulnerable to denial of service DoS. The vulnerability exists as an issue was discovered in qemuDomainGetStatsIOThread in qemu/qemudriver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving...
Cross-site Scripting (XSS)
webkit2gtk is vulnerable to cross-site scripting XSS. The vulnerability exists as it fail to properly restrict input in web content...
Information Disclosure
openjdk is vulnerable to information disclosure. HostnameChecker does not ensure X.509 certificate names are in normalized form, potentially resulting in an unauthorized read access...
Remote Code Execution
docker is vulnerable to remote code execution. The vulnerability exists due to a security regression of CVE-2019-5736 due to inclusion of vulnerable runc...
Cross-Site Scripting (XSS)
dijit is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Editor's LinkDialog plugin...
Remote Code Execution
jackson-databind is vulnerable to remote code execution. It was possible to use the apache-drill gadget type as a serialization gadget through polymorphic typing and execute arbitrary code on the system...
Remote Code Execution (RCE)
jackson-databind is vulnerable to deserialization of untrusted data that can lead to remote code execution. It is possible because the untrusted class com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool was not filtered by default from the interaction between serialization gadgets and...
Denial Of Service (DoS)
OpenJDK is vulnerable to denial of service. The vulnerability exists through uncaught InstantiationError exception in ObjectStreamClass which allows an attacker to cause an application crash...
Insecure Deserialization
typo3/cms-core is vulnerable to insecure deserialization. The vulnerability is possible when the unserialize method is invoked on the malicious user provided-content with Class destructors, leading to a deletion of arbitrary directory in file system and to message submission via email, using the...
Incorrect Number Generator
nss is vulnerable to incorrect number generation. The vulnerability exists as a flaw in DRBG number generation within the Network Security Services NSS library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue a...
Denial Of Service (DoS)
memcached is vulnerable to denial of service DoS. The vulnerability exists as the tryreadcommand function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service segmentation fault via a request to add/set a key, which makes a comparison between signed and...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The vulnerability exists when cpu.cfsquotaus is used which allows attackers to cause a denial of service against non-cpu-bound applications...
Arbitrary Code Execution
ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as it was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the curren...