Module
All modules
(1) unsquash-1.c (2) unsquash-2.c (3) unsquash-3.c and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a
A
A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and just like it when the reentrancy write triggers the reset function nvme_ctrl_reset() data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy providing zero-length input may cause undefined behavior. This flaw leads to a
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file resulting in a program crash or
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine it sets the security attribute to indicate that the category bitmap is present even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel resulting in a
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module which can lead to a
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host resulting in a
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a
A NULL pointer dereference in Busybox's hush applet leads to
A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls causing a kernel oops condition that results in a
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host resulting in a
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55 during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request causing a
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a
A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a
A cryptographic vulnerability exists in Node.js <19.2.0 <18.14.1 <16.19.1 <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a
A double free memory issue was found to occur in the libvirt API in versions before 6.8.0 responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon resulting in a
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element resulting in
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing resulting in
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing resulting in
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling resulting in
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation resulting in
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation resulting in
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing resulting in
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring resulting in
A flaw was found in Ceph relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW causing a
A flaw was found in KVM. When updating a guest's page table entry vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel resulting in a
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker who can create valid DNS replies could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name() which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq resulting in a
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker who can create valid DNS replies to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name() which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq resulting in a
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected leading to an infinite loop and resulting in a
A flaw was found in libXpm. When processing a file with width of 0 and a very large height some parser functions will be called repeatedly and can lead to an infinite loop resulting in a
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c a crafted TIFF file can lead to an abort resulting in
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs potentially causing a
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font since there are no checks in place a shift-out-of-bounds occurs leading to undefined behavior and possible
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown or otherwise rendered inaccessible until it is remounted leading to a
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a
A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size an out-of-bounds memory write can occur leading to memory corruption or a
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop causing a
A flaw was found in the Linux kernel's netdevsim device driver within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls causing a kernel oops condition that results in a
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local unprivileged user to crash the system causing a
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object potentially leading to a
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted resulting in a
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single large transfer request to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack resulting in a
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host possibly leading to
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n` causing the allocation of a massive string array possibly causing a
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string which allows a possible arbitrary length stack overflow. This issue may cause a
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host resulting in a
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw an attempt to use more buffer than is allocated triggers a BUG_ON issue leading to a
A flaw was found in the spice-vdagentd daemon where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon resulting in a
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop eventually resulting in a
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive
A flaw was found in tiffcrop a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c resulting in a denial of service and limited
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash potential
A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option leading to a crash and causing a
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application possibly resulting in a
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host resulting in a
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a
A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential
A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information causing a
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c which allows attackers to cause a
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a
A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a
A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero potentially leading to a
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp as used in the 7z.so library and in 7z applications will cause a crash and a
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15 before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a
A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem leading to
A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system resulting in a
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd possibly resulting in a
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host resulting in a
A remote
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi leading to a crash and causing a
A single-byte non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq potentially causing a
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host resulting in a
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application which leads to a possible memory leak or a
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c allowing an attacker to launch a local
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host resulting in a
A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a
A use-after-free in Busybox 1.35-x's awk applet leads to
A use-after-free in Busybox's awk applet leads to
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host resulting in a
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU resulting in a
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding leading to resource exhaustion and
A vulnerability in Node.js has been identified allowing for a
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in
A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw a user with a local privilege may cause a
A vulnerability was found in dnsmasq before version 2.81 where the memory leak allows remote attackers to cause a
A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw during device unbind will lead to double release problem leading to
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide potentially causing a
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction which allows an attacker with special user privilege to cause a
A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() causing a
ADFS MFA
AV1 Video Extension
Active Directory
Active Directory Certificate Services
Active Directory Certificate Services (AD CS)
Active Directory Domain Services
Active Directory Federation Services
Active Template Library
Addressable has a Regular Expression
Adobe Font Manager Library
Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation
Adobe Systems Incorporated: CVE-2024-41879 Adobe PDF Viewer
Adobe: CVE-2023-44323 Adobe PDF
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to
All versions of Node.js 8.x 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a
All versions of Samba from 4.0.0 onwards are vulnerable to a
An
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy() this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially
An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs resulting in a
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing unintended information or
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host resulting in a
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process resulting in a
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory resulting in a
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message resulting in a
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing resulting in
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing resulting in
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a
An issue in Wireshark before 4.2.0 allows a remote attacker to cause a
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a
An issue in pytorch v2.7.0 can lead to a
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote
An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault associated with a NULL pointer dereference leading to a
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder such that a crafted unreasonably long name being presented to the decoder could lead to a CPU
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a
An issue was discovered in RDoc 6.3.3 through 6.6.2 as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file object injection and resultant
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c which will lead to a
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c which will lead to a
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error leading to a buffer overflow and
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A
An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a
An issue was discovered in ostree before 2022.7 allows attackers to cause a
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1 causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan() leading to a
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0 results in a write out of bound which allows an attacker to execute arbitrary code
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU resulting in a
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport respectively if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state potentially allowing a local user to gain privileged access or cause a
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process resulting in a
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in do_token_out routines. This flaw allows a guest user to crash the QEMU process resulting in a
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl leading to a
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically the backtrace function did not properly check the array bounds when storing the frame address resulting in a
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host resulting in a
Apache Ant TAR archive
Apache Ant ZIP and ZIP based archive
Apache Commons Compress
Apache Commons IO: Possible
Apache HTTP Server: mod_proxy_http2
Apache HTTP Server: mod_rewrite
Apache Log4j
Application Information Service
Application Inspector
Application Virtualization
Applocker Filter Driver (applockerfltr.sys)
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held resulting in a small race window which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to
Base3D
Bond
Bot Framework SDK
Bowser.sys
Broadcast DVR
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a
Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a
Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a
Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a
Buffer overflow in libpng allows remote attackers to cause a
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a
Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19 which allows attackers to conduct a
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a
Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool FILE *fp const char *testcase Queue *job char **resultp int *resultflagsp function at src/testcase.c: line 2334 which could cause a
CERT/CC: CVE-2023-1017 TPM2.0 Module Library
CERT/CC: CVE-2023-1018 TPM2.0 Module Library
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a
Capability Access Management Service (camsvc)
CivetWeb
Clam AntiVirus (ClamAV)
Clam AntiVirus (ClamAV) Email Parser
Clam AntiVirus (ClamAV) Excel XLM Parser
Clam AntiVirus (ClamAV) PDF Parser
ClamAV CHM File Parsing
ClamAV TIFF File Parsing
ClamAV Truncated File
Client Server Run-Time Subsystem (CSRSS)
Clipboard User Service
Clipboard Virtual Channel Extension
Cluster Client Failover (CCF)
Common Utilities
Component Object Model
Configuration Manager
Connected Devices Platform Service
Connected User Experiences and Telemetry
Connected User Experiences and Telemetry Service
CoreDNS DNS-over-QUIC unbounded goroutine growth leads to
CoreDNS Loop Detection
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows
Credential Security Support Provider Protocol (CredSSP)
Custom Question Answering
Customer Experience Improvement Program (CEIP)
DCOM Remote Cross-Session Activation
DHCP Client Service
DHCP Server Service
Data Deduplication
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in
Denial of Service (DoS)
Denial of Service by publishing large messages over the HTTP API
Denial of Service of protobuf-java parsing procedure
Desktop Window Manager
Desktop Windows Manager
Diagnostic Hub Standard Collector
Diagnostics Hub Standard Collector
Diagnostics Hub Standard Collector Service
DirectWrite
DirectX
DirectX Graphics Kernel
DirectX Graphics Kernel File
DiskUsage.exe
Document Intelligence Studio On-Prem
Dynamic Root of Trust for Measurement (DRTM)
Dynamics Business Central
Dynamics OmniChannel SDK Storage Containers
Elasticsearch versions before 7.10.0 and 6.8.14 have an
Etcd v3.5.4 allows remote attackers to cause a
Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a
Event Tracing for Windows
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows
Exiv2
Exiv2::Internal::resolveLens0xffff
Expr has
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a
FSLogix
FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a
Flannel vulnerable to cross-node
Fluentd vulnerable to
Flux2 Helm Controller
FreeRADIUS RADIUS server allows remote attackers to cause a
GDI
GDI+
GJSON before 1.9.3 allows a ReDoS (regular expression
GNOME VTE before 0.76.3 allows an attacker to cause a
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to
GNU Bison before 3.5.4 allows attackers to cause a
GNU elfutils eu-strip elf_strptr.c elf_strptr
GNU elfutils eu-strip strip.c gelf_getsymshndx
GNU libmicrohttpd before 0.9.76 allows remote DoS (
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a
Gdk-pixbuf: gdk-pixbuf
Git clone
Gnutls: gnutls
Go JOSE's Parsing Vulnerable to
Go before 1.14.12 and 1.15.x before 1.15.4 allows
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and
Graphics Kernel
Group Policy
Group Policy Services Policy Processing
HAProxy 2.9.x before 2.9.10 3.0.x before 3.0.4 and 3.1.x through 3.1-dev6 allows a remote
HAProxy mjson library
HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read resulting in
HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode resulting in the corruption of the instruction pointer and causing
HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32 resulting in the corruption of the instruction pointer and causing
HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset resulting in the corruption of the instruction pointer and causing
HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table resulting in the corruption of the instruction pointer and causing
HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize resulting in the corruption of the instruction pointer and causing
HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read resulting in the corruption of the instruction pointer and causing
HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find resulting in the corruption of the instruction pointer and causing
HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc resulting in the corruption of the instruction pointer and causing
HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap resulting in the corruption of the instruction pointer and causing
HEIF Image Extensions
HEVC Video Extensions
HID Class Driver
HTTP Protocol Stack
HTTP V3
HTTP.sys
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a
Heap-based buffer overflow in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a
Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a
Helm
Helm contains
Helm vulnerable to
Host Process for Windows Tasks
Hybrid Worker Extension (Arc‑enabled Windows VMs)
Hyper-V
Hyper-V RemoteFX vGPU
IP Helper
Image::printIFDStructure
Improper i/o watch removal in tls handshake can lead to remote unauthenticated
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10 the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata leading to a
In Jasper 4.2.2 the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability allowing attackers to cause a
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2 an input file can result in an infinite loop and hang with high CPU consumption. Remote attackers could leverage this vulnerability to cause a
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a
In LibTIFF there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort resulting in a remote
In LibTomCrypt through 1.18.2 the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a
In NTFS-3G versions < 2021.8.22 when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value a heap buffer overflow can occur allowing for memory disclosure or
In NTFS-3G versions < 2021.8.22 when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure
In NTFS-3G versions < 2021.8.22 when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i a heap buffer overflow can occur and allow for writing to arbitrary memory or
In Node.js including 6.x before 6.17.0 8.x before 8.15.1 10.x before 10.15.2 and 11.x before 11.10.1 an attacker can cause a
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet resulting in a
In QEMU through 5.0.0 an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host resulting in a
In QEMU through 5.0.0 an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host resulting in a
In Qt through 5.14.1 the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a
In Shadow 4.13 it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g. adding a new user fails because \n is in the block list) it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words an adversary may be able to convince a system administrator to take the system offline (an indirect social-engineered
In TagLib 1.11.1 the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability which allows remote attackers to cause a
In fuse before versions 2.9.8 and 3.x before 3.2.5 fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system accessible by other users and trick them into accessing files on that file system possibly causing
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a
In pygments 1.1+ fixed in 2.7.4 the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input an attacker can cause a
In the CGI gem before 0.4.2 for Ruby, a Regular Expression
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential
In the Linux kernel before 6.1.6 a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a
In the Linux kernel through 5.15.2 mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a
In uClibc and uClibc-ng before 1.0.39 incorrect handling of special characters in domain names returned by DNS servers via gethostbyname getaddrinfo gethostbyaddr and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to
Inbox COM Objects (Global Memory)
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows
Info-ZIP UnZip 6.0 allows remote attackers to cause a
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container leading to
Info-ZIP Zip 3.0 when the -T and -TT command-line options are used allows attackers to cause a
Input Method Editor (IME)
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to cause a
Integer Overflow in several Redis commands can lead to
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 allows attackers to cause a
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 allows attackers to execute arbitrary code and cause a
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a
Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a
Internet Connection Sharing (ICS)
Internet Connection Sharing Service
Internet Control Message Protocol (ICMP)
Internet Explorer
Internet Information Services (IIS) Inbox COM Objects (Global Memory)
Internet Information Services Dynamic Compression Module
Internet Shortcut Files
Internet Small Computer Systems Interface (iSCSI)
Iperf3: possible
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include
JUnit4
Jet Database Engine
JetBrains ToolBox before version 1.18 is vulnerable to
JetBrains ToolBox before version 1.18 is vulnerable to a
JpegBase::printStructure (#1)
JpegBase::printStructure (#2)
Keras via Excessive Memory Allocation in HDF5 Metadata
Kernel
Kernel Streaming Service Driver
Kernel Streaming WOW Thunk Service Driver
Kernel: cifs filesystem decryption improper input validation
Kernel: deadlock leading to
Kernel: icmpv6 router advertisement packets aka linux tcp/ip
Kernel: ksmbd: smb2_open out-of-bounds read
Kernel: vmwgfx: race condition leading to
LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap
LNK
LZ4 through 1.10.0 allows attackers to cause a
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0 1.10.3 17.03.0 17.03.1 17.03.2 17.06.0 17.06.1 17.06.2 17.09.0 and earlier allows a remote attacker to cause a
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows
Large loop in the Kafka dissector in Wireshark 3.6.0 allows
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow
Layer 2 Tunneling Protocol
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes which might allow a remote attacker to cause a
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a
Libarchive
Libarchive: infinite loop
Libarchive: libarchive
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or
Libsoup
Libsoup: integer underflow in soup_multipart_new_from_message() leading to
Libsoup: libsoup
Libsoup: null pointer dereference in libsoup may lead to
Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap
Libtiff: libtiff: arbitrary code execution or
Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to
Libvirt
Libvirt: improper locking in virstoragepoolobjlistsearch may lead to
Libxml2: libxml2
Libxml: heap use after free (uaf) leads to
Libxml: null pointer dereference leads to
Libxml: type confusion leads to
Lightweight Directory Access Protocol (LDAP) Client
Linux Kernel could allow a local attacker to execute arbitrary code on the system caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program an attacker could exploit this vulnerability to execute arbitrary code or cause a
Local Security Authority Subsystem Service
Local Security Authority Subsystem Service (LSASS)
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to
MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver
MS-EVEN RPC
MSHTML Engine
Mailslot File System
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to
MariaDB Server before 10.7 is vulnerable to
MariaDB mariadb-dump Utility Directory Traversal
Media Foundation
MediaWiki PandocUpload Extension
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a
Microsoft (MAU) Office
Microsoft 4K Wireless Display Adapter
Microsoft ACI Confidential Containers
Microsoft ATA Port Driver
Microsoft Account
Microsoft ActiveX
Microsoft ActiveX Data Objects
Microsoft AllJoyn API
Microsoft Authenticator
Microsoft Bing
Microsoft Bing Images
Microsoft Brokering File System
Microsoft Browser
Microsoft Business Central
Microsoft COM for Windows
Microsoft Cluster Port Driver
Microsoft Color Management
Microsoft Common Data Model SDK
Microsoft Common Log File System
Microsoft Configuration Manager
Microsoft Cryptographic Services
Microsoft DTV-DVD Video Decoder
Microsoft DWM Core Library
Microsoft Data Formulator
Microsoft Devices Pricing Program
Microsoft Diagnostics Hub Standard Collector Runtime
Microsoft Digest Authentication
Microsoft DirectMusic
Microsoft Dynamics
Microsoft Dynamics Business Central
Microsoft Dynamics Business Central/NAV
Microsoft Dynamics CRM (on-premises)
Microsoft Dynamics Unified Service Desk
Microsoft Endpoint Configuration Manager
Microsoft Enhanced Cryptographic Provider
Microsoft Entra ID
Microsoft Entra Jira Single-Sign-On Plugin
Microsoft Event Trace Log File Parsing
Microsoft Failover Cluster
Microsoft Failover Cluster Virtual Driver
Microsoft File Server Shadow Copy Agent Service (RVSS)
Microsoft Graphics
Microsoft Graphics Component
Microsoft Graphics Components
Microsoft High Performance Compute (HPC) Pack
Microsoft Host Integration Server 2020
Microsoft Identity
Microsoft Identity Linux Broker
Microsoft Install Service
Microsoft Internet Messaging API
Microsoft Intune Linux Agent
Microsoft Intune Management Extension
Microsoft Jet Red Database Engine and Access Connectivity Engine
Microsoft Local Security Authority (LSA) Server
Microsoft Local Security Authority Subsystem Service
Microsoft MPEG-2 Video Extension
Microsoft MSHTML
Microsoft Management Console
Microsoft Message Queuing
Microsoft Message Queuing (MSMQ)
Microsoft ODBC Driver
Microsoft ODBC and OLE DB
Microsoft OneNote
Microsoft Online Certificate Status Protocol (OCSP)
Microsoft PC Manager
Microsoft PLUGScheduler Scheduled Task
Microsoft Partner Center
Microsoft Photos App
Microsoft PostScript Printer Driver
Microsoft PostScript and PCL6 Class Printer Driver
Microsoft Power Apps
Microsoft Power BI
Microsoft Power BI Client JavaScript SDK
Microsoft Power Pages
Microsoft Printer Metadata Troubleshooter Tool
Microsoft Project
Microsoft Protected Extensible Authentication Protocol (PEAP)
Microsoft Publisher
Microsoft QUIC
Microsoft RMS Sharing App for Mac
Microsoft Raw Image Extension
Microsoft Remote Desktop App for Mac
