38333 matches found
Denial Of Service (DoS)
vim/vim is vulnerable to denial of service. The vulnerability exists due to a null pointer dereference when deleting buffers in diff mode which allows an attacker to cause an application crash...
Cross-site Scripting (XSS)
core.wcm.components.core is vulnerable to cross-site scripting. The vulnerability exists because the stream function of AdaptiveImageServlet.java does not properly encode the imageName attribute, allowing an attacker to inject and execute malicious javascript through the crafted SVG image...
Denial Of Service (DoS)
file-type is vulnerable to denial of service. The vulnerability exists in the FileTypeParser function in core.js due to a lack of input sanitization in the file type detector which allows an attacker to cause an application crash by sending mkv file...
Use-After-Free
chromium is vulnerable to use-after-free. The vulnerability will allow an attacker to exploit a heap corruption via a crafted HTML page by convincing an user to install a malicious extension...
Arbitrary Code Execution
io.fabric8:kubernetes-client is vulnerable to arbitrary code execution. Misconfigured YAML parsing in unmarshalYaml function allows local authenticated attackers to execute arbitrary code on the target machine via a maliciously crafted YAML string...
Information Disclosure
xen is vulnerable to Information Disclosure. The vulnerability exists due to an aliases in the branch predictor causing some AMD processors to predict the wrong branch type...
Sensitive Information Disclosure
Xen is vulnerable to Sensitive Information Disclosure. Linux block table does not zero memory regions before sharing with the backend, leading to information disclosure. Additionally, the grant table only shares 4k pages, leading to unrelated data from different backends residing in the same page...
HTTP Request Smuggling
llhttp is vulnerable to http request smuggling. The vulnerability exists in the http function in http.ts due to a lack of validation and parsing of Transfer-Encoding headers which allows an attacker to smuggle HTTP requests...
Denial Of Service (DoS)
ujson is vulnerable to denial of service. The vulnerability exists in decodestring function in ultrajsondec.c when reallocation of buffer fails during string decoding which frees the buffer twice causing an application crash...
Denial Of Service (DoS)
libtiff.so is vulnerable to denial of service. The vulnerability exists because of converting double to uint32t with uint32t when divided by zero which allows an attacker to cause an application crash via a crafted file...
Remote Code Execution (RCE)
chromium is vulnerable to remote code execution. The vulnerability exists in url format which allows an attacker to inject and execute arbitrary codes...
Denial Of Service (DoS)
aiohttp is vulnerable to denial of service. An attacker can crash the application by providing invalid IPv6 URLs to the parsemessage function of httpparser.py...
Denial Of Service (DoS)
eap7 is vulnerable to denial of service. The vulnerability exists due to a flaw that was found in Undertow which allows an attacker to cause an application crash...
Remote Code Execution (RCE)
grub2 is vulnerable to remote code execution. The vulnerability exists due to a heap out-of-bounds write that happen during the handling of Huffman tables in the PNG reader allowing an attacker to inject malicious code into the system via a crafted PNG image...
Out-of-Bounds Read
vim is vulnerable to Out-of-bounds Read. The vulnerability exists due to a memory corruption which allows an attacker to cause an application crash...
Privilege Escalation
xen is vulnerable to privilege escalation. The vulnerability exists due to non-coherent mappings allowing an attacker to control the whole system because the system safety logic doesn't account for CPU-induced cache...
Incorrect Logic
x86 pv is using an incorrect logic. The vulnerability exists due to insufficient care with non-coherent mappings which allows an attacker to perform unwanted actions...
Regular Expression Denial Of Service (ReDoS)
semver-regex is vulnerable to regular expression denial of service. The vulnerability exists in semverRegex function in index.js due to improper use of regular expressions which allows an attacker to cause a ReDos...
Cross-site Scripting (XSS)
spip is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the spip.php...
Use-After-Free
vim is vulnerable to use-after-free. The vulnerability exists in appendcommand which allows an attacker to cause a memory corruption which then leads to an application crash...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. Failure to check the input to tf.rawops.LSTMBlockCell to validate ranks of any of the API call arguments causes a CHECK-failure , triggering a denial of service attack...
Denial Of Service (DoS)
chromium is vulnerable to denial of service. The vulnerability exists due to use after free in Performance APIs which allows an attacker to crash the application via malicious input...
Use After Free
chromium is vulnerable to use after free. The vulnerability exists in ANGLE which causes a memory corruption allowing a malicious attacker to cause a denial of service...
Information Disclosure
curl is vulnerable to information disclosure. The vulnerability exists due to an Auth/cookie leak on redirect to the same host but another port number...
Denial Of Service (DoS)
chrome is vulnerable to denial of service. The vulnerability exists due to an Out of bounds memory access in UI Shelf which allows an attacker to cause an application crash...
Path Traversal
org.owasp.esapi:esapi is vulnerable to path traversal. A remote authenticated user is able to break out of expected directory via a crafted input through getValidDirectoryPath function, because it may incorrectly treat the tested input string as a child of the specified parent directory...
Remote Code Execution (RCE)
qemu is vulnerable to re,mote code execution. The vulnerability exists in nvmectrlreset function which is triggered by the reentrancy write triggers where a malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially,...
Privilege Escalation
virtualbox is vulnerable to privilege escalation. The vulnerability exists due to improper access control which allows an attacker to access, insert, update and delete critical data in oracle vm...
Denial Of Service (DoS)
htmlunit is vulnerable to denial of service. An attacker can cause excessive heap memory consumption by providing malicious processing instructions to the compileString function of HtmlUnitContextFactory.java, leading to an application crash...
SQL Injection
blazer is vulnerable to sql injection attacks. The library does not properly sanitize user input which allows an attacker to inject malicious sql queries and modify system data...
Heap Buffer Overflow
heap buffer overflow in getonesourceline in GitHub repository vim/vim prior to 8.2.4647...
Information Exposure
moodle/moodle is vulnerable to information exposure. The vulnerability exists due to a lack of input validation in the export.php file, allowing to read sensitive informations in the system...
Denial Of Service (DoS)
vim is vulnerable to denial of service. The vulnerability exists due to an Out-of-bounds Read...
Buffer Overflow
pjproject is vulnerable to buffer overflow. The vulnerability exists due to a stack overflow in PJSUA API when calling pjsuaplayercreate...
Cross-site Scripting (XSS)
Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in processStartTag function of ManagementToolbarTag.java because the keyword in the search function is not escaped which allows an attacker to inject and execute arbitrary javascript...
Use After Free
libarchive is vulnerable to Use After Free. libarchive The vulnerability exists due to the lack of sanitization of the copystring...
Denial Of Service (DoS)
webkit2gtk:edge is vulnerable to denial of service...
Information Disclosure
cobbler is vulnerable to information disclosure. The vulnerability exists because the library does not properly restrict the config file accessibility, which allows an attacker who has access to the server to open an authenticated session with a cobbler daemon...
Denial Of Service (DoS)
libexpat.so is vulnerable to denial of service. An attacker can trigger stack exhaustion in the buildmodel function of xmlparse.c via a large nesting depth in the DTD element, leading to an application crash...
DNS Spoofing
mellium.im/xmpp is vulnerable to DNS spoofing. The vulnerability exists due to a lack of verification of the host name allowing an attacker to potentially deceive the user with a malicious DNS ID because the library does not properly verify TLS certification...
Authentication Bypass
github.com/go-gitea/gitea is vulnerable to authentication bypass. The library allows the TOTP code for two-factor authentication to be submitted correctly more than once enabling remote attackers to abuse the flaw and gain unauthorized privileges...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. The vulnerability exists in TensorByteSize function of attrvalueutil.cc because of the check failure in TensorShape which leads to an application crash...
Remote Code Execution (RCE)
webkit2gtk is vulnerable to remote code execution. The vulnerability exists due to a buffer overflow allowing an attacker to inject maliciously crafted script via web content...
Integer Overflow
libexpat.so is vulnerable to integer overflow. The vulnerability exists in the doProlog function in the xmlparse.c file, allowing an attacker to cause an application crash...
Denial Of Service (DoS)
util-linux is vulnerable to denial of service. The vulnerability exists due to a logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem...
Denial Of Service (DoS)
xercesImpl is vulnerable to denial of service. The vulnerability exists because the library does not properly handle XML document payloads, allowing an attacker to crash the application by providing a specially crafted XML document through the XML parser...
Heap-based Buffer Overflow
vim is vulnerable to heap-based buffer overflow. The vulnerability exist in the 'onefunctionarg' function in 'userfunc.c' causes a heap-based buffer overflow which could result in an application crash...
Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow. The vulnerability exist due to a lack of sanitization of the memory control pointer...
Use After Free
vim is vulnerable to use after free...
Integer Underflow
bionic is vulnerable to integer underflows. The library does not properly check memory size causing an integer underflow that allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...