Denial Of Service (DoS)

libpng is vulnerable to denial of service. The vulnerability exists due to an absolute path in the export script that crashes when reading multiple zTXT chunks...

Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to a lack of sanitization...

Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. The vulnerability exist due to a lack of sanitization of the memory control pointer...

Remote Code Execution (RCE)

chromium-browser is vulnerable to remote code execution. The vulnerability exists due to the issue in the Object lifecycle in ANGLE...

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to a heap-based Buffer Overflow allowing an attacker to crash the system...

Arbitrary Code Execution

nodejs is vulnerable to arbitrary code execution. An attacker can inject and execute malicious name constraints When the library use string format to check the validity of the peer certificates against hostname...

Improper Input Validation

smarty/smarty is vulnerable to improper input validation. The vulnerability exists in smartyinternaltemplateparser.php because the security settings are not properly defined which allows an attacker to the restricted code through dynamic static class...

Remote Code Execution (RCE)

RabbitMQ is vulnerable to Regular Expression Denial Of Service ReDoS. A new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper...

Remote Code Execution (RCE)

thunderbird is vulnerable to remote code execution. The vulnerability exists due to a boundary error when handling DER-encoded DSA or RSA-PSS signatures within Mozilla NSS library...

Authorization Bypass

haproxy is vulnerable to authorization bypass. Lack of validation of the HTTP Host header could potentially result in bypass of access controls due to a mishandling of the Host and authority. The fix for the original CVE is correctly included in OpenShift 4.9.11.The release of OpenShift 4.9.6...

Remote Code Execution (RCE)

thunderbird and firefox are vulnerable remote code execution. The vulnerability exists due to a lack of sanitization of supplied parameter URL containing spaces...

Denial Of Service (DoS)

openexr:bionic is vulnerable to denial of service. The vulnerability exists due to incorrectly handled EXR image files which allows an attacker to crash the application via malicious input...

Privilege Escalation

github.com/grafana/grafana is vulnerable to privilege escalation. The vulnerability exists due to a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users roles in other organizations in which they are not an admin...

Denial Of Service (DoS)

libsolv is vulnerable to denial of service. The vulnerability exists through the pooldisabledsolvable function in repo.h, allowing an attacker to crash the application via malicious input...

Arbitrary Code Execution

ibjpeg-turbo is vulnerable to arbitrary code execution. A remote attacker could exploit this vulnerability by send a malformed jpeg file to the service and cause arbitrary code execution or denial of service...

Buffer Overflow

There is a heap-based buffer over-read in the ncfindentry function in tinfo/comphash.c in the terminfo library in ncurses before 6.1-20191012...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

Session Fixation

jupyterhub is vulnerable to session fixation. The vulnerability exists due to the incomplete logout in the single-user server. An attacker is able to reinstate another user's session if another active session is open...

Denial Of Service (DoS)

rust:edge is vulnerable to denial of service. The vulnerability exists as it permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters causing an...

Denial Of Service (DoS)

virtualbox:sid is vulnerable to denial of service. High privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes can compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox. Successful attacks of this vulnerability can result in...

Denial Of Service (DoS)

MySQL is vulnerable to denial of service. An attacker is able to exploit the vulnerability by accessing the network and crashing the system...

Denial Of Service (DoS)

MySQL is vulnerable to denial of service. An attacker is able to exploit the vulnerability by accessing the network and crashing the system...

Remote Code Execution (RCE)

Redis is vulnerable to remote code execution. The vulnerability exists due to an integer overflow bug which can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution...

Information Disclosure

github.com/docker/cli is vulnerable to information disclosure. The vulnerability exists due to a misconfigured configuration file which when listing a credsStore or credHelpers that could not be executed would list credentials being sent to registry-1.docker.io rather than the intended private...

Insecure Login

rh-sso7-keycloak is using insecure login. The vulnerability exists because it allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

Denial Of Service (DoS)

chromium:edge is vulnerable to denial of service.Inappropriate implementation in DevTools in Google Chrome allowed a remote attacker who had convinced the user to use Chrome headless with remote debugging to execute arbitrary code via a crafted HTML page...

Denial Of Service (DoS)

linux-oracle:focal is vulnerable denial of service...

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. An attacker can manipulate the processed input stream and replace or inject objects, that result in execution of arbitrary code loaded from a remote server...

Cross-Site Scripting (XSS)

ckeditor is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the paste functionality...

Remote Code Execution (RCE)

chakracore is vulnerable to remote code execution. The vulnerability exists due to the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825,...

Cross-site Scripting(XSS)

videojs is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious script via rc attribute of track tag...

Denial Of Service (DoS)

openexr is vulnerable to denial of service. A NULL pointer dereference in Imf25::Header::operator allows an attacker to crash the application via a malicious multi-part input file...

Denial Of Service (DoS)

commons-compress is vulnerable to denial of service. Lack of proper handling of memory while compressing tar package causes an out of memory error even for very small inputs...

Denial Of Service (DoS)

libcurl.so is vulnerable to denial of service. A buffer overrun in the SASL authentication code allows an attacker to crash the application...

Remote Code Execution

studio-42/elfinder is vulnerable to remote code execution. An attacker is able to execute arbitrary code and commands on the server hosting the elFinder PHP connector even with the minimal configuration...

Information Disclosure

libslirp is vulnerable to information disclosure. The flaw exists in the udp6input function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest...

Information Disclosure

libslirp is vulnerable to information disclosure. The vulnerability exists due to an invalid pointer initialization...

Remote Code Execution

isync is vulnerable to remote code execution. An unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This behavior can be exploited to execute arbitrary code on...

Information Disclosure

Jenkins Config File Provider Plugin is vulnerable to information disclosure. It does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs. A flaw was found in the config-file-provider Jenkins plugin. The plugin does no...

Denial Of Service (DoS)

ffmpeg is vulnerable to denial of service. The vulnerability exists due to a heap-based buffer overflow in libavfilter/vfyadif.c...

Denial Of Service (DoS)

linux is vulnerable to denial of service. In intelpmudrainpebsnhm in arch/x86/events/intel/ds.c in the Linux kernel on some Haswell CPUs, userspace applications such as perf-fuzzer can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6...

Denial Of Service (DoS)

urllib3 is vulnerable to denial of service. An attacker is able to send a URL containing many @ characters in the authority component as a parameter or redirected to via an HTTP redirect, causing catastrophic backtracking and a denial of service...

Information Disclosure

libgcrypt20:sid is vulnerable to information disclosure. It is due to a flaw in ElGamal encryption implementation...

Insufficient Policy Enforcement

chromium:edge has an insufficient policy enforcement in Content Security Policy...

Arbitrary Code Execution

python3 is vulnerable to arbitrary code execution. IP address octets are left stripped instead of evaluated as valid IP addresses due to improper input validation of octal strings in the stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks o...

Denial Of Service (DoS)

linux-oracle:focal is vulnerable to denial of service. An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvmmain.c has a kvmiobusunregisterdev memory leak upon a kmalloc failure, aka CID-f65886606c2d...

Man-in-the-middle (MITM)

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists when fusedogetattr calls makebadinode in inappropriate situations, causing a system crash...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A NULL pointer dererence in ov511modeinitregs and ov518modeinitregs when there are zero endpoints allows an attacker with the ability to induce the error conditions to crash the system...

Denial Of Service (DoS)

unbound is vulnerable to denial of service. There is no available reproducer or proof of concept for this issue, nor it was ever proven the infinite loop can be triggered in practice...