Microsoft Remote Desktop app for Windows
Microsoft Remote Registry Service
Microsoft Resilient File System (ReFS)
Microsoft SQL
Microsoft SQL OLE DB
Microsoft SSO Plugin for Jira & Confluence
Microsoft Script Runtime
Microsoft Simple Certificate Enrollment Protocol
Microsoft Speech Application Programming Interface (SAPI)
Microsoft Store Runtime
Microsoft Streaming Service
Microsoft Streaming Service Proxy
Microsoft System Center
Microsoft Team Events Portal
Microsoft Teams
Microsoft Teams iOS
Microsoft USBHUB 3.0 Device Driver
Microsoft Update Catalog
Microsoft VOLSNAP.SYS
Microsoft Virtual Hard Disk
Microsoft Virtual Hard Disk (VHDX)
Microsoft Virtual Machine Bus (VMBus)
Microsoft Virtual Trusted Platform Module
Microsoft WDAC ODBC Driver
Microsoft WS-Discovery
Microsoft Windows
Microsoft Windows Admin Center
Microsoft Windows Codecs Library
Microsoft Windows Cross Device Service
Microsoft Windows Folder Redirection
Microsoft Windows Hardware Lab Kit (HLK)
Microsoft Windows Infrared Data Association (IrDA)
Microsoft Windows Media Foundation
Microsoft Windows Performance Data Helper Library
Microsoft Windows QoS Scheduler Driver
Microsoft Windows SCSI Class System File
Microsoft Windows Server Backup
Microsoft Windows Storage Port Driver
Microsoft Windows Support Diagnostic Tool (MSDT)
Microsoft Windows System Monitor (Sysmon)
Microsoft Windows Transport Layer Security
Microsoft Windows Update
Microsoft Windows Update Client
Microsoft Windows VMSwitch
Microsoft Wireless Provisioning System
Microsoft Xbox
Microsoft splwow64
Microsoft.SqlServer.XEvent.Configuration.dll
Mistune ReDoS in LINK_TITLE_RE allows
Multimedia Class Scheduler Service (MMCSS) Driver
Multiple UNC Provider Kernel Driver
Multiple buffer overflows in libpng allow remote attackers to cause a
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a
Multiple buffer overflows in the printf functionality in SQLite as used in Apple iOS before 8.4 and OS X before 10.10.4 allow remote attackers to execute arbitrary code or cause a
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash potential
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication obtain sensitive information or cause a
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a
Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile allows an attacker to cause
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9 as used in mysqld in MySQL 5.0.x before 5.0.90 MySQL 5.1.x before 5.1.43 MySQL 5.5.x through 5.5.0-m2 and other products allow remote attackers to execute arbitrary code or cause a
NT OS Kernel
NTFS
NTFS Set Short Name
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering
Named Pipe File System
Nano: nano: format string vulnerability leads to
Nbd: nbdkit: integer overflow triggers an assertion resulting in
Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a
NetBT
Netlogon
Netlogon RPC
Network Connection Status Indicator (NCSI)
Network Policy Server (NPS) RADIUS Protocol
Network Watcher Agent Virtual Machine Extension for Linux
Node.js before 16.4.1 14.17.2 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe with the latter holding a pointer to the end of the buffer. This can lead to
Node.js before 16.6.0 14.17.4 and 12.22.4 is vulnerable to
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a
Node.js: All versions prior to Node.js 6.15.0 8.14.0 10.14.0 and 11.3.0
Node.js: All versions prior to Node.js 6.15.0 8.14.0 10.14.0 and 11.3.0: Slowloris HTTP
NtQueryInformation Token function (ntifs.h)
Nuance PowerScribe 360
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to
OLE Automation
Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a
OmniParser
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator resulting in
OpenType Font Parsing
Openvswitch: open vswitch
Openwsman versions up to and including 2.6.9 are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable
PHP 7.x through 7.1.5 allows remote attackers to cause a
Package Catalog
Package Managers Configurations
Paint 3D
Payment Orchestrator Service
Performance Counters for Windows
PerformancePoint Services
Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause
Polkit: polkit
Possible
PostgreSQL SSL/GSS init causes
Potential
Power Automate
Power BI
PowerApps Desktop Client
PowerShell
PowerShell Direct
PrintHTML API
Projected Filesystem
Prometheus: remote read endpoint allows
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a
Provisioning Runtime
Push message Routing Service
PyTorch LossCTC.cpp torch.nn.functional.ctc_loss
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a
PyTorch nccl.py torch.cuda.nccl.reduce
PyTorch torch.mkldnn_max_pool2d
PyTorch: `torch.load` with `weights_only=True` leads to
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c which may lead to
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a
Qemu: vnc: infinite loop in inflate_buffer() leads to
Qt 5.12.2 through 5.14.2 as used in unofficial builds of Mumble 1.3.0 and other products mishandles OpenSSL's error queue which can cause a
Qt before 6.4.3 allows a
QuickTimeVideo::multipleEntriesDecoder in Exiv2
REXML
REXML contains a
RPC Endpoint Mapper Service
RPC Runtime Library
Raw Image Extension
Reachable assertion failure in function display_debug_names allows attackers to cause a
Redis Crash Report debug.c sigsegvHandler
Redis Enterprise
Redis Lua Use-After-Free may lead to
Redis string pattern matching can be abused to achieve
Redis' Lua library commands may lead to
Regular Expression
Regular expression
Reliability Analysis Metrics Calculation (RacTask)
Reliability Analysis Metrics Calculation Engine (RACEng)
Remote Access API
Remote Access Management service/API (RPC server)
Remote Access Point-to-Point Protocol (PPP) EAP-TLS
Remote Desktop Client
Remote Desktop Connection Manager
Remote Desktop Licensing Diagnoser
Remote Desktop Licensing Service
Remote Desktop Protocol
Remote Desktop Protocol Client
Remote Desktop Protocol Server
Remote Desktop Services
Remote Desktop Web Access
Remote Procedure Call
Remote Procedure Call Runtime
Remote Registry Service
Rich Text Edit Control
Roaming Security Rights Management Services
SCOM
SMB Client and Server
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism
SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY allows remote attackers to cause a
SQLite integer overflow in key info allocation may lead to
SQLite through 3.31.1 allows attackers to cause a
Scripting Engine
Security Center Broker
Server for NFS
Service Fabric
Session race condition
Shell infrastructure component
Software Protection Platform (SPP)
Some HTTP/2 implementations are vulnerable to a header leak potentially leading to a
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression
Squid
Squid has
Squid vulnerable to
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea
Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a
Storage Spaces Controller
Storage Spaces Direct
Storport.sys Driver
Storvsp.sys Driver
SymCrypt
System Center Operations Manager
System Center Operations Manager (SCOM)
TLS
TPM Device Driver
TPM Trustlet
Tablet Windows User Interface (TWINUI) Subsystem
Tablet Windows User Interface Application
Tablet Windows User Interface Application Core
Task Flow Data Engine
TensorFlow
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a
The Apache HTTP Server when accessed through a TCP connection with a large window size allows remote attackers to cause a
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a
The GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily e.g. leading to a
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers which allows remote attackers to cause a
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a
The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value which allows attackers to cause a
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a
The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a
The attack vector is a potential
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes which allows local users to obtain sensitive information from kernel memory cause a
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length which may result in a buffer overflow potentially resulting in a
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length which may result in a buffer overflow potentially resulting in a
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example this can be triggered by an unrelated self-signed CA certificate sent by an initiator.
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier when processing invalid input sequences in the ISO-2022-JP-3 encoding fails an assertion in the code path and aborts the program potentially resulting in a
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier when processing invalid multi-byte input sequences in IBM1364 IBM1371 IBM1388 IBM1390 and IBM1399 encodings fails to advance the input state which could lead to an infinite loop in applications resulting in a
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a
The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator but this is not done correctly.
The jose2go component before 1.6.0 for Go allows attackers to cause a
The jv_dump_term function in jq 1.5 allows remote attackers to cause a
The mac80211 subsystem in the Linux kernel before 5.12.13 when a device supporting only 5 GHz is used allows attackers to cause a
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a
The moment module before 2.19.3 for Node.js is prone to a regular expression
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller leading to a
The parse_dict_node function in bplist.c in libplist allows attackers to cause a
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host resulting in a
The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure which allows guest OS users to cause a
The plist_free_data function libplist allows attackers to cause a
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted crafted pattern potentially resulting in a
The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code which allows guest OS users to cause a
The xml-rs crate before 0.8.14 for Rust and Crab allows a
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a
There are two
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to could trigger a Regular Expression
Tile Data Repository
Tree connection race condition
Trusted Compute Base
USB Audio Class System Driver
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows
Unbounded name compression could lead to
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows
Uncontrolled search path in the QT Library before 5.14.0 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable
Undici vulnerable to Regular Expression
Unified Write Filter
Universal Plug and Play (upnp.dll)
Universal Print Management Service
Update Notification Manager
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a
Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a
User Profile Service
VBScript
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a
Vault May be Vulnerable to a
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site potentially leading to
Vim for Windows Uncontrolled Search Path Element
Virtual Machine IDE Drive
Visual Basic for Applications
Volume Shadow Copy
Vulnerability in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138 prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior 7.5.25 and prior 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 has a regular expression
Waitress has a
Web Account Manager
Web Deploy
Web Media Extensions
Web Threat Defense (WTD.sys)
WebP Image Extensions
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an
Win32 File Enumeration
Win32 Stream Enumeration
Win32k
WinDbg
WinINet API
Windows
Windows (modem.sys)
Windows - User Profile Service
Windows 10 Update Assistant
Windows 11 Telnet Client
Windows AF_UNIX Socket Provider
Windows ALPC
Windows ARM
Windows Accessibility Infrastructure (ATBroker.exe)
Windows Accounts Control
Windows Accounts Picture
Windows Active Directory
Windows Active Directory Certificate Services (AD CS)
Windows Active Directory Domain Services API
Windows Active Directory Federation Services (ADFS)
Windows ActiveX Installer Service
Windows Address Book
Windows Admin Center
Windows Administrator Protection
Windows Advanced Local Procedure Call (ALPC)
Windows Advanced Rasterization Platform
Windows Agent Activation Runtime
Windows Agere Modem Driver
Windows Ancillary Function Driver for WinSock
Windows App Package Installer
Windows App for Mac Installer
Windows App-V Overlay Filter
Windows AppContainer
Windows AppContracts API Server
Windows AppX Deployment Extensions
Windows AppX Deployment Server
Windows AppX Deployment Service
Windows AppX Package Manager
Windows Application Compatibility Cache
Windows Application Compatibility Client Library
Windows Application Identity (AppID) Subsystem
Windows Application Model Core API
Windows Authentication
Windows Background Intelligent Transfer Service
Windows Backup Engine
Windows Backup Service
Windows Bind Filter Driver
Windows BitLocker
Windows Bluetooth A2DP driver
Windows Bluetooth Driver
Windows Bluetooth RFCOM Protocol Driver
Windows Bluetooth Service
Windows Broadcast DVR User Service
Windows BrokerInfrastructure Service
Windows Bus Filter Driver
Windows CD-ROM Driver
Windows CD-ROM File System Driver
Windows CDP User Components
Windows CNG Key Isolation Service
Windows COM
Windows COM Server
Windows COM+ Event System Service
Windows CSC Service
Windows CSRSS
Windows Camera Codec
Windows Camera Codec Pack
Windows Camera Frame Server Monitor
Windows Canonical Display Driver
Windows Cleanup Manager
Windows Client License Service
Windows Client Server Run-time Subsystem (CSRSS)
Windows Client Side Caching driver (csc.sys)
Windows Client Side Rendering Print Provider
Windows Client-Side Caching
Windows Client-Side Caching (CSC) Service
Windows Clip Service
Windows Clipboard Server
Windows Clipboard Service
Windows Cloud Files Mini Filter Driver
Windows CloudExperienceHost
Windows Cluster Shared Volume (CSV)
Windows Clustered Shared Volume
Windows Collaborative Translation Framework
Windows Common Log File System Driver
Windows Composite Image File System (CimFS)
Windows Compressed Folder
Windows Connected Devices Platform Service
Windows Connected Devices Platform Service (Cdpsvc)
Windows Console Driver
Windows Contacts
Windows Container Execution Agent
Windows Container Isolation FS Filter Driver
Windows Container Manager Service
Windows Core Messaging
Windows Core Shell SI Host Extension Framework for Composable Shell
Windows CoreMessaging
Windows Credential Enrollment Manager Service
Windows Credential Guard Domain-joined Public Key
Windows Credential Manager User Interface
Windows Credential Picker
Windows Credential Roaming Service
Windows CryptoAPI
Windows Cryptographic
Windows Cryptographic Catalog Services
Windows Cryptographic Primitives Library
Windows Cryptographic Services
Windows Custom Protocol Engine
Windows DHCP Client
Windows DHCP Server
Windows DNS
Windows DNS Client
Windows DNS Query
Windows DNS Server
Windows DNS Snap-in
Windows DPAPI (Data Protection Application Programming Interface)
Windows DWM Core Library
Windows Data Sharing Service
Windows Delivery Optimization
Windows Deployment Services
Windows Desired State Configuration (DSC)
Windows Desktop Bridge
Windows Device Association Broker Service
Windows Device Association Service
Windows Device Setup Manager
Windows Devices Human Interface
Windows Diagnostics & feedback
Windows Diagnostics Hub
Windows Digital Media
Windows Digital Media Receiver
Windows Digital TV Tuner
Windows Digital TV Tuner device registration application
Windows Direct Show
Windows DirectX
Windows Disk Cleanup Tool
Windows Distributed File System (DFS)
Windows Distributed Transaction Coordinator
Windows Distributed Transaction Coordinator (MSDTC)
Windows Docker
Windows Domain Name Service
Windows ETL Channel
Windows Encrypted File System (EFS)
Windows Encrypting File System (EFS)
Windows Enterprise App Management Service
Windows Error Reporting
Windows Error Reporting Manager
Windows Error Reporting Service
Windows Event Logging Service
Windows Event System
Windows Event Tracing
Windows Event Tracing Discretionary Access Control List
Windows ExecutionContext Driver
Windows Extended Negotiation
Windows Extensible File Allocation Table
Windows Failover Cluster
Windows Fast FAT File System Driver
Windows Fax Compose Form
Windows Fax Service
Windows Fax and Scan Service
Windows Feedback Hub
Windows File Explorer
Windows File History
Windows File History Service
Windows File Server Resource Management Service
Windows Filter Manager
Windows Filtering Platform
Windows Font Driver Host
Windows Font Library
Windows Function Discovery SSDP Provider
Windows Function Discovery Service
Windows Function Discovery Service (fdwsd.dll)
Windows GDI
Windows GDI+
Windows GPSVC
Windows Geolocation Service
Windows Graphics Component
Windows Graphics Component Font Parsing
Windows Group Policy
Windows Group Policy Preference Client
Windows HMAC Key Derivation
Windows HTTP.sys
Windows Hard Link
Windows Health and Optimized Experiences
Windows Hello
Windows Human Interface Device
Windows Hyper-V
Windows Hyper-V Discrete Device Assignment (DDA)
Windows Hyper-V NT Kernel Integration VSP
Windows Hyper-V Shared Virtual Disk
Windows Hyper-V Shared Virtual Hard Disks
Windows IIS Server
Windows IME
Windows IP Routing Management Snapin
Windows Image
Windows Image Acquisition
Windows Image Acquisition Service
Windows Imaging Component
Windows Imaging Library
Windows Initial Machine Configuration
Windows Inking COM
Windows Input Method Editor (IME)
Windows InstallService
Windows Installer
Windows Internet Information Services Cachuri Module
Windows Internet Storage Name Service (iSNS) Server
Windows KDC Proxy
Windows KDC Proxy Service (KPSSVC)
Windows Kernel
Windows Kernel Local
Windows Kernel Memory
Windows Kernel Transaction Manager
Windows Kernel-Mode Driver
Windows KernelStream
Windows Key Distribution Center
Windows Key Isolation Service
Windows LSA
Windows LUA File Virtualization Filter Driver
Windows LUAFV
Windows Language Pack Installer
Windows Layer 2 Tunneling Protocol (L2TP)
Windows Layer-2 Bridge Network Driver
Windows License Manager
Windows Lightweight Directory Access Protocol (LDAP)
Windows Line Printer Daemon (LPD) Service
Windows Line Printer Daemon Service
Windows Link Layer Topology Discovery Protocol
Windows Link-Layer Discovery Protocol (LLDP)
Windows Local Security Authority (LSA)
Windows Local Security Authority Subsystem Service (LSASS)
Windows Local Session Manager (LSM)
Windows Local Spooler
Windows Lockscreen
Windows MBT Transport Driver
Windows MSCTF Server
Windows MSHTML Platform
Windows Malicious Software Removal Tool
Windows Management Service
Windows Management Services
Windows MapUrlToZone
Windows Media
Windows Media Audio Decoder
Windows Media Center
Windows Media Center Update
Windows Media Foundation Core
Windows Media Foundation Dolby Digital Atmos Decoders
Windows Media MPEG-4 Video Decoder
Windows Media Photo Codec
Windows Media Player Network Sharing Service
Windows Media Video Decoder
Windows Message Queuing (MSMQ)
Windows Message Queuing Client (MSMQC)
Windows Miracast Wireless Display
Windows Mixed Reality Developer Tools
Windows Mobile Broadband Driver
Windows Mobile Device Management
Windows Mobile Device Management Diagnostics
Windows Mobile Hotspot
Windows Modern Execution Server
Windows Modules Installer
Windows Modules Installer Service
Windows Motorola Soft Modem Driver
Windows MultiPoint Services
Windows Multiple UNC Provider Driver
Windows Multipoint Management
Windows NAT
Windows NDIS
Windows NFS Portmapper
Windows NT Lan Manager Datagram Receiver Driver
Windows NT OS Kernel
Windows NTFS
Windows NTLM
Windows NTLM Security Support Provider
Windows NTLM V1
Windows Named Pipe Filesystem
Windows Native WiFi Miniport Driver
Windows Nearby Sharing
Windows Netlogon
Windows Network Address Translation (NAT)
Windows Network Connection Broker
Windows Network Connections Service
Windows Network Driver Interface Specification (NDIS)
Windows Network Driver Interface Specification (NDIS) Driver
Windows Network File System
Windows Network List Service
Windows Network Load Balancing
Windows Network Location Awareness Service
Windows Network Virtualization
Windows Networking
Windows Notepad App
Windows Notification
Windows Now Playing Session Manager
Windows OLE
Windows Online Certificate Status Protocol (OCSP)
Windows Online Certificate Status Protocol (OCSP) Server
Windows Online Certificate Status Protocol (OCSP) SnapIn
Windows Overlay Filter
Windows PDEV
Windows PKU2U
Windows Package Library Manager
Windows Partition Management Driver
Windows Peer Name Resolution Protocol
Windows Perception Service
Windows Performance Recorder (WPR)
Windows Photo Import API
Windows Picker Platform
Windows PlayToManager
Windows Point-to-Point Protocol (PPP)
Windows Point-to-Point Protocol over Ethernet (PPPoE)
Windows Point-to-Point Tunneling Protocol
Windows Port Class Library
Windows Portmapping
Windows Power Dependency Coordinator
Windows Power Management Service
Windows Pragmatic General Multicast (PGM)
Windows Print Configuration
Windows Print Spooler
Windows Print Workflow Service
Windows PrintWorkflowUserSvc
Windows Printer Service
Windows Process Activation
Windows Profile Service
Windows Projected File System
Windows Projected File System FS Filter Driver
Windows Push Notification
Windows Push Notification Service
Windows Push Notifications
Windows Push Notifications Apps
Windows RDP Encoder Mirror Driver
Windows RRAS Service
Windows RSoP Service Application
Windows Radio Manager API
Windows Recovery Driver
Windows Recovery Environment Agent
Windows Redirected Drive Buffering SubSystem Driver
Windows Redirected Drive Buffering System
Windows Registry
Windows Reliable Multicast Transport Driver (RMCAST)
Windows Remote Access
Windows Remote Access Common Dialog
Windows Remote Access Connection Manager
Windows Remote Assistance
Windows Remote Desktop Gateway (RD Gateway)
Windows Remote Desktop Licensing Service
Windows Remote Desktop Protocol (RDP)
Windows Remote Desktop Service
Windows Remote Desktop Services
Windows Remote Procedure Call
Windows Remote Procedure Call Interface Definition Language (IDL)
Windows Remote Procedure Call Runtime
Windows Remote Procedure Call Service (RPCSS)
Windows Resilient File System
Windows Resilient File System (ReFS)
Windows Resilient File System (ReFS) Deduplication Service
Windows Resource Manager PSM Service Extension
Windows Resource Policy
Windows Rich Text Edit
Windows Routing Utilities
Windows Routing and Remote Access Service (RRAS)
Windows Runtime
Windows Runtime C++ Template Library
Windows SDK
Windows SMB
Windows SMB Authenticated
Windows SMB Client
Windows SMB Server
Windows SMB Witness Service
Windows SMBv3 Client/Server
Windows SMBv3 Server
Windows SSDP Service
Windows Schannel
Windows Scheduled Task
Windows Scripting Languages
Windows Search
Windows Search Indexer
Windows Search Service
Windows Secure Channel
Windows Secure Kernel Mode
Windows Secure Socket Tunneling Protocol (SSTP)
Windows Security Account Manager (SAM)
Windows Security Center API
Windows Security Support Provider Interface
Windows Sensor Data Service
Windows Server
Windows Server Remotely Accessible Registry Keys
Windows Server Resource Management Service
Windows Server Service
Windows Server Setup and Boot Event Collection
Windows Server Update Service (WSUS)
Windows Service
Windows Services and Controller App
Windows Services for NFS ONCRPC XDR Driver
