Remote Code Execution (RCE)

jackson-databind is vulnerable to remote code execution. The vulnerability exists as it does not stop classes from the commons-dbcp package from being used as deserialization gadgets...

Denial Of Service (DoS)

nodejs is vulnerable to denial of service. A remote attacker is able to crash the application by flooding the server with empty frames which results in excessive resource consumption...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service DoS. The vulnerability is due to integer overflow leading to buffer overflow...

Arbitrary Code Execution

libcurl.so is vulnerable to arbitrary code execution. A double-free occurs when a malicious server claims to send a large block that results in the realloc function call to fail. The vulnerability exists when curl uses kerberos over FTP, and can be exploited by an attacker to execute arbitrary co...

Remote Code Execution

ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. This CVE ID is different from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-13...

Remote Code Execution

ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. This CVE ID is different from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-13...

Denial Of Service (DoS)

elfutils is vulnerable to denial of service DoS. It causes a heap-based buffer over-read in libdw/dwarfgetaranges.c:dwarfgetaranges via a malicious file...

Denial Of Service (DoS)

advancecomp is vulnerable to denial of service DoS. The vulnerability exists in function advpngunfilter8 in lib/png.c...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a buffer overflow in hidpprocessreport...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference in xfsdashrinkinode function...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free in drivers/char/ipmi/ipmisiintf.c, ipmisimemio.c, ipmisiportio.c...

Denial Of Service (DoS)

Django is vulnerable to denial of service DoS. It does not properly handle HTML entities in the function striptags, causing excessive HTMLParser recursions...

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. It was discovered that the implementation of the Collections class in the Utilities component of OpenJDK did not limit the amount of memory allocated when creating object instance from a serialized form. A specially-crafted input could cause a Java...

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. It was discovered that the implementation of the Throwable class in the Utilities component of OpenJDK did not sufficiently validate serial stream before deserializing suppressed exceptions. A specially-crafted input could cause a Java application to...

Buffer Overflow

QEMU is vulnerable to buffer overflows. A remote, unauthenticated attacker could cause a system crash due to device tree size manipulation before buffer allocation leading to denial of service conditions. Affected by this issue is the function loadimage of the file devicetree.c...

Arbitrary Code Execution

libpoppler.so is vulnerable to arbitrary code execution. A heap-based buffer overflow in Splash::blitTransparent in splash/Splash.cc allows an attacker to execute arbitrary code...

Open Redirection

spring-security-oauth2 is vulnerable to open redirection. A remote attacker is able to modify the redirecturi parameter and redirect users to a malicious site to steal confidential information such as authorization code, username and password...

Arbitrary Code Execution

IBM Java SE version 8 is vulnerable to arbitrary code execution fixed in 7u221 and 8u211...

Denial Of Service (DoS)

The java openjdk is vulnerable to denial of service DoS. It is possible due to a slow conversion of BigDecimal to long...

Information Disclosure

Linux kernel is vulnerable to information disclosure vulnerability. The vulnerability exists in the procpidstack function in fs/proc/base.c in the Linux kernel. Local attackers could obtain kernel task stack contents that may lead to further attacks...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of service attacks. A remote authenticated attacker could exploit a flaw in the InnoDB component to cause denial of service conditions...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service DoS attacks. The vulnerability is due to an out of bound access after a size limit is reached by reading the HTTP header. An attacker could cause an application crash via a specially crafted request resulting in a complete denial of service...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown code block in the library fs/xfs/libxfs/xfsattr.c of the component XFS File System because xfsattrshortformaddname in fs/xfs/libxfs/xfsattr.c mishandles ATTRREPLACE operations with conversion of an...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of serviceDoS attacks. This occurs when the ioti driver is loaded, a local unprivileged attacker could request incorrect high transfer speed in the changeportsettings in the drivers/usb/serial/ioti.c so that the divisor value becomes zero and causes a system...

Memory Corruption

Linux kernel is vulnerable to memory corruption vulnerability. This is because the ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently causing an...

Heap-Based Buffer Overflow

PHP is vulnerable to heap-based buffer overflow vulnerability. The vulnerability exists in the ext/mysqlnd/mysqlndwireprotocol.c in PHP. Remote MySQL servers could cause a denial of service or possibly have unspecified other impact via crafted field metadata...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote authenticated user could exploit a flaw in the DDL component which leads to cause a hang or frequently repeatable crash complete DoS...

Denial Of Service (DoS)

Oracle Java SE is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown function of the component Security. An unauthenticated attacker with network access via multiple protocols could compromise Java SE, Java SE Embedded, JRockit causing a parital denial of service...

Arbitrary Code Execution

GNU C Library is vulnerable to arbitrary code execution. A remote unauthenticated attacker could cause a buffer overflow during unescaping of user names with the operator resulting in denial of service conditions and code execution attacks...

Information Disclosure

Linux kernel is vulnerable to information disclosure vulnerability. This is because the movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. A local attacker could learn the memory layout of a setuid executable allowing mitigation of ASL...

Key Reinstallation Attack (KRACK)

WPA and WPA2 are vulnerable to key reinstallation attacks KRACK. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way handshake...

Arbitrary Code Execution

OpenJPEG is vulnerable to arbitrary code execution attacks. A remote unauthenticated attacker could exploit the vulnerable JP2 File Handler component to cause code execution via a crafted JP2 file, which triggers an out-of-bounds read or write...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of service attacks. A remote, authenticated attacker could exploit the flawed Optimizer component to cause a hang or frequently repeatable crash resulting in denial of service conditions...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Pluggable Auth component which allows unauthorized attackers to cause frequently repeatable crash on the target system...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service attacks. A local non-privileged user is able to cause denial of service by overflowing the mount table, which causes a deadlock for the whole system. Affected is the file fs/namespace.c of the component Mount Handler...

Denial Of Service

Java SE and Java SE Embedded are vulnerable to denial of serviceDoS attacks. A remote user can exploit a flaw in the Serialization component to cause application crash resulting in partial denial of service conditions...

NULL Pointer Dereference

JasPer is vulnerable to NULL pointer dereference. A remote attacker could cause denial of service via a crafted BMP image in an imginfo command. This issue affects the function bmpgetdata of the file libjasper/bmp/bmpdec.c of the component imginfo...

Unauthorized Modification

Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...

Command Injection

Snoopy library is vulnerable to command injection attacks. This allows remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers which may leads to data modification...

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to buffer overflow vulnerability. This is due to memory allocation issues when handling large amounts of incoming data resulting a potentially exploitable crash...

Denial Of Service (DoS)

IPv6 protocol is vulnerable to denial of serviceDos attacks. Remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Privilege Escalation

Oracle MySQL, MariaDB, Percona Server and Percona XtraDB Cluster are vulnerable to privilege escalation. A locally authenticated attacker may use race condition while setting stats during MyISAM table repair to obtain elevated privileges...

Denial Of Service (DoS)

Oracle MySQL Server is vulnerable to denial of service DoS attacks. An authenticated user can manipulate with an unknown input, causing the application to crash. The affected component is DML...

Brute Force Attack

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Improper Input Validation And Arbitary Code Injection

The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...

CRLF Injection

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker...

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Sensitive Information Leakage

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...