Denial Of Service (DoS)

firefox and thunderbird are vulnerable to Denial of Service DoS attacks. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is invalid, Firefox could corrupt memory and crash which could lead to a denial-of-service attack...

Denial Of Service (DoS)

firefox is vulnerable to Denial Of Service DoS. The vulnerability exists due to the out of bound memory in the library, allowing an attacker to cause an application crash by providing a maliciously crafted favicon...

Information Disclosure

firefox is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to gain access to script base URLs due to dynamic import, resulting in disclosure of sensitive information...

Authorization Bypass

firefox is vulnerable to Authorization Bypasses. A flaw was found in the way that documents loaded principal objects. This flaw could have allowed a malicious user to load a document with a higher privilege level than they should have been allowed...

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape user inputs before it output to the front end when creating new abuse reports, allowing an attacker to inject and execute malicious javascript on victim's browser...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs when GitLab parses a specially crafted GitLab commit message that contains malicious JavaScript code. If the commit message is valid, GitLab will execute the malicious JavaScript code in the context of the user's browser...

Arbitrary Code Execution

firefox is vulnerable to Arbitrary Code Execution. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is invalid, Firefox could free memory that is still in use which could lead to a crash or arbitrary code execution...

Memory Corruption

firefox is vulnerable to Memory Corruption. The vulnerability is due to improper memory management, which can result in memory corruption. A skilled attacker could exploit this flaw to run arbitrary code...

Authorization Bypass

firefox and thunderbird are vulnerable to Authorization Bypasses. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is invalid, Firefox could misinterpret the data in the program and cause a type confusion error, which could lead to bypass...

Code Injection

Firefox is vulnerable to Code Injection. The vulnerability exists due to the type checking bug in the library, which allows an attacker to inject execute malicious code...

Memory Corruption

firefox is vulnerable to Memory Corruption. The vulnerability is due to uninitialised data in the file read limit which is passed to the FileReader::DoReadData method, resulting memory corruption...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because a user with the role of developer could use the import project feature to leak CI/CD variables...

Spoofing Attack

gitlab is vulnerable to Spoofing Attack. An attacker can spoof the protected tags, which could potentially lead a victim to download malicious code...

Denial Of Service (DoS)

Radare2 is vulnerable to Denial Of Service DoS. The vulnerability exists due to the division by zero in the Mach-O parser's rebasebuffer function, which allows an attacker cause an application crash by providing a maliciously crafted input...

Denial Of Service (DoS)

Radare2 is vulnerable to Denial Of Service DoS. The vulnerability exists due to the use after free in the pyc parser's getnoneobject function, which allows an attacker to read freed memory and cause application to crash...

Information Disclosure

odoo is vulnerable to Information Disclosure. The vulnerability allows authenticated administrators to read local files on the server, including sensitive configuration files...

NULL Pointer Dereference

libapache2-mod-auth-openidc is vulnerable NULL Pointer Dereference. This occurs when OIDCStripCookies is set and a creafted cookie is supplied resulting in a segmentation fault, causing to denial of service conditions...

Denial Of Service (DoS)

Magick is vulnerable to Denial of Service DoS attacks. Applications using the DHcheck, DHcheckex, or EVPPKEYparamcheck methods to check a DH key or DH parameters may encounter lengthy delays. If the key or parameters being verified have come from an unreliable source, this might result in a Denia...

OS Command Injection

emacs is vulnerable to OS Command Injection. The vulnerability allows a malicious attacker to execute arbitrary commands through a file or directory name which contains shell metacharacters...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs when a user sends a request to update their email address using an unverified email address. If the request is valid, GitLab could be tricked into updating the user's email address to the unverified email address. This coul...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability occurs when a user logs in to GitLab and then leaves the session open. If the attacker can then obtain the user's session token, they can use it to impersonate the user and access their account...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the WebRTC, which allows an attacker to cause heap corruption via a maliciously crafted HTML page...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the WebRTC, which allows an attacker to cause heap corruption via a maliciously crafted HTML page...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in WebApp Installs, which allows an attacker to spoof the contents of the Omnibox URL bar via a maliciously crafted HTML page...

Denial Of Service (DoS)

chromium is vulnerable to Denial Of Service DoS. The vulnerability exists due to the out of bounds memory access in the Mojo, which allows an attacker to cause heap corruption via a maliciously crafted HTML page through the renderer process...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Tab Groups, which allows an attacker to engage in specific UI interactions causing heap corruptions via a maliciously crafted HTML page...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in Notifications of the library, which allows an attacker to spoof the contents of media notifications via a maliciously crafted HTML page...

Information Disclosure

chromium is vulnerable to Information Disclosure. This vulnerability occurs when Chrome parses a specially crafted HTML page that contains a Custom Tabs link. If the page is valid, Chrome could be tricked into opening the link in a non-default Custom Tab which could allow the attacker to track th...

Authorization Bypass

chromium is vulnerable to Authorization Bypasses. This vulnerability occurs when Chrome parses a specially crafted HTML page that contains a Web API permission prompt. If the page is valid, Chrome could be tricked into displaying the prompt in an unexpected way. This could allow the attacker to...

Authorization Bypass

chromium is vulnerable to Authorization Bypasses. This vulnerability occurs when Chrome parses a specially crafted HTML page that contains a Picture In Picture PIP element. If the page is valid, Chrome could be tricked into displaying the PIP element in an unexpected way...

Arbitrary Code Execution

chromium is vulnerable to Arbitrary Code Execution. The vulnerability occurs when chrome parses a specially crafted WebGL program. If the program is valid, chrome could free memory that is still in use which could lead to a crash or arbitrary code execution...

Authorization Bypass

chromium is vulnerable to Authorization Bypasses. This vulnerability occurs when chrome parses a specially crafted HTML page that contains an Autofill form. If the page is valid, chrome could obfuscate security UI elements, such as the "Don't save this password" checkbox. This could make it easie...

Denial Of Service (DoS)

xen is vulnerable to Denial of Service DoS attacks. A denial of service is possible due to a deadlock on Cortex-A77 processors. By performing load or non-cacheable memory, a local attacker is able to utilize this vulnerability to lock up the system...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs when GitLab pulls a tag or a release containing a ref to another commit. If the commit is valid, GitLab could be tricked into overwriting the original commit with the malicious commit which could allow the attacker to gain...

Authorization Bypass

chromium is vulnerable to Authorization Bypasses. This vulnerability occurs when Chrome parses a specially crafted Themes file. If the file is valid, Chrome could be tricked into loading malicious code which could allow the attacker to take control of the victim's browser...

Denial Of Service (DoS)

imagemagick is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when ImageMagick parses a specially crafted image file. If the file is valid, ImageMagick could be tricked into overwriting memory in a heap buffer which could lead to a crash...

Denial Of Service (DoS)

redis is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when a replica sends a specially crafted message to the master. If the message is valid, the master could be tricked into entering an infinite loop. This could prevent the master from serving requests from other...

Use After Free

firefox is vulnerable to Use After Free. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is valid, Firefox could free memory that is still in use. This could lead to a crash or arbitrary code execution...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when an attacker can send a large number of requests to read commit details. This could cause GitLab to run out of resources, such as memory or CPU, and could lead to a denial of service...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs when a user with write access to an issue can remove another user from the issue. This could allow the attacker to take control of the application...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs when a malicious project maintainer can create a Project Access Token with Owner level privileges which could allow the attacker to take control of the project...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This allows an admin to leak passwords through a repository mirror configuration...

Out-of-bounds Read

wireshark is vulnerable to Out-of-bounds Read. This occurs due to a dissector crash within wireshark which could lead to a denial of service...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. The vulnerability exists in the Kafka dissector, which allows an attacker to cause an application crash through the packet injection or crafted capture file...

Out Of Bounds Read And Write

chromium is vulnerable to Out Of Bounds Read And Write. A remote attacker is able to potentially exploit heap corruption via a crafted HTML page...

Stack-Based Buffer Overflow

sngrep is vulnerable to Stack-Based Buffer Overflow. The vulnerability exists in the packetsetpayload function of /src/packet.c where a stack-based buffer overflow could be triggered by a local attacker...

Heap-Based Buffer Overflow

sngrep is vulnerable to Heap-Based Buffer Overflow. The vulnerability exists in the capturepacketreasmip function of /src/capture.c where a stack-based buffer overflow could be triggered by a local attacker...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. A malicious user is able to prevent access to job logs due to an unhandled exception in job log parsing, which causes the application to crash...

Open Redirect

gitlab is vulnerable to Open Redirect. An attacker is able to trick users into visiting a trustworthy URL and being redirected to arbitrary content...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage, resulting in an application crash...