Windows Setup
Windows Setup Files Cleanup
Windows Setup and Deployment
Windows SharedStream Library
Windows Shell
Windows Shell Infrastructure Component
Windows Simple Search and Discovery Protocol (SSDP) Service
Windows Smart Card Reader
Windows Snipping Tool
Windows Spatial Data Service
Windows Speech Brokered Api
Windows Speech Recognition
Windows Speech Runtime
Windows Speech Shell Components
Windows Standards-Based Storage Management Service
Windows Start-Up Application
Windows State Repository API Server File
Windows State Repository Service
Windows StateRepository API Server file
Windows Storage
Windows Storage Management Provider
Windows Storage Port Driver
Windows Storage Service
Windows Storage Services
Windows Storage Spaces Controller
Windows Storage VSP Driver
Windows Storage-based Management Service
Windows Storport Miniport Driver
Windows Subsystem for Linux
Windows Subsystem for Linux (WSL2) Kernel
Windows Subsystem for Linux GUI
Windows Sync Host Service
Windows Sysmain Service
Windows System Assessment Tool
Windows System Events Broker
Windows System Image Manager Assessment and Deployment Kit (ADK)
Windows System Launcher
Windows TCP/IP
Windows TCP/IP Driver
Windows TCP/IP Local
Windows TDI Translation Driver (tdx.sys)
Windows Task Scheduler
Windows Taskbar Live Preview
Windows Telephony Server
Windows Telephony Service
Windows Terminal
Windows Text Service Framework
Windows Text Service Module
Windows Text Services Framework
Windows Text Shaping
Windows Themes
Windows Tile Object Service
Windows Transaction Manager
Windows Transport Driver Interface (TDI) Translation Driver
Windows Trust Verification API
Windows Trusted Runtime Interface Driver
Windows UI Immersive Server API
Windows UI XAML Maps MapControlSettings
Windows UI XAML Phone DatePickerFlyout
Windows UPnP Device Host
Windows UPnP Service
Windows URL Parsing
Windows USB Attached SCSI (UAS) Protocol
Windows USB Generic Parent Driver
Windows USB Hub Driver
Windows USB Print Driver
Windows USB Printing Stack (usbprint.sys)
Windows USB Serial Driver
Windows USB Video Class System Driver
Windows USO Core Worker
Windows Universal Disk Format File System Driver (UDFS)
Windows Universal Plug and Play (UPnP) Device Host
Windows Update Medic Service
Windows Update Orchestrator Service
Windows Update Service
Windows Update Stack
Windows Update Stack Setup
Windows Upgrade Assistant
Windows User Account Profile Picture
Windows User Interface Application Core
Windows User Interface Core
Windows User Profile Service
Windows User-Mode Driver Framework Host
Windows User-mode Driver Framework Reflector Driver
Windows VBScript Engine
Windows Virtual Registry Provider
Windows Virtual Trusted Platform Module
Windows Virtualization-Based Security (VBS)
Windows Volume Manager Extension Driver
Windows WAN ARP Driver
Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys)
Windows WLAN AutoConfig Service
Windows WLAN Service
Windows WaasMedic Service
Windows WalletService
Windows Web Threat Defense User Service
Windows WebBrowser Control
Windows Wi-Fi Driver
Windows Win32 Kernel Subsystem
Windows Win32k
Windows Wireless Network Manager
Windows Wireless Networking
Windows Wireless Wide Area Network Service (WwanSvc)
Windows Work Folder Service
Windows Work Folders Service
Windows Workstation Service
Windows dnsrslvr.dll
Windows exFAT File System
Windows iSCSI Discovery Service
Windows iSCSI Service
Windows iSCSI Target Service
Windows libarchive
Windows rndismp6.sys
Windows upnphost.dll
Windows.Devices.Picker.dll
Winlogon
Wireless Wide Area Network Service (WwanSvc)
WmsRepair Service
Workspace Broker
XAML Diagnostics
Xbox Gaming Services
Xbox IStorageService
Xbox Live Auth Manager for Windows
Xbox Live Save Service
Xbox Wireless Adapter
Xen in the Linux kernel when running a guest on a host without hardware assisted paging (HAP) allows guest users to cause a
Xorg: xwayland: x.org x server
Xorg: xwayland: x.org x server: information exposure and
YARP
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a
Yet Another Reverse Proxy (YARP)
aiohttp
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13 on systems with perf_event_paranoid=-1 and no specific PMU driver support registered allows local users to cause a
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a
atop through 2.11.0 allows local users to cause a
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link which allows remote attackers to cause a
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a
body-parser vulnerable to
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a
cJSON 1.7.15 might allow a
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a
crwimage_int
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a
erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a
etcd
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function which allows remote attackers to cause a
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32 allows remote attackers to cause a
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free which allows local users to cause a
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering which allows operators of remote NFSv4 servers to cause a
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a
function make_tempdir and make_tempname in bucomm.c in Binutils 2.34 thru 2.38 allows attackers to cause a
function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38 allows attackers to cause a
function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38 allows attackers to cause a
function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38 allows attackers to cause a
gRPC Core
gRPC-C++
getHostByName Function
golang
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a
gopkg
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet resulting in
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet resulting in
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host resulting in a
iSCSI Target WMI Provider
iSNS Server Memory Corruption Vulnerability Can Lead to
ipmitool
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a
kjd/idna
latchset jose through version 11 allows attackers to cause a
libclamav in ClamAV before 0.94 allows attackers to cause a
libexpat through 2.5.0 allows a
libgit2 is vulnerable to a
libplist allows attackers to cause a
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a
loop counter
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels which allows remote attackers to cause a
net/http
net/http and golang
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a
nghttp2
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to
node-tar vulnerable to
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a
ping in iputils before 20250602 allows a
pluto in Libreswan before 4.11 allows a
pyasn1 Vulnerable to
pypa/setuptools
python-ecdsa
python-ldap before 3.4.0 is vulnerable to a
quic-go's path validation mechanism can cause
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument which might allow mail servers to cause a
scsi: storvsc: Ratelimit warning logs to prevent VM
socket.c in GNU Screen through 4.9.0 when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD) allows local users to send a privileged SIGHUP signal to any PID causing a
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a
strongSwan 5.9.8 and 5.9.9 potentially allows
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated
strongSwan before 5.9.8 allows remote attackers to cause a
the Protobuf PHP library during the parsing of untrusted input
tinylcy Vino through 2017-12-15 allows remote attackers to cause a
undici
unzip 6.0 allows remote attackers to cause a
ws
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a
CWE
All CWE
CWE-1037: Processor Optimization Removal or Modification of Security-critical Code
CWE-1050: Excessive Platform Resource Consumption within a Loop
CWE-115: Misinterpretation of Input
CWE-1188: Initialization of a Resource with an Insecure Default
CWE-118: Incorrect Access of Indexable Resource ('Range Error')
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121: Stack-based Buffer Overflow
CWE-122: Heap-based Buffer Overflow
CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation
CWE-125: Out-of-bounds Read
CWE-126: Buffer Over-read
CWE-1284: Improper Validation of Specified Quantity in Input
CWE-1287: Improper Validation of Specified Type of Input
CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-131: Incorrect Calculation of Buffer Size
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1327: Binding to an Unrestricted IP Address
CWE-1333: Inefficient Regular Expression Complexity
CWE-1335: Incorrect Bitwise Shift of Integer
CWE-134: Use of Externally-Controlled Format String
CWE-138: Improper Neutralization of Special Elements
CWE-1390: Weak Authentication
CWE-1419: Incorrect Initialization of Resource
CWE-158: Improper Neutralization of Null Byte or NUL Character
CWE-166: Improper Handling of Missing Special Element
CWE-170: Improper Null Termination
CWE-177: Improper Handling of URL Encoding (Hex Encoding)
CWE-183: Permissive List of Allowed Inputs
CWE-190
CWE-190: Integer Overflow or Wraparound
CWE-191: Integer Underflow (Wrap or Wraparound)
CWE-193: Off-by-one Error
CWE-195: Signed to Unsigned Conversion Error
CWE-197: Numeric Truncation Error
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-203: Observable Discrepancy
CWE-209: Generation of Error Message Containing Sensitive Information
CWE-20: Improper Input Validation
CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23: Relative Path Traversal
CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CWE-248: Uncaught Exception
CWE-250: Execution with Unnecessary Privileges
CWE-252: Unchecked Return Value
CWE-253: Incorrect Check of Function Return Value
CWE-257: Storing Passwords in a Recoverable Format
CWE-269: Improper Privilege Management
CWE-270: Privilege Context Switching Error
CWE-276: Incorrect Default Permissions
CWE-280: Improper Handling of Insufficient Permissions or Privileges
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-287: Improper Authentication
CWE-295: Improper Certificate Validation
CWE-303: Incorrect Implementation of Authentication Algorithm
CWE-306: Missing Authentication for Critical Function
CWE-307: Improper Restriction of Excessive Authentication Attempts
CWE-310 Cryptographic Issues - Generic
CWE-310: CWE CATEGORY: Cryptographic Issues
CWE-312: Cleartext Storage of Sensitive Information
CWE-326: Inadequate Encryption Strength
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)
CWE-345: Insufficient Verification of Data Authenticity
CWE-346: Origin Validation Error
CWE-347: Improper Verification of Cryptographic Signature
CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-353: Missing Support for Integrity Check
CWE-354: Improper Validation of Integrity Check Value
CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
CWE-35: Path Traversal: '.../...//'
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-369: Divide By Zero
CWE-36: Absolute Path Traversal
CWE-393: Return of Wrong Status Code
CWE-400 Uncontrolled Resource Consumption
CWE-400: Uncontrolled Resource Consumption
CWE-401: Missing Release of Memory after Effective Lifetime
CWE-404: Improper Resource Shutdown or Release
CWE-405: Asymmetric Resource Consumption (Amplification)
CWE-407: Inefficient Algorithmic Complexity
CWE-413: Improper Resource Locking
CWE-415: Double Free
CWE-416: Use After Free
CWE-41: Improper Resolution of Path Equivalence
CWE-426: Untrusted Search Path
CWE-427: Uncontrolled Search Path Element
CWE-428: Unquoted Search Path or Element
CWE-434: Unrestricted Upload of File with Dangerous Type
CWE-440: Expected Behavior Violation
CWE-453: Insecure Default Variable Initialization
CWE-459: Incomplete Cleanup
CWE-460: Improper Cleanup on Thrown Exception
CWE-476: NULL Pointer Dereference
CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-502: Deserialization of Untrusted Data
CWE-532: Insertion of Sensitive Information into Log File
CWE-552: Files or Directories Accessible to External Parties
CWE-590: Free of Memory not on the Heap
CWE-591: Sensitive Data Storage in Improperly Locked Memory
CWE-59: Improper Link Resolution Before File Access ('Link Following')
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-611: Improper Restriction of XML External Entity Reference
CWE-617: Reachable Assertion
CWE-625: Permissive Regular Expression
CWE-636: Not Failing Securely ('Failing Open')
CWE-641: Improper Restriction of Names for Files and Other Resources
CWE-662: Improper Synchronization
CWE-665: Improper Initialization
CWE-667: Improper Locking
CWE-674: Uncontrolled Recursion
CWE-680: Integer Overflow to Buffer Overflow
CWE-681: Incorrect Conversion between Numeric Types
CWE-682: Incorrect Calculation
CWE-693: Protection Mechanism Failure
CWE-696: Incorrect Behavior Order
CWE-704: Incorrect Type Conversion or Cast
CWE-707: Improper Neutralization
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-73: External Control of File Name or Path
CWE-749: Exposed Dangerous Method or Function
CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-755: Improper Handling of Exceptional Conditions
CWE-763: Release of Invalid Pointer or Reference
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-772: Missing Release of Resource after Effective Lifetime
CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-787: Out-of-bounds Write
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-798: Use of Hard-coded Credentials
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-820: Missing Synchronization
CWE-822: Untrusted Pointer Dereference
CWE-825: Expired Pointer Dereference
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CWE-833: Deadlock
CWE-834: Excessive Iteration
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-842: Placement of User into Incorrect Group
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-862: Missing Authorization
CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-908: Use of Uninitialized Resource
CWE-909: Missing Initialization of Resource
CWE-911: Improper Update of Reference Count
CWE-918: Server-Side Request Forgery (SSRF)
CWE-922: Insecure Storage of Sensitive Information
CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
CWE-939: Improper Authorization in Handler for Custom URL Scheme
CWE-94: Improper Control of Generation of Code ('Code Injection')
Unspecified
Search
Rows
20
50
100
Sort
Newest release
Oldest release
CWE
Module