38326 matches found
Remote Code Execution
docker is vulnerable to remote code execution. The vulnerability exists due to a security regression of CVE-2019-5736 due to inclusion of vulnerable runc...
Denial Of Service (DoS)
unbound is vulnerable to denial of service DoS. The vulnerability exists due to an incomplete fix for CVE-2020-12662 in RHEL7...
Cross-Site Scripting (XSS)
dijit is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Editor's LinkDialog plugin...
Denial Of Service (DoS)
unbound is vulnerable to Denial of Service DoS. The attack exists because of amplification of an incoming query into a large number of queries directed to a target...
Denial Of Service (DoS)
OpenJDK is vulnerable to denial of service. The vulnerability exists through uncaught InstantiationError exception in ObjectStreamClass which allows an attacker to cause an application crash...
Insecure Deserialization
typo3/cms-core is vulnerable to insecure deserialization. The vulnerability is possible when the unserialize method is invoked on the malicious user provided-content with Class destructors, leading to a deletion of arbitrary directory in file system and to message submission via email, using the...
Incorrect Number Generator
nss is vulnerable to incorrect number generation. The vulnerability exists as a flaw in DRBG number generation within the Network Security Services NSS library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue a...
Privilege Escalation
subversion is vulnerable to privilege escalation. The vulnerability exists as a maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicio...
Denial Of Service (DoS)
memcached is vulnerable to denial of service DoS. The vulnerability exists as the tryreadcommand function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service segmentation fault via a request to add/set a key, which makes a comparison between signed and...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. A memory leak when idralloc fails in genlregisterfamily in net/netlink/genetlink.c allows an attacker to crash the system...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The vulnerability exists when cpu.cfsquotaus is used which allows attackers to cause a denial of service against non-cpu-bound applications...
Information Disclosure
git is vulnerable to information disclosure. A malicious URL containing new lines, empty host or lacks a scheme can cause credential leak...
Arbitrary Code Execution
ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as it was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the curren...
Arbitrary Code Execution
firefoxi s vulnerable to arbitrary code execution. The vulnerability in Sanitiser for OpenType OTS, used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Linux kernel handled VLAN 0 frames with the priority tag set. When using certain network drivers, an attacker on the local network could use this flaw to cause a denial of service...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists as two flaws were found in the way Firefox parsed certain Scalable Vector Graphics SVG image files. A web page containing a malicious SVG image file could cause an information leak, or cause Firefox to crash or,...
Denial Of Service (DoS)
kernel is vulnerable to Denial of Service DoS. The vulnerability exists as a flaw was found in the Linux kernel's clock implementation on 32-bit, SMP symmetric multiprocessing systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service...
Privilege Escalation
util-linux is vulnerable to privilege escalation. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems...
Denial Of Service (DoS)
krb5-appl is vulnerable to a buffer overflow flaw. Due to a flaw in libtelnet/encrypt.c, a remote attacker can access the telnet port of a target machine, subsequently executing arbitrary code as root...
Denial Of Service (DoS)
avahi is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Avahi daemon avahi-daemon processed multicast DNS mDNS packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an...
Denial Of Service (DoS)
kernel is vulnearble to denial of service. A flaw was found in the Linux kernel execve system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM Out of Memory killer, triggering a denial of service...
Privilege Escalation
glibc is vulnerable to privilege escalation. It was discovered that the glibc addmntent function did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into /etc/mtab via certain setuid mount helpers, if the attacker were allowed to mount to a...
Information Disclosure
kernel is vulnerable to information disclosure. Missing initialization flaws in the Linux kernel could lead to information leaks...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...
Denial Of Service (DoS)
php is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially-crafted XML-RPC request...
Denial Of Service (DoS)
mysql is vulnerable to denial of service DoS. The vulnerability exists as a flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld...
Man-in-the-Middle (MitM)
seamonkey is vulnerable to man-in-the-middle attack. A flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. A flaw was found in the Linux kernel's CPU time clocks implementation for the POSIX clock interface. A local, unprivileged user could use this flaw to cause a denial of service...
Cross-Site Scripting (XSS)
firefox is vulnerable to cross-site scripting. A cross-site scripting XSS flaw was found in the Firefox x-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings. Certain characters were converted to angle brackets when displayed. If server-side script filtering missed these cases, it could...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. An integer overflow flaw was found in the extent range checking code in the Linux kernel's ext4 file system implementation. A local, unprivileged user with write access to an ext4-mounted file system could trigger this flaw by writing to a file at a very...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...
Remote Code Execution (RCE)
PostgreSQL is vulnerable to remote code execution RCE. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl, if the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Tcl...
Access Restriction Bypass
PostgreSQL is vulnerable to Access Restriction Bypass. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Perl...
Cross-site Scripting (XSS)
firefox is vulnerable to cross-site scripting XSS. The vulnerability exists as a web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website...
Denial Of Service (DoS)
httpd is vulnerable to denial of service. It was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where modproxy is used in load balancer mode....
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSLlibraryinit function after previous calls to the CRYPTOcleanupallexdata function, which would cause a memory leak for each subsequent SSL connection. This...
Arbitrary Code Execution
freetype is vulnerable to arbitrary code execution. Two stack overflow flaws were found in the way the FreeType font engineprocessed certain Compact Font Format CFF character strings opcodes. If a user loaded a specially-crafted font file with an application linked against FreeType, it could caus...
Arbitary Code Execution
krb5 is vulnerable to arbitrary code execution. Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center KDC decrypted ciphertexts encrypted with the Advanced Encryption Standard AES and ARCFOUR RC4 encryption algorithms. I...
Authorization Bypass
kernel is vulnerable to authorization bypass. The vulnerability exists as a missing check was found in the mextcheckarguments function in the ext4 file system code. A local user could use this flaw to cause the MOVEEXT IOCTL to overwrite the contents of an append-only file on an ext4 file system,...
Spoofing Attack
firefox is vulnerable to spoofing attack. A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not...
Information Disclosure
firefox is vulnerable to information disclosure. The vulnerability exists as an attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox...
Authorization Bypass
firefox is vulnerable to authorization bypass. The vulnerability exists as an attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript...
Arbitrary Code Execution
libpng is vulnerable to arbitrary code execution.The vulnerability exists as a memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opene...
Denial Of Service (DoS)
The kernel is vulnerable to Denial Of Service DoS. A flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being...
Denial Of Service (DoS)
Samba is vulnerable to Denial of Service DoS. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authenticated, remote user could use this flaw to...
Cross-site Scripting (XSS)
squirrelmail is vulnerable to cross-site scripting XSS. The vulnerability exists as it was discovered that SquirrelMail did not properly sanitize Cascading Style Sheets CSS directives used in HTML mail. A remote attacker could send a specially-crafted email that could place mail content above...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the NFSv4 implementation. The kernel would do an unnecessary permission check after creating a file. This check would usually fail and leave the file with the permission bits set to random values...
Information Disclosure
The kernel is vulnerable to Information Disclosure. Due to missing initialization flaws found in the Linux kernel, padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks...
Denial Of Service (DoS)
The kernel package is vulnerable to denial of service DoS. The possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service kernel panic...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the AGPGART driver. The agpgenericallocpage and agpgenericallocpages functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could...