Denial Of Service (DoS)

squid is vulnerable to denial of service DoS. The vulnerability exists through an improper input validation, affecting all clients using the proxy...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service. It is due to a NULL pointer dereference when post-validating mix content parsed in recovery mode...

Directory Traversal

tcmu-runner is vulnerable to directory traversal. A remote attacker is able to read or write files to an arbitrary location on the file system in an XCOPY request...

Arbitrary Code Execution

exim4 is vulnerable to arbitrary code execution . Line truncation and injection in spoolreadheader could potentially allow an attacker to execute arbitrary code on the host OS...

Denial Of Service (DoS)

chromium:sid is vulnerable to denial of service. Insufficient data validation allows a remote attacker to potentially exploit heap corruption via a malicious HTML page...

Remote Code Execution (RCE)

salt is vulnerable to remote code execution. The vulnerability exists due to local privilege escalation where the master calls the snapper.diff function which executes popen unsafely when an attacker creates a file that is backed up by snapper...

Denial Of Service (DoS)

gdk-pixbuf is vulnerable to denial of service. The vulnerability exists due to an infinite lop inlzw.c in the function writeindexes...

Authorization Bypass

ceph:edge is vulnerable to authorization bypass. ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks...

Integer Overflow

openldap:edge is vulnerable to integer overflow. An integer underflow can causes a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service...

Privilege Escalation

openssl is vulnerable to privilege escalation. The vulnerability exists due to an error in the implementation of a check to disallow certificates in certificate chains...

OS Command Injection

react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of childprocess.execFileSync in the function getProcessIdOnPort...

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists through PDFium in the process memory, when processing a PDF file...

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists through the lack of data validation in the Reader Mode that allows cross-origin data to be leaked...

Denial Of Service (DoS)

libconvert-asn1-perl is vulnerable to denial of service. A remote attacker is able to cause an infinite loop processing via a malicious input which leads to an application crash...

Arbitrary Code Execution

grub2 is vulnerable to arbitrary code execution...

Insecure URL Validation

url-parse performs Insecure URL Validation. The vulnerability exists as the unsanitized value of address in index.js could be used to bypass validation checks when used in the browser...

Remote Code Execution (RCE)

Smarty is vulnerable to remote code execution. The library does not properly handle the illegal function names in function name='blah'/function, allowing a malicious user to inject and execute arbitrary commands...

Remote Code Execution (RCE)

chromium is vulnerabile to remote code execution. The vulnerability exists due to a Heap buffer overflow in Tab Strip...

Information Disclosure

libslirp is vulnerable to information disclosure. A buffer over-read in slirp.c allows reading of a certain amount of header data pass the total packet length...

Authorization Bypass

openssl is vulnerable to authorization bypass. The vulnerability exists when a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability exists in net/wireless/nl80211.c as it does not check the length of variable elements in a beacon head, leading to a buffer overflow...

Arbitrary Code Execution

dnsmasq is vulnerable to arbitrary code execution. A heap-based buffer overflow in rfc1035.c:extractname due to the lack of length checks, which could be abused occurs when DNSSEC is enabled and before the receiving DNS entries are validated. A remote attacker who can create valid DNS replies is...

Information Disclosure

dnsmasq is vulnerable to information disclosure. The vulnerability exists because when getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to...

Directory Traversal

archivetar is vulnerable to directory traversal. The vulnerability exists due to the lack of sanitization of symbolic links to out-of-path filenames, allowing an attacker to inject ../ characters in a file or folder name to perform symlink attacks...

Information Disclosure

dovecot is vulnerable to information disclosure. The vulnerability existed via attacker-controlled parameters, leading to access to other users' email messages...

Arbitrary Code Execution

jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the lack of sanitization of the org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource class through deserialization...

Arbitrary Code Execution

jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the lack of sanitization of the "org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource class through deserialization...

Integer Overflow

OpenJPEG is vulnerable to interger overflow. An attacker may send a malicious bmp file causing an integer overflow in the opjt1encodecblks function openjp2/t1.c causing a denial of service...

Denial Of Service (DoS)

Xen is vulnerable to denial of service. A malicious guest administrator is able to cause management tools and debugging operations to fail by creating paths in its own namespace that are too long...

Integer Overflow

open-iscsi:sid is vulnerable to integer overflow. The vulnerability exist in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...

Information Disclosure

chromium is vulnerable to information disclosure. An out of bounds read flaw was found in the networking component of the Chromium browser...

Denial Of Service(DoS)

chromium, sid is vulnerable to Denial of ServiceDoS. Inappropriate implementation in V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Denial Of Service (DoS)

crypto/ssh in github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability is possible because of a nil pointer dereference in the component which allows a remote attacker to cause a denial of service against SSH servers...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as internal network hosts, and services running on the user's local machine, could have been probed by a malicious webpage...

Memory Leaks

firefox is vulnerable to memory leaks. When a BigInt was right-shifted, the backing store was not properly cleared, allowing uninitialized memory to be read...

Remote Code Execution (RCE)

MiniDLNA is vulnerable to remote code execution. An attacker is able to send a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...

Remote Code Execution (RCE)

openjfx is vulnerable to remote code execution RCE. The vulnerability exists due to the lack of proper validation of user-supplied data in HTML rendering in JavaFX which could result in a write past the end of an allocated data structure, allowing a malicious user to execute code in the context o...

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists in GammaImage of /MagickCore/enhance.c, depending on the gamma value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick...

Null Pointer Dereference

ImageMagick is vulnerable to NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c...

Denial Of Service (DoS)

libdbi-perl is vulnerable to denial of service. An untrusted pointer dereference allows a local attacker who is able to manipulate calls to dbddblogin6sv, cause a memory corruption and crash the application...

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service. A NULL pointer dereference in devices/gdevtsep.c allows a remote attacker to cause a denial of service via a malicious postscript file...

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DoS. The vulnerability exists due to the heap-buffer-overflow in the lprnisblack function in contrib/lips4/gdevlprn.c, allowing an attacker to crash the application via a crafted PDF file...

Arbitrary Code Execution

openexr is vulnerable to arbitrary code execution. An invalid write of size 2 in the = operator function in half.h could allow an attacker to crash the application or execute arbitrary code on the host OS...

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists through heap buffer overflow in sdhcisdmatransfermultiblocks in hw/sd/sdhci.c which allows an attacker to cause an application crash...

Man-in-the-Middle (MitM)

mutt is vulnerable to man-in-the-middle MitM. The vulnerability exists as the connection would not properly close, and would keep retrying, when the $sslforcetls was processed if an IMAP server's initial server response was invalid...

Use-After-Free

QEMU 5.0.0 has a use-after-free. The vulnerability exists in hw/usb/hcd-xhci.c because the usbpacketmap return value is not checked which allows an attacker to cause an application crash...

Privilege Escalation

xorg-server is vulnerable to privilege escalation. A flaw was in the X.Org Server results in an heap-buffer overflow in XkbSetDeviceInfo and may lead to a privilege escalation vulnerability...

Regular Expression Denial Of Service (ReDoS)

Handlebars is vulnerable to Regular Expression Denial of Service. The attacker is able to force the parser into an endless loop through maliciously crafted templates...

Remote Code Execution (RCE)

drupal/core-recommended is vulnerable to Remote Code Execution. The attacker is able to inject malicious code through unsanitized filename on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosti...

Information Disclosure

hw is vulnerable to Information Disclosure. A flaw in Intel SGX via RAPL interface allows a local attacker to leak information...