Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists because the inappropriate implementation in the Picture In Picture of the library, allowing an attacker to spoof the contents of the Omnibox URL bar via a maliciously crafted HTML page through the renderer process...

Out Of Bounds Memory Access

chromium is vulnerable to Out-of-bound Memory Access. A remote attacker is able to potentially exploit heap corruption via a crafted HTML page, resulting in out of bounds memory access...

Out-of-Bounds Write

chromium is vulnerable to Out-of-Bounds Write. Out of bounds write in Swiftshader allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Authorization Bypass

chromium is vulnerable to Authorization Bypasses. Inappropriate implementation in downloads allows an attacker who convinces a user to install a malicious extension to bypass file access restrictions via a crafted HTML page...

Authorization Bypass

chromium is vulnerable to Authorization Bypasses. Inappropriate implementation in Extensions API allows an attacker who convinces a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension...

Privilege Escalation

chromium is vulnerable to Privilege Escalation. The vulnrability exists due to the insufficient data validation in Installer of the library, which allows an attacker to perform privilege escalation via malliciously crafted symbolic link...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An attacker can read environment names supposed to be restricted to project memebers only...

Denial Of Service (DoS)

wireshark is vulnerable to Denial of Service DoS attacks. Infinite loop in GDSDB allows a remote attacker to cause denial of service conditions via packet injection or crafted capture file...

Information Disclosure

gitlab is vulnerable to Information Disclosure. Non-project members are able to retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. The vulnerability exists through the BLF file parser in the library, allowing an attacker to cause an application crash via maliciously crafted file...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. The vulnerability exists through the NetScaler file parser in the library, allowing an attacker to cause an application crash via maliciously crafted file...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. The vulnerability exists through the Candump log parser in the library, allowing an attacker to cause an application crash via maliciously crafted file...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. The vulnerability exists through the VMS TCPIPtrace file parser in the library, allowing an attacker to cause an application crash via maliciously crafted file...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. The vulnerability exists through the BLF file parser in the library, allowing an attacker to cause an application crash via maliciously crafted file...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability may allow an authenticated user to unmask the Discord Webhook URL through viewing the raw API response...

Information Disclosure

gitlab is vulnerable to Information Disclosure. A malicious authenticated maintainer is able to leak the sentry token by changing the configured URL in the sentry error tracking settings page...

Bypassing Install Dialog

chromium is vulnerable to Bypassing Install Dialog. The vulnerability exists due to the inappropriate implementation in WebApp Installs of the library, which allows an attacker to convince a user to install a malicious web app to bypass the install dialog via a maliciously crafted HTML page...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Autofill UI in the library, which allows an attacker to cause heap corruption via a maliciously crafted HTML page...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the DevTools in the library, which allows an attacker to cause heap corruption via a maliciously crafted HTML page through the renderer process...

Type Confusion

chromium is vulnerable to Type Confusion. The vulnerability exists in the V8 in the library, which allows an attacker to cause heap corruption via a maliciously crafted HTML page through the renderer process...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Guest View in the library, which allows an attacker to convince a user to install a malicious extension to potentially exploit heap corruption via a maliciously crafted HTML page...

Authorization Bypass

gitlab is vulnerable to Authorization Bypass. An attacker may be able to map a private email of a GitLab user to their GitLab account on an instance...

Leakage Of Webhook Secret

gitlab is vulnerable to Leakage of Webhook Secret. An attacker can leak masked webhook secrets by changing target URL of the webhook...

Denial Of Service (DoS)

frr is vulnerable to Denial of Service DoS. The vulnerability exists due to an out-of-bounds read which allows an attacker to cause an application crash...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. An attacker can cause high resource consumption using malicious test report artifacts, leading to an application crash...

Open Redirect

gitlab is vulnerable to Open Redirect. The vulnerability exists due to the lack of URL validation in the library, which allows an attacker to redirect users to malicious URLs and frame arbitrary content on any page allowing user-controlled markdown...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the Google IAP details in Prometheus integration are not properly hidden, which leads to the leak of project settings, instance and group details to other users...

Integer Overflow

vim is vulnerable to Integer Overflow. The vulnerability exists in egtilde function at regexp.c due to a segmentation fault which allows an attacker to exhausts memory causing an overflow...

Denial Of Service (DoS)

vim is vulnerable to Denial of Service DoS. The vulnerability exists due to a NULL Pointer Dereference which allows an attacker to cause an application crash...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerable allows an attacker to modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to the explosure of authorization header which allows an attacker to gain access to read authorization headers...

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists in web terminal advertiseaddress which allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...

Type Confusion

gitlab is vulnerable to Type Confusion. The vulnerability allows an attacker to override an existing hash which leads into type confusion...

Authentication Bypass

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...

Denial Of Service (DoS)

kodi is vulnerable to Denial Of Service DoS. The vulnerability exists due to the divide by zero issue in the library, allowing an attacker to cause an application crash by providing a maliciously crafted mp3 file...

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in an attacker to use a specially crafted Kroki diagram to inject and execute arbitrary javascript...

Open Redirect

gitlab is vulnerable to Open Redirect vulnerability. The vulnerability allows an attacker to redirect the users to arbitrary protocols...

Arbitrary Code Execution

gitlab is vulnerable to Arbitrary Code Execution. The vulnerability allows an attacker inject and execute arbitrary codes to create repositories with malicious code with a specially crafted name...

Out-of-Bounds Read

nvidia-cuda-toolkit is vulnerable to Out-of-Bounds Read. The vulnerability exists in cuobjdump which allows an attacker to cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the UI of the library, allowing an attacker to perform arbitrary read/write via a maliciously crafted HTML page...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Base Internals of the library, allowing an attacker to perform arbitrary read/write via a maliciously crafted HTML page...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Accessibility of the library, which allows an attacker to convince a user to engage in specific UI gestures to perform arbitrary read/write via a maliciously crafted HTML page...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in Blink of the library, which allows an attacker to perform UI spoofing via a maliciously crafted HTML page...

Man-in-the-Middle (MitM)

chromium is vulnerable to Man-in-the-Middle MitM. The vulnerability exists due to the inappropriate implementation in Omnibox of the library, which allows an attacker in privileged network position to perform a man-in-the-middle attack via malicious network traffic...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the WebRTC of the library, which allows an attacker to perform a sandbox escape via a maliciously crafted HTML page through the renderer process...

Improper Input Validation

chromium is vulnerable to Improper Input Validation. The vulnerability exists due to the lack of user input validation in the QUIC of the library, allowing an attacker to perform header splitting via malicious network traffic...

Same-Origin Policy Bypass

chromium is vulnerable to Same-Origin Policy Bypass. The vulnerability exists due to the insufficient policy enforcement in Intents of the library, allowing an attacker to bypass same origin policy via a maliciously crafted HTML page...

Heap Buffer Overflow

chromium is vulnerable to Heap Buffer Overflow. The vulnerability exists in the Blink of the library, which allows an attacker to convince user to engage in specific UI gestures to potentially perform a sandbox escape via a maliciously crafted HTML page...

Incorrect Authorization

gitlab is vulnerable to Incorrect Authorization. The vulnerabiity allows an attacker to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to lack of cascading deletes in GitLab which allows a malicious attacker to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited...