Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

Denial Of Service (DoS)

IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit is vulnerable to Denial of Service DoS. The attack exists because it does not prevent remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

Privilege Escalation

java is vulnerable to privilege escalation. An unspecified vulnerability allows remote attackers to affect confidentiality, integrity and availability via unknown vectors...

Denial Of Service (DoS)

libpng is vulnerable to denial of service DoS. The vulnerability exists as a memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale sCAL extension. An attacker could create a specially-crafted PNG image that could cause an...

Authorization Bypass

firefox is vulnerable to authorization bypass. The vulnerability exists as a flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain...

Denial Of Service (DoS)

The kernel package is vulnerable to Denial Of Service DoS. A divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially-crafted ext4 file system...

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code execution. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey...

Spoofed Content Association

Mozilla Firefox allows spoofed content association. A flaw was found in the way Firefox displayed blank pages after a user navigates to an invalid address. If a user visits an attacker-controlled web page that results in a blank page, the attacker could inject content into that blank page, possib...

Authorization Bypass

java is vulnerable to authorization bypass. The vulnerability exists in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit...

Denial Of Service (DoS)

Samba is vulnerable to Denial of Service DoS. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authenticated, remote user could use this flaw to...

Denial Of Service (DoS)

The kernel vulnerable to denial of service DoS. The Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table via specially-crafted packe...

Privilege Escalation

udev is vulnerable to privilege escalation. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an...

Arbitrary Code Execution

python is vulnerable to Arbitrary Code Execution. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute...

Arbitrary Code Execution

xpdf is vulnerable to arbitrary code execution. The vulnerability exists as an attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened...

Arbitrary Code Execution

freetype is vulnerable to arbitrary code execution. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

Privilege Escalation

java is vulnerable to privilege escalation. The vulnerability exists as a flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write loc...

Denial Of Service (DoS)

MySQL is vulnerable to denial of service DoS.Flaws in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash...

Privilege Escalation

kernel is vulnerable to privilege escalation. A missing capability check was found in the Linux kernel dochangetype routine. This could allow a local unprivileged user to gain privileged access or cause a denial of service...

Privilege Escalation

seamonkey is vulnerable to privilege escalation. The vulnerability exists as a web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information...

Information Disclosure

kernel is vulnerable to information disclosure. A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the...

Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. The vulnerability exists in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. A flaw was found in the IA32 system call emulation provided on AMD64 and Intel 64 platforms. An improperly validated 64-bit value could be stored in the %RAX register, which could trigger an out-of-bounds system call table access. An untrusted loc...

Cross-Site Scripting (XSS)

thunderbird is vulnerable to cross-site scripting. A cross-site scripting flaw was found in the way Thunderbird handled the jar: URI scheme. It may be possible for a malicious HTML mail message to leverage this flaw, and conduct a cross-site scripting attack against a user running Thunderbird...

Cross-Site Request Forgery (CSRF)

firefox is vulnerable to cross-site request forgery CSRF. A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists as a bug in the random number generator that prevented the manual seeding of the entropy pool...

Privilege Escalation

util-linux is vulnerable to privilege escalation. The vulnerability exists as a flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server...

Arbitrary Code Execution

samba is vulnerable to arbitrary code execution. A heap-based buffer overflow flaw was found in the way Samba authenticates users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash. Careful analysis of this flaw has determined that arbitrary code execution i...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as a denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash...

DNS Spoofing

Mozilla Firefox is vulnerable to DNS spoofing. A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a...

Information Disclosure

X.org is vulnerable to Information Disclosure. An integer overflow flaw was found in the X.org XGetPixel function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution...

Denial Of Service (DoS)

bind is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service...

Denial Of Service (DoS)

ISC BIND Berkeley Internet Name Domain is vulnerable to Denial Of Service DoS. A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service...

Denial Of Service (DoS)

Mozilla is vulnerable to denial of service DoS. The vulnerability exists through out of bounds write in GMPDecodeData when processing large images...

Denial Of Service (DoS)

Mozilla is vulnerable to denial of service. The vulnerability exists through a use-after-free issue when handling a ReadableStream...

Use-after Free

libxml2 is vulnerable to Use after free triggered by XPointer paths beginning with range-to...

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages...

Denial Of Service (DoS)

squid is vulnerable to denial of service. The vulnerability exists due to incorrect pointer handling when processing ESI Responses which allows an attacker to crash the application via malicious input...

Use-after-free

Mozilla Firefox is vulnerable to use-after-free in cubeb during stream destruction...

SQL Injection

django is vulnerable to SQL injection. Lack of adequate validation and sanitization of the tolerance parameter allows an attacker to inject and execute arbitrary SQL statements in the database...

Remote Code Execution

.NET software is vulnerable to remote code execution. Failure to validate the source markup of a file allows an attacker to execute code in the context of the application upon successful exploitation of the vulnerability. This CVE ID is different from CVE-2020-0605...

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service DoS. The vulnerability exists due to an incorrect exception during deserialization in BeanContextSupport...

Information Disclosure

Apache Kafka connect-runtime is vulnerable to information disclosure. Improper usage of regex matching in the Connect REST API exposes plaintext secrets through the tasks endpoint if the config value contains additional characters...

Denial Of Service (DoS)

Mozilla firefox is vulnerable to denial of service. The vulnerability exists through a use-after-free error in worker destruction...

Shell Code Execution

libunbound.so is vulnerable to shell code execution. The attack is possible due to not proper handling of a malicious IPSECKEY answer in the ipsec. The vulnerability can only triggered when the following conditions are met: 1 compiled the library with --enable-ipsecmod support, and ipsecmod is...

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. A NULL pointer dereference in DrawGlyphList allows an attacker to crash the application...

Remote Code Execution (RCE)

jackson-databind is vulnerable to remote code execution. The vulnerability exists as it does not stop classes from the commons-dbcp package from being used as deserialization gadgets...

Denial Of Service (DoS)

nodejs is vulnerable to denial of service. A remote attacker is able to crash the application by flooding the server with empty frames which results in excessive resource consumption...