38332 matches found
Denial Of Service (DoS)
chromium is vulnerable to denial of service. An attacker is able to crash the system by exploiting a heap corruption via a maliciously crafted HTML page...
Denial Of Service (DoS)
Redis is vulnerable to denial of service. An attacker may exploit the vulnerability by injecting a malicious requests over multiple connections can cause the server to allocate significant amount of memory causing it to crash...
Denial Of Service (DoS)
Redis is vulnerable to denial of service. An integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very larg...
Bypass Of Secure Validation
Apache Santuario is vulnerable to bypass of secure validation. Lack of secure handling of secureValidation property allows an attacker to abuse an XPath Transform and to extract any local .xml files in a RetrievalMethod element during the creation of a KeyInfo from a KeyInfoReference element...
Denial Of Service(DoS)
netty-codec is vulnerable to denial of service. The vulnerability exists due to lack of allocation size restriction on the decompressed output data in the Bzip2 decompression decoder function, leading to an OOME...
Remote Code Execution (RCE)
@npmcli/arborist is vulnerable to remote code execution. The vulnerability exists due to a symlink dependency where an attacker is able to create arbitrary contents to be written to any location on the filesystem...
Denial Of Service (DoS)
go is vulnerable to Denial Of Service DoS. The vulnerability exists due to a race condition where the system is trying to access the same resources leading to denial of service...
Denial Of Service (DoS)
firefox:edge is vulnerable to denial of service...
Denial Of Service (DoS)
sshd-core is vulnerable to denial of service. SFTP and port forwarding feature of the library allows an attacker to send maximum data to cause the boundary overflow on BufferedIoOutputStream writing, causing an OutOfMemory error...
Denial Of Service (DoS)
openexr:stretch is vulnerable to denial of service. An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEX. An attacker could use this flaw to crash an application compiled with OpenEXR...
Information Disclosure
libvirt is vulnerable to information disclosure. An attacker is able to access files of other users when the system generates SELiinux MCS category pairs for VMs' dynamic labels...
Denial Of Service (DoS)
cxf-rt-rs-json-basic is vulnerable to denial of service. An attacker is able to cause a thread to be stuck in an infinite loop due to an insecure parsing of JSON in JsonMapObjectReaderWriter...
Denial Of Service (DoS)
linux kernel is vulnerable to denial of service. The vulnerability exists due to a NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality...
Arbitrary Code Execution
unbound is vulnerable to arbitrary code execution. An integer overflow in the regional allocator via the ALIGNUP macro allows an attacker to execute arbitrary code on the host OS...
Information Disclosure
bouncycastle is vulnerable to information disclosure. The vulnerability exists due to a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...
Denial Of Service (DoS)
trousers is vulnerable to denial of service. The vulnerability exists when daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks which allows the tss user to create or corrupt existing files, which could possibly lead to a DoS attack...
Insecure Deserialization
wire allows insecure deserialization. The way the type information is handled in its serialization format allows an attacker to pass malicious payloads a different type for the receiving end to the deserializer and potentially cause unexpected application behavior...
Denial Of Service (DoS)
lz4 is vulnerable to denial of service. An integer overflow occurs when one of the memmove arguments is set to negative, resulting in an application crash...
Information Disclosure
chromium is vulnerable to information disclosure. The vulnerability exists due to insufficient data validation that allows a remote attacker to leak cross-origin data via a crafted HTML page...
Use After Free
webkit2gtk is vulnerable to a use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution...
Regular Expression Denial Of Service (ReDoS)
hosted-git-info is vulnerable to regular expression denial of service ReDoS. An attacker can provide a malicious string via shortcutMatch in the function fromUrl in index.js to crash the application...
Regular Expression Denial Of Service (ReDos)
xstream is vulnerable to regular expression denial of service. A remote attacker is able to occupy a thread that consumes excessive CPU resources for long period of time...
Regular Expression Denial Of Service (ReDoS)
ua-parser-js is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability by sending a malicious User-Agent header under the device type causing the system to process the header for an extended period of time...
Denial Of Service (DoS)
json-smart is vulnerable to denial of service DoS attacks. An unhandled NumberFormatException thrown from the function extractFloat in JSONParserBase.java allows a remote attacker to crash programs or leak sensitive information...
