Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. A high privileged attacker with network access via multiple protocols can compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL...

Denial Of Service (DoS)

golang is vulnerable to denial of service. The vulnerability exists due to a data overwrite when invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. An attacker is able to crash the system by exploiting a heap corruption via a maliciously crafted HTML page...

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An attacker may exploit the vulnerability by injecting a malicious requests over multiple connections can cause the server to allocate significant amount of memory causing it to crash...

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very larg...

Authentication Bypass

pterodactyl/panel is vulnerable to authentication bypass. The library does not properly verify the user-provided security token, allowing an attacker to bypass the two-factor authentication...

Bypass Of Protection Mechanism

linux is vulnerable to privilege escalation. drivers/net/ethernet/xilinx/xilinxemaclite.c in the Linux kernel makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer i.e., the real IOMEM pointer...

CVE-2021-38209

linux is vulnerable to information disclosure. The vulnerability exists due to an allowable observation of changes in any net namespace which can be leaked into all other net namespaces...

Bypass Of Secure Validation

Apache Santuario is vulnerable to bypass of secure validation. Lack of secure handling of secureValidation property allows an attacker to abuse an XPath Transform and to extract any local .xml files in a RetrievalMethod element during the creation of a KeyInfo from a KeyInfoReference element...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to an Out of bounds write in V8...

Denial Of Service

ntfs-3g, sid is vulnerable to denial of service. The vulnerability exists due to an out-of-bounds access in ntfsinodesyncstandardinformation in NTFS-3G...

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. An attacker is able to exploit the vulnerability injecting arbitrary code via the processed input stream...

Information Disclosure

postgresql is vulnerable to information disclosure. A malicious query can be used to read arbitrary bytes of server memory. In the default configuration, any authenticated database user is able to exploit the vulnerability...

Denial Of Service (DoS)

qemu:devel is vulnerable to denial of serivce. A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEM...

Denial-of-service (DoS)

systemd:focal is vulnerable to denial-of-service. The vulnerability exists in DHCP client which allows an attacker to send a specially crafted DHCP FORCERENEW packet causing an application crash...

Denial Of Service (DoS)

nodejs is vulnerable to Denial Of Service DoS. A use-after-free allows an attacker to corrupt memory that would cause an application crash and potentially allow arbitrary code execution...

Denial Of Service (DoS)

curl is vulnerable to denial of service. The SSL backend fails to secure the CURLOPTSSLCERT against current directory file overriding the keychain nickname specified, potentially resulting in the overriding the CURLOPTSSLCERT specified certificate and thus causing denial of service...

Remote Code Execution (RCE)

java-11-openjdk is vulnerable to remote code execution. The vulnerability occurs due to the sandbox environment that allows untrusted code from the internet to run...

Denial Of Service (DoS)

qemuis vulnerable to denial of service. The vulnerability exists while handling a "PVRDMAREGDSRHIGH" write from the guest which may result in a crash of QEMU due to the access of an uninitialized pointer, which allows an attacker to crash the application via malicious input...

Denial Of Service (DoS)

firefox:edge is vulnerable to denial of service...

Denial Of Service (DoS)

sshd-core is vulnerable to denial of service. SFTP and port forwarding feature of the library allows an attacker to send maximum data to cause the boundary overflow on BufferedIoOutputStream writing, causing an OutOfMemory error...

Denial Of Service (DoS)

cxf-rt-rs-json-basic is vulnerable to denial of service. An attacker is able to cause a thread to be stuck in an infinite loop due to an insecure parsing of JSON in JsonMapObjectReaderWriter...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A use-after-free error within the Autofill component in Google Chrome allows a remote attacker to execute arbitrary code on the host OS by tricking the victim into visiting a malicious web page...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to a use after free in the Spell check component...

Denial Of Service (DoS)

NGINX is vulnerable to denial of service. A buffer overflow for years that exceed four digits causes an integer overflow, resulting in an application crash...

Denial Of Service (DoS)

pillow is vulnerable to denial of service. An out-of-bounds read in J2kDecode in j2kugrayala allows an attacker to crash the application...

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists due to an out of bounds memory access security issue has been found in the WebAudio component of the Chromium...

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists due to a race conditions during an update of the local and shared status which allows an attacker to crash the application via malicious input...

Denial Of Service (DoS)

unbound is vulnerable to denial of service DoS. The vulnerability exists through an assertion failure through a compressed name in dnamepktcopy...

Denial Of Service (DoS)

unbound is vulnerable to denial of service. The vulnerability exists due to an assertion failure. in synthcname. An attacker is able to crash the system by sending invalid packets to the server...

Insecure Deserialization

wire allows insecure deserialization. The way the type information is handled in its serialization format allows an attacker to pass malicious payloads a different type for the receiving end to the deserializer and potentially cause unexpected application behavior...

Denial Of Service (DoS)

pillow is vulnerable to denial of service. Lack of validation and checks for the validity of return data when jumping to file offsets in the EpsImagePlugin results in a denial-of-service condition...

Denial Of Service (DoS)

pillow is vulnerable to denial of service. Lack of validation and checks for the validity of return data when jumping to file offsets in the BlpImagePlugin results in a denial-of-service condition...

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists due to a flaw was found in the USB redirector device usb-redir of QEMU where small USB packets are combined into a single boundless large transfer request to reduce the overhead and improve performance...

Information Disclosure

samba is vulnerable to information disclosure. The vulnerability exists due to a flaw that could allow an attacker to read data beyond the end of the array...

Denial Of Service (DoS)

rust is vulnerable to denial of service. The vulnerability exists due to a double free in theVec::fromiter function...

Privilege Escalation

exim4 is vulnerable to privilege escalation. The vulnerability exists due to a new-line injection into spool header files...

Privilege Escalation

exim4 is vulnerable to privilege escalation. An attacker with the privileges of the exim user can create a symlink/hardlink in the log directory and append arbitrary contents to an arbitrary file such as /etc/passwd to obtain full root privileges...

Injection Vulnerability

openvpn is vulnerable to injection vulnerabilities. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id...

Remote Code Execution (RCE)

mariadb is vulnerable to remote code execution. The vulnerability exists due to an untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrepprovider and wsrepnotifycmd...

Arbitrary Code Execution

firefox-esr:sid is vulnerable to arbitrary code execution. When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code...

Padding Oracle Attack

jose-node-cjs-runtime is vulnerable to padding oracle attack. The vulnerability exists as decryption did not fail as soon as hmac verification fails, allowing timing information to be measured by running the CBC decryption with various padding length...

Use-after-free

linux is vulnerable to use after free. An attacker is able to exploit the vulnerability via an I/O request at a certain point during device setup...

Use After Free

webkit2gtk is vulnerable to a use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution...

HTTP Request Smuggling

squid is vulnerable to HTTP request smuggling. A trusted client is able to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls...

Authorization Bypass

moodle/moodle is vulnerable to authorization bypass. When creating a user account, it was possible to verify the account without having access to the verification email link/secret...

Information Disclosure

ceph is vulnerable to information disclosure. The vulnerability exists due to the password stored in mgr logs for gradana and dashboard...

Cross-site Scripting (XSS)

velocity-tools-view is vulnerable cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser as it does not escape a user-provided vm file as part of the URL which displayed in the error page...

Denial Of Service (DoS)

gsoap is vulnerable to denial of service DoS. The vulnerability exists in the WS-Security plugin functionality when processing a SOAP request...

Denial Of Service (DoS)

Linux Kernel is vulnerable to denial of service DoS. The vulnerability is possible because of an issue was discovered in drivers/accessibility/speakup/spkttyio.c. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs...