Denial Of Service (DoS)

exiv2 is vulnerable to a denial of service. The vulnerability exists due to a heap-based buffer overflow in Exiv2::d2Data in types.cpp which allows an attacker to crash the application via malicious input...

Denial Of Service (DoS)

The kernel is vulnerable to denial of service DoS. It is possible because offset2lib allows for the stack guard page to be jumped over...

Remote Code Execution

Sonatype nxrm is vulnerable to remote code execution. The vulnerability allows high privilege users such as administrators to run arbitrary code on the server with Nexus process privileges by injecting arbitrary Java Expression Language EL expressions...

Denial Of Service (DoS)

openssl is vulnerable to denial of service. A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779...

Privilege Escalation

glibc is vulnerable to privilege escalation. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A missing validation flaw was found in the Linux kernel's mstop implementation. A local, unprivileged user could use this flaw to trigger a denial of service...

Phishing Attack

firefox is vulnerable to phishing attack. The vulnerability exists as it was found that by using the DOM fullscreen API, untrusted content could bypass the mozRequestFullscreen security protections. A web page containing malicious web content could exploit this API flaw to cause user interface...

Arbitrary Code Execution

libarchive is vulnerable to arbitrary code execution. The vulnerability exists when a user were tricked into expanding a specially-crafted ISO 9660 CD-ROM image or tar archive with an application using libarchive, it could cause the application to crash or, potentially, execute arbitrary code wit...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as multiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use opensslencrypt or openssldecrypt repeatedly could cause the PHP interpreter to use an excessive amount of...

Denial Of Service (DoS)

subversion is vulnerable to denial of service. An infinite loop flaw was found in the way the moddavsvn module processed certain data sets. If the SVNPathAuthz directive was set to "shortcircuit", and path-based access control for files and directories was enabled, a malicious, remote user could...

Authentication Bypass

openldap is vulnerable to authentication bypass. The vulnerability exists as a flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP...

Arbitrary Code Execution

qemu-kvm is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guests. A privileged guest user could use this flaw to crash the guest or, possibly, execute arbitrary code on...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A divide-by-zero flaw was found in the tcpselectinitialwindow function in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to trigger a denial of service by calling setsockopt with certain options...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists as a missing validation check was found in the Linux kernel's signals implementation. A local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the sicode set to SITKILL and with spoofe...

Arbitrary Code Execution

glibc is vulnerable to arbitrary code execution. It was discovered that the glibc fnmatch function did not properly restrict the use of alloca. If the function was called on sufficiently large inputs, it could cause an application using fnmatch to crash or, possibly, execute arbitrary code with t...

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS. The vulnerability exists as a flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors...

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld...

Denial Of Service (DoS)

IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit is vulnerable to Denial of Service DoS. The attack exists because it does not prevent remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

Privilege Escalation

java is vulnerable to privilege escalation. An unspecified vulnerability allows remote attackers to affect confidentiality, integrity and availability via unknown vectors...

Authorization Bypass

firefox is vulnerable to authorization bypass. The vulnerability exists as a flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain...

Cross-site Scripting (XSS)

SeaMonkey is vulnerable to cross-site scripting XSS. The attack is possible because remote attackers can perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object...

Spoofed Content Association

Mozilla Firefox allows spoofed content association. A flaw was found in the way Firefox displayed blank pages after a user navigates to an invalid address. If a user visits an attacker-controlled web page that results in a blank page, the attacker could inject content into that blank page, possib...

Authorization Bypass

java is vulnerable to authorization bypass. The vulnerability exists in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit...

Denial Of Service (DoS)

The kernel vulnerable to denial of service DoS. The Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table via specially-crafted packe...

Privilege Escalation

kernel-rt is vulnerable to privilege escalation. The vulnerability exists as a deficiency was found in the Linux kernel signals implementation. The killsomethinginfo function did not check if a process was outside the caller's namespace before sending the kill signal, making it possible to kill...

Arbitrary Code Execution

python is vulnerable to Arbitrary Code Execution. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS. The vulnerability exists as a deadlock flaw was found in the Linux kernel splice implementation. This deadlock could occur during interactions between the genericfilesplicewrite and splicefrompipe functions, possibly leading to a partial denial of...

Denial Of Service (DoS)

ruby is vulnerable to denial of service. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in ptrace support that allowed a local user to cause a denial of service via a NULL pointer dereference...

Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. The vulnerability exists in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. A flaw was found in the IA32 system call emulation provided on AMD64 and Intel 64 platforms. An improperly validated 64-bit value could be stored in the %RAX register, which could trigger an out-of-bounds system call table access. An untrusted loc...

Cross-Site Scripting (XSS)

thunderbird is vulnerable to cross-site scripting. A cross-site scripting flaw was found in the way Thunderbird handled the jar: URI scheme. It may be possible for a malicious HTML mail message to leverage this flaw, and conduct a cross-site scripting attack against a user running Thunderbird...

Privilege Escalation

util-linux is vulnerable to privilege escalation. The vulnerability exists as a flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as a denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash...

DNS Spoofing

Mozilla Firefox is vulnerable to DNS spoofing. A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a...

Information Disclosure

X.org is vulnerable to Information Disclosure. An integer overflow flaw was found in the X.org XGetPixel function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution...

Denial Of Service (DoS)

ISC BIND Berkeley Internet Name Domain is vulnerable to Denial Of Service DoS. A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service...

Denial Of Service (DoS)

Mozilla is vulnerable to denial of service. The vulnerability exists through a use-after-free issue when handling a ReadableStream...

Use-after Free

libxml2 is vulnerable to Use after free triggered by XPointer paths beginning with range-to...

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages...

Denial Of Service (DoS)

squid is vulnerable to denial of service. The vulnerability exists due to incorrect pointer handling when processing ESI Responses which allows an attacker to crash the application via malicious input...

Use-after-free

Mozilla Firefox is vulnerable to use-after-free in cubeb during stream destruction...

SQL Injection

django is vulnerable to SQL injection. Lack of adequate validation and sanitization of the tolerance parameter allows an attacker to inject and execute arbitrary SQL statements in the database...

Shell Code Execution

libunbound.so is vulnerable to shell code execution. The attack is possible due to not proper handling of a malicious IPSECKEY answer in the ipsec. The vulnerability can only triggered when the following conditions are met: 1 compiled the library with --enable-ipsecmod support, and ipsecmod is...

Authorization Bypass

infinispan is vulnerable to authorization bypass. The vulnerability exists as the invokeAccessibly method in the ReflectionUtil class allows the invokation of any private methods with Infinispan's privileges...

Information Disclosure

ansible is vulnerable to information disclosure. The attack is possible due to an incomplete fix of CVE-2019-10206 which does not perform safe type conversions using AnsibleUnsafeBytes and AnsibleUnsafeBytes classes, allowing CLI provided passwords being incorrectly templated when using totext,...

Remote Code Execution (RCE)

jackson-databind is vulnerable to remote code execution. The vulnerability exists as it does not stop classes from the commons-dbcp package from being used as deserialization gadgets...