XML External Entity (XXE)

xmlgraphics-commons is vulnerable to XML external entity attacks. The external DTDs are not disabled by default and allows an attacker submit requests on behalf of the server via a malicious XML document...

Denial Of Service (DoS)

Linux Kernel is vulnerable to denial of service DoS. The vulnerability is possible because of an issue was discovered in drivers/accessibility/speakup/spkttyio.c. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs...

Denial Of Service (DoS)

subversion is vulnerable to denial of service. An unauthenticated remote attacker attacker is able to crash the application via the modauthzsvn module by requesting for a non-existing repository URL, if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option...

Denial Of Service (DoS)

wireshark is vulnerable to denial of service. The vulnerability exists due to non-validation in epan/dissectors/packet-btatt.c...

Denial Of Service (DoS)

glibc is vulnerable to denial of service DoS. The vulnerability exists through sysdeps/i386/ldbl2mpn.c where a stack-based buffer overflow occurs on the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a...

Denial Of Service (DoS)

chromium is vulnerable to denial of service DoS. The vulnerability exists through a use after free flaw...

Privilege Escalation

xen is vulnerable to privilege escalation. The vulnerability exists through a data leak caused by an AMD IOMMU page-table entry that can be half-updated...

Insecure Permissions

ceph-ansible is vulnerable to insecure permission. The vulnerability allows any user to read sensitive information within...

Arbitrary File Overwrite

github.com/thecodingmachine/gotenberg is vulnerable to directory traversal. An attacker is able to exploit the vulnerability to overwrite arbitrary files in the system and cause a denial of service condition or potentially result in arbitrary code execution...

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. The vulnerability exists in oxenstored, where a owner could give a node away, causing guest can run out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory...

Denial Of Service (DoS)

openjpeg is vulnerable to denial of service. It is possible due to a heap-buffer-overflow in lib/openjp2/mqc.c which allows an attacker to cause an application crash...

Arbitrary Code Execution

openjpeg is vulnerable to arbitrary code execution. A heap-based buffer-overflow write allows an attacker to execute arbitrary code on the host OS...

Denial Of Service (DoS)

openldap is vulnerable to denial of service. A NULL pointer dereference during a request for renaming RDNs allows an unauthenticated remote attacker to crash the slapd process by sending a malicious request...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. This vulnerability exist because of a flaw in the memory management API during the initialization of a memory region cache...

Out-of-Bounds Read

OpenEXR is vulnerable to out-of-bounds read. The vulnerability exists in ImfOptimizedPixelReading.h...

Denial Of Service (DoS)

OpenEXR is vulnerabile to denial of service and arbitrary code execution. The vulnerability exist when an invalid write of size 1 in the bufferedReadPixels function could cause the application to crash or execute arbitrary code...

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists through hw/usb/hcd-ohci.c due to an infinite loop when a TD list has a loop allowing an attacker to cause an application crash...

Privilege Escalation

linux-kvm is vulnerable to privilege escalation. The vulnerability exists as the rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices...

Privilege Escalation

linux kernel is vulnerable to privilege escalation. A Use-after-free vulnerability in fs/blockdev.callows local users to gain additional privileges or cause a denial of service by leveraging improper access to a certain error field...

Denial Of Service (DoS)

nsd is vulnerable to denial of service. An attacker is able to overwrite the PID file via a local symlink attack which will cause the application to crash...

Buffer Over-read

oniguruma is vulnerable to Heap-based buffer over-read. It is possible because of a flaw in the function gb18030mbcenclen in file gb18030.c...

XML External Entity (XXE)

typo3/cms-core is vulnerable to XML external entities XXE. The vulnerability exists as the libxml object in getRssItems of RssWidget.php does not disable external entities...

Remote Code Execution

ArchiveTar is vulnerable to remote code execution. An attacker is able to inject malicious code through file extension.PHARwithin a tar archive...

Content Security Bypass

firefox is vulnerable to content security policy bypass. The application does not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to denial of service DoS. Incorrect use of namespaces in comparisons allow an attacker to send infinite Raft writes to cause a namespace replication bug, leading to a resource exhaustion and an application crash...

Arbitrary File Overwrite

libreoffice is vulnerable to arbitrary file overwrite. Forms allowed to be submitted to any URI could result in local file overwrite...

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. The vulnerability exists when specifying series alias such as test data or elastic search, which allows special characters, caused by the bs-typeahead directive that evals the select options passed to it...

Denial Of Service (DoS)

linux-oem-osp1 is vulnerable to denial of service DoS. The vulnerability exists through a heap based buffer overflow in the bluetooth implementation...

Information Disclosure

OpenJDK is vulnerable to information disclosure. The vulnerability exists through a race condition in NIO Buffer boundary checks...

CRLF Injection

python is vulnerable CRLF Injection. The vulnerability exists through the first argument of HTTPConnection.request...

Information Disclosure

junit is vulnerable to Information Disclosure. The vulnerability exists through the behaviour of TemporaryFolder on UNIX-like systems, where the system's temporary directory is shared between all users on that system by default...

Cross-site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting XSS. Failure to validate the requestparams whereclause allows an attacker inject and execute arbitrary Javascript in a user's browser by sending a link to the victim containing the malicious JavaScript via the transformation feature...

Cross-site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of policy enforcement that allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. The vulnerability exists on all applications running on systems with an Andro...

Authorization Bypass

apache-ant is vulnerable to authorization bypass. The vulnerabiltiy exists through the mitigation for CVE-2020-1945 has changed the permissions of temporary files it created so that only the current user was allowed to access them, while the fixcrlf task deleted the temporary file and creates a n...

Cookie Injection

php7 is vulnerable to cookie injection. The vulnerability exists as cookie names are url-decoded, allowing cookies with prefixes such as Host to be forged...

Denial Of Service (DoS)

freerdp is vulnerable to denial of service DoS. The vulnerability exists through an out-of-bounds read...

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption...

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free issue in the WebKit component...

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerabiltiy exists through memory errors...

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption...

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. An attacker can input malicious web content to lead to memory corruptions and arbitrary code execution...

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...

Denial Of Service (DoS)

libvirt is vulnerable to denial of service. A potential application crash can occur via active pools that are created without a target path...

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and...

Denial Of Service (DoS)

sqlite3 is vulnerable to denial of service DoS. The vulnerability exists as the WITH stack continues to unwind even after a parsing error in selectExpander in select.c...

Arbitrary Code Execution

ruby is vulnerable to arbitrary code execution. An attacker is able to inject code in the first argument to the command argument to Shell or Shelltest in lib/shell.rb...

Arbitrary Code Execution

GraphicsMagick is vulnerable to arbitrary code execution. A NULL pointer dereference in the WriteMAPImage function in coders/map.c when processing a non-colormapped image allows an attacker to execute arbitrary code on the host OS. This is different vulnerability from CVE-2017-11638...

XML External Entity (XXE)

JabRef version =4.3.1 contains a XML External Entity XXE vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file...

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS. The vulnerability exists as aufs improperly managed inode reference counts in the vfsubdentryopen method...