Information Disclosure

puma is vulnerable to information disclosure. Puma not closing the body, enables remote attackers to gain access to sensitive information because the library depends on the response body being closed in order for its CurrentAttributes implementation to work correctly...

Denial Of Service (DoS)

openexr is vulnerable to denial of service.The vulnerability exists in CompositeDeepScanLine::setFrameBuffer function of ImfCompositeDeepScanLine.cpp due to a heap-based buffer overflow which allows an attacker to crash the application via malicious input...

Remote Code Execution (RCE)

webkit2gtk is vulnerable to remote code execution. The vulnerability exists due to a buffer overflow allowing an attacker to inject maliciously crafted script via web content...

Denial Of Service (DoS)

wireshark:edge is vulnerable to denial of service. Crash in the RFC 7468 dissector allows denial of service via packet injection or crafted capture file...

Integer Overflow

libexpat.so is vulnerable to integer overflow. The vulnerability exists in the doProlog function in the xmlparse.c file, allowing an attacker to cause an application crash...

Denial Of Service (DoS)

xercesImpl is vulnerable to denial of service. The vulnerability exists because the library does not properly handle XML document payloads, allowing an attacker to crash the application by providing a specially crafted XML document through the XML parser...

Heap-based Buffer Overflow

vim is vulnerable to heap-based buffer overflow. The vulnerability exist in the 'onefunctionarg' function in 'userfunc.c' causes a heap-based buffer overflow which could result in an application crash...

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to a heap-based Buffer Overflow allowing an attacker to crash the system...

Information Disclosure

python-django is vulnerable to information disclosure. The vulnerability exist due to the lack of sanitizaton of the Template Language's variable resolution logic...

Use After Free

Chrome is vulnerable to use after free. An attacker is able to exploit the vulnerability via a maliciously crafted HTML page...

Out-of-bounds Memory Access When Inserting Text In Edit Mode

firefox is vulnerable to Out of bounds Access. An attacker is able to exploit the vulnerability by inserting text in Edit mode...

Denial Of Service (DoS)

libexpat.so is vulnerable to denial of service. The vulnerability exists due to the integer overflow in the lookup of xmlparse.c, allowing an attacker to cause an application crash...

Remote Code Execution (RCE)

h2 is vulnerable to remote code execution. The vulnerability exists due to the use of javax.naming.Context.lookup method which performs JNDI lookup,as a dangerous function/sink, allowing an attacker to load custom class/ remote LDAP/RMI queries and execute malicious code in a process with H2...

Cross-site Scripting (XSS)

webkit2gtk is vulnerable to cross-site scripting. The vulnerability exists due to a logic issue...

Denial Of Service (DoS)

libsepol is vulnerable to denial of service. The CIL compiler in SELinux has a heap-based buffer over-read in ebitmapmatchany called indirectly from cilcheckneverallow. This occurs because there is sometimes a lack of checks for invalid statements in an optional block...

Arbitrary Code Execution

freeipa is vulnerable to Arbitrary Code Execution. An unauthenticated attacker could execute arbitrary code by trigger parsing the krb principal key via the berscanf function...

Denial Of Service (DoS)

libsolv is vulnerable to denial of service. The vulnerability exists through the prunetorecommended function in policy.c, allowing an attacker to crash the application via malicious input...

Denial Of Service (DoS)

busybox:edge is vulnerable to denial of service...

Directory Traversal

babel is vulnerable to directory traversal. The library does not clean the locale identifiers properly before loading from file, allowing a malicious user to load arbitrary locale .dat files...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. A high privileged attacker with network access via multiple protocols can compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL...

Denial Of Service (DoS)

chromium-browser:bionic is vulnerable denial of service. It allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An attacker may exploit the vulnerability by injecting a malicious requests over multiple connections can cause the server to allocate significant amount of memory causing it to crash...