Authorization Bypass
moodle/moodle is vulnerable to authorization bypass. When creating a user account, it was possible to verify the account without having access to the verification email link/secret...
Remote Code Execution (RCE)
xstream is vulnerable to remote code execution. An attacker is able to manipulate the processed input stream and replace or inject objects which would result in the execution of arbitrary code loaded from a remote server...
Out-of-Bounds Access
openjpeg is vulnerable to out-of-bounds write. An attacker is able to inject a malicious input during conversion and encoding, causing an out-of-bounds write...
OS Command Injection
react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of childprocess.execFileSync in the function getProcessIdOnPort...
Denial Of Service (DoS)
ImageMagick is vulnerable to denial of service DoS. An attacker is able to send a malicious file to trigger undefined behavior in the form of math division by zero...
Cross-Site Scripting (XSS)
nanohttpd is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser via the GeneralHandler class that implements a basic GET handler which prints debug information as an HTML page...
Information Disclosure
Python is vulnerable to information disclosure. The vulnerability exists because Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. An incorrect umask configuration during file or directory modification in the way user create and delete object using NFSv4.2 or newer, if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2, allows a user with access...
Information Disclosure
firefox is vulnerable to information disclosure. The vulnerability exists by combining the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine...
Regular Expression Denial Of Service (ReDoS)
jquery-validation is vulnerable to regular expression denial of service. An insecure use of a regular expression to parse URLs allows an attacker to cause a denial of service condition via a malicious URL...
Denial Of Service (DoS)
imagemagick is vulnerable to denial of service DoS. The vulnerability exists through the TIFFSetProfiles function in coders/tiff.c where TIFFGetField return values imply that data validation has occurred...
Denial Of Service (DoS)
open-iscsi is vulnerable to denial of service DoS. The vulnerability exists through an Out-of-Bounds read in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...
Insecure XML Parsing
github.com/crewjam/saml does not perform secure XML parsing. An attacker is able to forge part of a signed XML document due to a lack of validation...
Denial Of Service(DoS)
chromium, sid is vulnerable to Denial of ServiceDoS. Inappropriate implementation in V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Denial Of Service(DoS)
lldpd is denial of serviceDoS. The buffer overflow in the lldpdecode function in daemon/protocols/lldp.c...
Denial Of Service (DoS)
libdbi-perl is vulnerable to denial of service. An untrusted pointer dereference allows a local attacker who is able to manipulate calls to dbddblogin6sv, cause a memory corruption and crash the application...
Arbitrary Code Execution
openexr is vulnerable to arbitrary code execution. An invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...
Denial Of Service (DoS)
qemu is vulnerable to denial of service. The vulnerability exists through hw/usb/hcd-ohci.c due to an infinite loop when a TD list has a loop allowing an attacker to cause an application crash...
Privilege Escalation
linux-kvm is vulnerable to privilege escalation. The vulnerability exists as the rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices...
Denial Of Service (DoS)
nsd is vulnerable to denial of service. An attacker is able to overwrite the PID file via a local symlink attack which will cause the application to crash...
Privilege Escalation
Moodle is vulnerable to privilege escalation. Users students are able to add entries within groups they do not belong to...
Remote Code Execution
unomi-plugins-base is vulnerable to arbitrary code execution. An insufficient fix for CVE-2020-11975 allows an attacker to bypass the allowlist and blocklist and remotely execute arbitrary code...
Remote Code Execution (RCE)
XStream is vulnerable to remote code execution RCE. The processed stream at unmarshalling time contains type information to recreate the formerly written objects, and new instances are created based on these type information. The vulnerability allows an attacker to manipulate the processed input...
Denial Of Service (DoS)
qt5-qtwebsockets is vulnerable to denial of service. An insecure websocket implementation allows only limited size for frames and messages and allows an attacker to cause a denial of service...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The vulnerability exists due to a memory leak in the rtl8xxxusubmitinturb function which allows an attacker to crash the kernel...
Information Disclosure
guava is vulnerable to Information Disclosure. A folder with insecure permissions is created by the function com.google.common.io.Files.createTempDir. A local user will be able to steal secrets stored in this directory...