38340 matches found
Privilege Escalation
cephx is vulnerable to privilege escalation attacks. This is because cephx authentication protocol does not verify ceph clients correctly. An attacker who has access to the ceph cluster network is able to sniff packets on the network...
Out-Of-Bounds Read
PHP is vulnerable to out-of-bounds reads. The vulnerability exists in matchat during regular expression searching because of a logical error involving order of validation and access in matchat...
Heap-Based Buffer Overflow
PHP is vulnerable to heap-based buffer overflow vulnerability. The vulnerability exists in the ext/mysqlnd/mysqlndwireprotocol.c in PHP. Remote MySQL servers could cause a denial of service or possibly have unspecified other impact via crafted field metadata...
Arbitrary Code Execution
GNU C Library is vulnerable to arbitrary code execution. A remote unauthenticated attacker could cause a buffer overflow during unescaping of user names with the operator resulting in denial of service conditions and code execution attacks...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service attacks. The rdscmsgatomic function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. An attacker with local access can cause denial of service conditions via NULL pointer dereference in...
Information Disclosure
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...
Denial Of Service (DoS)
Linux kernel is vulnerable to NULL pointer dereference vulnerability. This occurs in the Key Management sub component in Linux kernel when trying to issue a KEYTCLREAD on a negative key. Local attackers could cause a denial of service conditions via a crafted KEYCTLREAD operation...
Key Reinstallation Attack (KRACK)
WPA and WPA2 are vulnerable to key reinstallation attacks KRACK. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way handshake...
Arbitrary Code Execution
OpenJPEG is vulnerable to arbitrary code execution attacks. A remote unauthenticated attacker could exploit the vulnerable JP2 File Handler component to cause code execution via a crafted JP2 file, which triggers an out-of-bounds read or write...
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of service attacks. A remote, authenticated attacker could exploit the flawed Optimizer component to cause a hang or frequently repeatable crash resulting in denial of service conditions...
Denial Of Service (DoS)
QEMU is vulnerable to denial of serviceDoS attacks. This occurs in the rtl8139cplustransmit function in hw/net/rtl8139.c. This allows local guest OS administrators to cause a denial of service condition infinite loop and CPU consumption by leveraging failure to limit the ring descriptor count...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service attacks. A local non-privileged user is able to cause denial of service by overflowing the mount table, which causes a deadlock for the whole system. Affected is the file fs/namespace.c of the component Mount Handler...
Command Injection
Snoopy library is vulnerable to command injection attacks. This allows remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers which may leads to data modification...
Denial Of Service (DoS)
Mozilla Firefox is vulnerable to buffer overflow vulnerability. This is due to memory allocation issues when handling large amounts of incoming data resulting a potentially exploitable crash...
Denial Of Service (DoS)
IPv6 protocol is vulnerable to denial of serviceDos attacks. Remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Session Fixation
pcsd in pcs is vulnerable to Session Fixation. Failing to validate cookies on the server side when a user is logged out, could potentially allow an attacker to perform session fixation attacks on pcsd in order to impersonate another user...
Denial Of Service (DoS)
Oracle MySQL Server is vulnerable to denial of service DoS attacks. An authenticated user can manipulate with an unknown input, causing the application to crash. The affected component is DML...
Denial Of Service (DoS)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Brute Force Attack
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Man-in-the-Middle (MitM)
The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...
Improper Input Validation And Arbitary Code Injection
The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Sensitive Information Leakage
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...
Spoofable UI
firefox is vulnerable to spoofable UI. The vulnerability exists as it was possible to spoof the address bar via a SELECT element with a persistent menu...
Denial Of Service (DoS)
ntp is vulnerable to denial of service DoS. The vulnerability exists through an out-of-bounds reference from an addpeer request, with a large hmode value...
Denial Of Service (DoS)
PCRE is vulnerable to denial of service DoS. The vulnerability exists through parsing a malicious regular expression...
Arbitrary Code Execution
kernel is vulnerable to arbitrary code execution. The vulnerability exists as the kernel improperly handles options data, causing arbitrary code execution through sendmsg system call...
Information Disclosure
MySQL Server is vulnerable to information disclosure. The vulnerability exists as an unspecified vulnerability in Oracle MySQL .This allows a remote authenticated user to manipulate with an unknown input which related to 'Types'...
Denial Of Service (DoS)
JavaScript engine implementation in Mozilla Firefox is vulnerable to denial of service attacks. This allows a remote attacker to execute arbitrary code or cause a denial of service via a crafted web site...
Use-After-Free
Mozilla Network Security ServicesNSS is vulnerable to use-after-free attacks. This allows remote attackers to case denial of service via crafted key data with DER encoding...
Buffer Over-Read
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Cross-Site Request Forgery (CSRF)
Jenkins is vulnerable to Cross-site request forgery CSRF vulnerability. The attack is possible because the request via the HTTP GET method are not validated, allowing remote attackers to hijack the authentication of administrators for requests...
Improper Access Control
The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the joinsessionkeyring function. A local, unprivileged us...
Denial Of Service (DoS)
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Buffer Overflow
The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...
Buffer Overflow
The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...
Integer Overflow
The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...
Buffer Overflow
PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...
Integer Overflow
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free vulnerability when processing track data...
Denial Of Service (DoS)
Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. Changes to the ceph component: In the previous version, launching of nova instances resulted in nova-compute...
Arbitrary Code Execution
X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...
Denial Of Service (DoS)
V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an...
Denial Of Service (DoS)
Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as...
Arbitrary Code Execution
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...
Denial Of Service (DoS)
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...
Privilege Escalation
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...