Denial Of Service (DoS)

openjdk is vulnerable to Denial of Service DoS. A remote attacker is able to cause a partial denial of service conditions resulting in application crashes...

Session Fixation

github.com/KubeOperator/kubepi is vulnerable to Session Fixation. The vulnerability exists due to insufficient session expiration mechanisms in the library, allowing an attacker to hijack the legitimate user sessions...

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution due to improper input validation leading to memory corruption causing the application to halt, crash, or arbitrary code execution...

Reverse Tabnabbing

texthelpers is vulnerable to reverse tabnabbing. The vulnerability exists in multiple functions in translation.rb due to lack of proper regular expression which allows an attacker to use web links to untrusted targets with window.opener access...

Remote Code Execution

xwayland is vulnerable to remote code execution. The handler for the ScreenSaverSetAttributes request may write to memory after it has been freed leading to local privileges elevation on systems where the server is running privileged and remote code execution for ssh X forwarding sessions...

Information Disclosure

curl is vulnerable to Information Disclosure. An attacker may force the library to use an insecure clear-text HTTP step even when HTTPS is provided in the URL. The HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts ...

Denial Of Service (DoS)

loofah is vulnerable to denial of service. The vulnerability exists due to uncontrolled recursion used in the CDATA sections of the library, which allows an attacker to cause an application crash through malicious input...

Denial Of Service (DoS)

netty-codec-haproxy is vulnerable to Denial Of Service DoS. The vulnerability is due to a StackOverflowError in the HAProxyMessage.java as it does not properly limit the maximum nesting of TLV, allowing an attacker to cause an application crash via infinite recursion by passing a maliciously...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. An attacker can cause heap corruption via a crafted HTML page, leading to an application crash...

HTTP Response Splitting

ruby is vulnerable to http response splitting. The vulnerability exists when applications use untrusted user input either to generate an HTTP response or to create a cgi cookie object...

Information Disclosure

H2 Database Engine is vulnerable to information disclosure. The vulnerability is caused by the webAdminPassword argument, which allows an administrator to specify the password in plaintext. An attacker can get the password for the H2 web admin console by looking at the running processes...

Denial Of Service (DoS)

xen is vulnerable to denial of service. The vulnerability exists due to excessive memory allocation which allows an attacker to cause an application crash due to overflows...

Buffer Overflow

grub2 is vulnerable to Buffer Overflow. The vulnerability exists in grubfontconstructglyph function which allows an attacker to cause an overflow when calculating the maxglyphsize value by sending a malicious crafted pf2 font...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in the BinaryFunctor function of cwiseopscommon.h due to a size mismatch during broadcast assignment which allows an attacker to cause an application crash by providing malicious input...

Denial Of Service (DoS)

Linux kernel’s KVM is vulnerable to denial of service. The vulnerability exists due to a NULL pointer dereference which allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service...

Privilege Escalation

multipath-tools is vulnerable to Privilege Escalation. The vulnerability exists due to incorrect symlink handling which allows an attacker to do file writes outside of the /dev/shm directory...

Directory Traversal

rar is vulnerable to Directory Traversal. The vulnerability exists in RARLAB UnRAR which allows an attacker to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file...

Information Disclosure

Liferay Portal is vulnerable to information disclosure. The vulnerability exists because of including the LDAP credential in the page URL when paginating through the list of users which allows an attacker to access to the request logs to see the LDAP credential...

Integer Overflow

libtiff.so is vulnerable to integer overflow. The vulnerability is due to memory corruption in tifgetimage.c, which allows the remote attacker to crash the application...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. An attacker can crash the application by providing a maliciously crafted input through the multiple protocols...

Buffer Overflow

samba is vulnerable to buffer overflow. The vulnerability exists within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal because GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet causing an application cras...

Information Disclosure

dolphinscheduler-server is vulnerable to Information Disclosure. The vulnerability exists due to improper handling of logs in the process function of LoggerRequestProcessor.java, allowing an attacker to read log files through the log server...

Arbitrary Code Execution

badaso/core is vulnerable to arbitrary code executions. The vulnerability is due to the application not properly validating the data uploaded by users which allows an attacker to perform arbitrary code execution...

Denial Of Service (DoS)

protobuf-cpp is vulnerable to Denial of Service. The vulnerability exists in multiple functions due to out of memory failures which allows an attacker to cause an application crash via multiple key-value...

Information Disclosure

grafana is vulnerable to information disclosure. The vulnerability exists in multiple functions due to forwarding login cookies in outgoing requests resulting in an attacker gaining access to cookies required to perform unauthorized actions...

