38341 matches found
Arbitrary Code Execution
exim4 is vulnerable to arbitrary code execution. A heap out-of-bounds write in parsefixphrase allows an attacker to execute arbitrary code on the host OS...
Integer Overflow
openldap:edge is vulnerable to integer overflow. An integer underflow can causes a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service...
Cross-Site Scripting (XSS)
keycloak-theme is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the referrer URL in the new account console...
Information Disclosure
chromium is vulnerable to information disclosure. The vulnerability exists through the lack of data validation in the Reader Mode that allows cross-origin data to be leaked...
Denial Of Service (DoS)
glibc is vulnerable to denial of service DoS. The vulnerability exists through sysdeps/i386/ldbl2mpn.c where a stack-based buffer overflow occurs on the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a...
Denial Of Service (DoS)
chromium is vulnerable to denial of service DoS. The vulnerability exists through a use after free flaw...
Arbitrary Code Execution
dnsmasq is vulnerable to arbitrary code execution. A heap-based buffer overflow in rfc1035.c:extractname due to the lack of length checks, which could be abused occurs when DNSSEC is enabled and before the receiving DNS entries are validated. A remote attacker who can create valid DNS replies is...
Information Disclosure
dnsmasq is vulnerable to information disclosure. The vulnerability exists because when getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to...
Insecure Permissions
ceph-ansible is vulnerable to insecure permission. The vulnerability allows any user to read sensitive information within...
Denial Of Service (DoS)
dotnet is vulnerable to denial of service DoS. The vulnerability exists through ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2...
Arbitrary Code Execution
jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the lack of sanitization of the "org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource class through deserialization...
Arbitrary File Overwrite
github.com/thecodingmachine/gotenberg is vulnerable to directory traversal. An attacker is able to exploit the vulnerability to overwrite arbitrary files in the system and cause a denial of service condition or potentially result in arbitrary code execution...
XML External Entity (XXE)
plonesupermodel is vulnerable to XML external entity XXE attacks. The vulnerability exists due to an unapplied permission which would allow an attacker with Manager role to perform XXE attacks and submit requests on behalf of the server and access restricted internal or local resources...
Integer Overflow
open-iscsi:sid is vulnerable to integer overflow. The vulnerability exist in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...
Arbitrary Code Execution
openjpeg is vulnerable to arbitrary code execution. A heap-based buffer-overflow write allows an attacker to execute arbitrary code on the host OS...
Information Disclosure
openSSH is vulnerable to information disclosure. An attacker is able to conduct a man-in-the-middle attack to initial connections attempts due to a observable discrepancy in the algorithm negotiation...
Incorrect Preservation Of Namespace Prefixes
encoding/xml in github.com/golang/go is performing incorrect preservation of namespace prefixes. An attacker is able to provide malicious inputs to cause conflicts in the way of preserving the namespace prefixes on XML elements during tokenization round-trips...
Denial Of Service (DoS)
openldap is vulnerable to denial of service. A NULL pointer dereference during a request for renaming RDNs allows an unauthenticated remote attacker to crash the slapd process by sending a malicious request...
Denial Of Service (DoS)
qemu is vulnerable to denial of service. An attacker is able to transmit a malicious RX descriptor to e1000ewritepackettoguest which induced an infinite loop, causing the qemu to crash resulting in denial of service...
Denial Of Service (DoS)
QEMU is vulnerable to denial of service. This vulnerability exist because of a flaw in the memory management API during the initialization of a memory region cache...
Denial Of Service (DoS)
ghostscript is vulnerable to denial of service. An attacker is able to crash the application via a malicious PDF file that results in a long running computation...
Denial Of Service (DoS)
imagemagick is vulnerable to denial of service DoS. The vulnerability exists in GammaImage of /MagickCore/enhance.c, depending on the gamma value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick...
Denial Of Service (DoS)
ghostscript is vulnerable to denial of service DoS. The vulnerability exists due to the heap-buffer-overflow in the lprnisblack function in contrib/lips4/gdevlprn.c, allowing an attacker to crash the application via a crafted PDF file...
Denial Of Service (DoS)
qemu is vulnerable to denial of service. The vulnerability exists through heap buffer overflow in sdhcisdmatransfermultiblocks in hw/sd/sdhci.c which allows an attacker to cause an application crash...
Privilege Escalation
linux kernel is vulnerable to privilege escalation. A Use-after-free vulnerability in fs/blockdev.callows local users to gain additional privileges or cause a denial of service by leveraging improper access to a certain error field...
Buffer Over-read
oniguruma is vulnerable to Heap-based buffer over-read. It is possible because of a flaw in the function gb18030mbcenclen in file gb18030.c...
Remote Code Execution
ArchiveTar is vulnerable to remote code execution. An attacker is able to inject malicious code through file extension.PHARwithin a tar archive...
Content Security Bypass
firefox is vulnerable to content security policy bypass. The application does not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. It happens due to Red Hat only CVE-2020-12352 regression, allowing a remote attacker in an adjacent range to crash the system...
Arbitrary File Deletion
wordpress is vulnerable to Arbitrary File Deletion. Insecure validation of the meta key protection in isprotectedmeta in wp-includes/meta.php allows an attacker to delete arbitrary files on the host...
Arbitrary Code Execution
wordpress is vulnerable to Arbitrary Code Execution. Lack of secure validation of deserialization requests allows an attacker to submit an untrusted object to wp-includes/Requests/Utility/FilteredIterator.php which would result in unsafe deserialization, leading to arbitrary code execution...
Cross-site Scripting (XSS)
wordpress is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the addLoadEvent function in admin-header.php where an attacker is able to inject malicious script via global variables and get it executed when a user visits the page...
Denial Of Service (DoS)
linux-oem-osp1 is vulnerable to denial of service DoS. The vulnerability exists through a heap based buffer overflow in the bluetooth implementation...
Information Disclosure
OpenJDK is vulnerable to information disclosure. The vulnerability exists through a race condition in NIO Buffer boundary checks...
CRLF Injection
python is vulnerable CRLF Injection. The vulnerability exists through the first argument of HTTPConnection.request...
Information Disclosure
junit is vulnerable to Information Disclosure. The vulnerability exists through the behaviour of TemporaryFolder on UNIX-like systems, where the system's temporary directory is shared between all users on that system by default...
Cookie Injection
php7 is vulnerable to cookie injection. The vulnerability exists as cookie names are url-decoded, allowing cookies with prefixes such as Host to be forged...
Remote Code Execution (RCE)
nette/application is vulnerable to remote code execution RCE. The vulnerability exists as invalid closures could be processed through the value of the callback parameter in MicroPresenter.php...
Denial Of Service (DoS)
freerdp is vulnerable to denial of service DoS. The vulnerability exists through an out-of-bounds read...
Arbitrary Code Execution
WebKitGTK+ is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption...
Denial Of Service (DoS)
libssh2 is vulnerable to denial of service. The vulnerability exists through an integer overflow in SSHMSGDISCONNECT logic in packet.c which allows an attacker to cause an application crash...
Denial Of Service (DoS)
webkitgtk4 is vulnerable to denial of service DoS. The vulnerability exists through an improper memory handling...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through multiple memory corruption issues...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. The vulnerabiltiy exists through memory errors...
Cross-site Scripting (XSS)
webkitgtk is vulnerable to cross-site scripting XSS. The vulnerability exists through an improper state management issue...
Arbitrary Code Execution
webkitgtk is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption...
Arbitrary Code Execution
WebKitGTK+ is vulnerable to arbitrary code execution. It is possible due to a flaw in the port of the WebKit portable web rendering engine to the GTK+ platform...
Arbitrary Code Execution
WebKitGTK+ is vulnerable to arbitrary code execution. An attacker can input malicious web content to lead to memory corruptions and arbitrary code execution...
Arbitrary Code Execution
webkitgtk4 is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...