Denial Of Service (DoS)

mediawiki is vulnerable to denial of service. The system may crash when processing ApiQueryBacklinks with a full db table scan...

CVE-2021-38209

linux is vulnerable to information disclosure. The vulnerability exists due to an allowable observation of changes in any net namespace which can be leaked into all other net namespaces...

Denial Of Service(DoS)

netty-codec is vulnerable to denial of service. The vulnerability exists due to lack of allocation size restriction on the decompressed output data in the Bzip2 decompression decoder function, leading to an OOME...

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

Information Disclosure

postgresql is vulnerable to information disclosure. A malicious query can be used to read arbitrary bytes of server memory. In the default configuration, any authenticated database user is able to exploit the vulnerability...

Insecure Cryptographic Function

libapache2-mod-auth-openidc has insecure cryptographic functions. The vulnerability existis due to reusing the same key...

Request Smuggling

tomcat-coyote is vulnerable request smuggling. Incorrect way of parsing of the HTTP transfer-encoding request header causes request smuggling when it is used with a reverse proxy and if the client declared it would only accept an HTTP/1.0 response...

Information Disclosure

webkit2gtk is vulnerable to information disclosure. The vulnerability exists due to a use-after-free in Webkits GraphicsContext...

Denial Of Service (DoS)

curl is vulnerable to denial of service. The SSL backend fails to secure the CURLOPTSSLCERT against current directory file overriding the keychain nickname specified, potentially resulting in the overriding the CURLOPTSSLCERT specified certificate and thus causing denial of service...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to a use after free in the Spell check component...

Denial Of Service (DoS)

NGINX is vulnerable to denial of service. A buffer overflow for years that exceed four digits causes an integer overflow, resulting in an application crash...

Remote Code Execution (RCE)

zope is vulnerable to remote code execution. The vulnerability exists due to untrusted modules available indirectly through Python modules...

Information Disclosure

Elastic APM .NET Agent is vulnerable to information disclosure. Confidential HTTP header information is disclosed when logging the details during an application error...

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists due to an out of bounds memory access security issue has been found in the WebAudio component of the Chromium...

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists due to a race conditions during an update of the local and shared status which allows an attacker to crash the application via malicious input...

Denial Of Service (DoS)

unbound is vulnerable to denial of service DoS. The vulnerability exists through an assertion failure through a compressed name in dnamepktcopy...

Denial Of Service (DoS)

squid is vulnerable to denial of service. An attacker can cause a fatal error via the HTTP response of a squid cache, resulting in a denial of service condition...

Arbitrary Code Execution

exim4 is vulnerable to arbitrary code execution. A heap out-of-bounds write in parsefixphrase allows an attacker to execute arbitrary code on the host OS...

Information Disclosure

samba is vulnerable to information disclosure. The vulnerability exists due to a flaw that could allow an attacker to read data beyond the end of the array...

Denial Of Service (DoS)

rust is vulnerable to denial of service. The vulnerability exists due to a double free in theVec::fromiter function...

URL Spoofing

firefox:edge is vulnerable to URL spoofing. When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the...

Prototype Pollution

jquery-plugin-query-object is vulnerable to prototype pollution. An attacker is able to inject malicious properties into existing construct prototypes Object.prototype and modify attributes such as proto, constructor and prototype...

Remote Code Execution

tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the...

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability by sending a malicious User-Agent header under the device type causing the system to process the header for an extended period of time...

Cross-site Scripting (XSS)

ceph dashboard is vulnerable to cross-site scripting XSS attacks. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks...

Information Disclosure

ceph is vulnerable to information disclosure. The vulnerability exists due to the password stored in mgr logs for gradana and dashboard...

Cross-site Scripting (XSS)

velocity-tools-view is vulnerable cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser as it does not escape a user-provided vm file as part of the URL which displayed in the error page...

Denial Of Service (DoS)

gsoap:sid is vulnerable to a denial-of-service vulnerability. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...