Improper Access Control

chromium is vulnerable to improper access control. The vulnerability is because of an incorrect security ui due to a flaw found in the Full Screen of the Chromium browser which allows an attacker to perform unauthorized actions...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists in route4change in the net/sched/clsroute.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem...

Denial Of Service (DOS)

Consul is vulnerable to authorization denial of service. Due to incorrectly validating JWT characters, an attacker can continually request TLS certificates and ACL tokens. This unnecessary information being stored can result in authorization denial of service...

Denial Of Service (DoS)

Jettison is vulnerable to denial of service. The vulnerability exists in nextValue function in JSONTokener.java where the attacker may supply content that causes the parser to crash by out of memory if the parser is running on user supplied input...

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in tab strip in google chrome which allows a remote attacker who convinced an user to engage in specific UI interactions...

Denial Of Service (DoS)

.NET Core is vulnerable to denial of service. The vulnerability exists due to a stack overflow which allows an attacker to send a customized payload that is parsed during model binding and cause an application crash...

Use-After-Free

podman is vulnerable to use-after-free. An attacker could possibly crash or cause potential code execution in the system, under certain conditions, during the GPG signature verification...

Denial Of Service (DoS)

github.com/helm/helm is vulnerable to denial of service. The vulnerability exists in setIndex function in parser.go because a maximum index is not defined when setting index which allows an attacker to cause an application crash...

Remote Code Execution (RCE)

vim is vulnerable to remote code execution. The vulnerability exists due to a Use After Free which allowing an attacker to inject maliciously crafted script into the system...

Denial Of Service (DoS)

u-boot is vulnerable to denial of service. The vulnerability exists due to the integer signedness error, resulting stack stack-based buffer overflow in the i2c md command, which enables the corruption of the return address pointer of the doi2cmd function...

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to an Out-of-bounds Read allowing an attacker to crash the system with a maliciously crafted string constant...

Denial Of Service (DoS)

webkit2gtk is vulnerable to denial of service. The vulnerability exists due to an out-of-bound issue which allows a remote attacker to send maliciously crafted web content that may lead to arbitrary code execution...

Cross-site Scripting (XSS)

libxml2.so is vulnerable to cross-site scripting. The vulnerability exists in the htmlAttrDumpOutput function in HTMLtree.c due to a lack of sanitization in the escaped variable which allows an attacker to inject and execute malicious javascript...

Type Confusion

chromium is vulnerable to type confusion. A remote attacker is able to exploit a heap memory corruption issue via a crafted HTML page, which leads to a use-after-free state in V8 module...

Information Disclosure

opensshkeyparser is vulnerable to information disclosure. The vulnerability exists in readfixedbytes function in pascalstylebytestream.py because the exception message is not properly handled which allows an attacker to gain access to view and modify the length of a raw field value of a key...

Denial Of Service (DoS)

ujson is vulnerable to denial of service. The vulnerability exists in decodestring function in ultrajsondec.c when reallocation of buffer fails during string decoding which frees the buffer twice causing an application crash...

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service. The vulnerability exists because of converting double to uint32t with uint32t when divided by zero which allows an attacker to cause an application crash via a crafted file...

Information Disclosure

intel-microcode is vulnerable to information disclosure. Incomplete cleanup of microarchitectural fill buffers allow an authenticated attacker to potentially enable information disclosure via local access...

Information Disclosure

guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists because the modifyRequest function of RedirectMiddleware.php does not properly strip the authorization header or cookie header on a change in host or HTTP downgrade, allowing an attacker to get sensitive informati...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization to the input size allowing an attacker to crash the system via a malicious request to a lua script that calls r:parsebody0...

Integer Underflow

ntfs is vulnerable to integer underflow. The vulnerability exists in fuselibreaddir which allows an attacker to read arbitrary memory read operations in NTFS-3G when using libfuse-lite...

Denial Of Service (DoS)

.NET and Visual Studio is vulnerable to Denial of Service. The vulnerability exists due to a flaw was found in dotnet allowing an attacker to crash the system by parsing HTML forms...

Cross-site Scripting (XSS)

spip is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the spip.php...

Use-After-Free

vim is vulnerable to use-after-free. The vulnerability exists in appendcommand which allows an attacker to cause a memory corruption which then leads to an application crash...

Buffer Overflow

mariadb is vulnerable to buffer overflow. The vulnerability exists due to decimalbinsize which allows an attacker to cause a crash via specially crafted SQL statements...