| 1 |
Possible DoS Vulnerability with Range Header in Rack |
$5420.0 |
| 2 |
Double free vulnerability in Flash Player Settings Manager (CVE-2015-0346) |
$5000.0 |
| 3 |
CVE-2024-34750 Apache Tomcat DoS vulnerability in HTTP/2 connector |
$4920.0 |
| 4 |
important: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (CVE-2024-38477) |
$4920.0 |
| 5 |
important: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (CVE-2024-38476) |
$4920.0 |
| 6 |
important: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (CVE-2024-38475) |
$4920.0 |
| 7 |
important: Apache HTTP Server on WIndows UNC SSRF (CVE-2024-38472) |
$4920.0 |
| 8 |
important: Apache HTTP Server weakness with encoded question marks in backreferences (CVE-2024-38474) |
$4920.0 |
| 9 |
Libuv: Improper Domain Lookup that potentially leads to SSRF attacks |
$4860.0 |
| 10 |
CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc |
$4860.0 |
| 11 |
Denial of Service caused by HTTP/2 CONTINUATION Flood |
$4860.0 |
| 12 |
Cargo not respecting umask when extracting crate archives |
$4660.0 |
| 13 |
[CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON |
$4660.0 |
| 14 |
Possibility of Request smuggling attack |
$4660.0 |
| 15 |
Argo CD CSRF leads to Kubernetes cluster compromise |
$4660.0 |
| 16 |
CVE-2024-21733 Apache Tomcat HTTP Request Smuggling (Client- Side Desync) (CWE: 444) |
$4660.0 |
| 17 |
Request Smuggling in Apache Tomcat (Important, CVE-2023-45648) |
$4660.0 |
| 18 |
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() |
$4263.0 |
| 19 |
important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898) |
$4263.0 |
| 20 |
DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices) |
$4200.0 |
| 21 |
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 |
$4000.0 |
| 22 |
Regexes with large repetitions on empty sub-expressions take a very long time to parse |
$4000.0 |
| 23 |
Time-of-check to time-of-use vulnerability in the std::fs::remove_dir_all() function of the Rust standard library |
$4000.0 |
| 24 |
CVE-2022-28738: Double free in Regexp compilation |
$4000.0 |
| 25 |
Pause-based desync in Apache HTTPD |
$4000.0 |
| 26 |
ReDoS (Rails::Html::PermitScrubber.scrub_attribute) |
$4000.0 |
| 27 |
CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example |
$4000.0 |
| 28 |
Use of Cryptographically Weak Pseudo-Random Number Generator in WebCrypto keygen |
$4000.0 |
| 29 |
ReDoS( Ruby, Time) |
$4000.0 |
| 30 |
Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash |
$3645.0 |
| 31 |
CVE-2023-30587 Process-based permissions can be bypassed with the "inspector" module. |
$3495.0 |
| 32 |
Path traversal through path stored in Uint8Array in Node.js 20 |
$3495.0 |
| 33 |
http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks |
$3495.0 |
| 34 |
User credentials leak and arbitrary local file read/leak due to same-origin-policy violation |
$3000.0 |
| 35 |
Wrong Handling of Content-Type allows Flash injection and Rosseta flash patch bypass |
$3000.0 |
| 36 |
[CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML |
$2600.0 |
| 37 |
CVE-2024-35200 in nginx |
$2600.0 |
| 38 |
CVE-2024-31079 in nginx |
$2600.0 |
| 39 |
CVE-2024-32760 in nginx |
$2600.0 |
| 40 |
CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory |
$2600.0 |
| 41 |
moderate: Apache HTTP Server proxy encoding problem (CVE-2024-38473) |
$2600.0 |
| 42 |
moderate: Apache HTTP Server: HTTP response splitting (CVE-2023-38709) |
$2600.0 |
| 43 |
moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573) CWE-20 Improper Input Validation |
$2600.0 |
| 44 |
CVE-2024-2466: TLS certificate check bypass with mbedTLS (reward request) |
$2580.0 |
| 45 |
CVE-2024-2398: HTTP/2 push headers memory-leak |
$2580.0 |
| 46 |
Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames |
$2580.0 |
| 47 |
CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words() |
$2580.0 |
| 48 |
CVE-2024-25128: Apache Airflow: Authentication Bypass when Legacy OpenID(2.0) is in use as AUTH_TYPE |
$2580.0 |
| 49 |
SSRF Vulnerability through Connection test feature |
$2550.0 |
| 50 |
Context isolation bypass via nested unserializable return value |
$2550.0 |
| 51 |
[CVE-2023-27539] Possible Denial of Service Vulnerability in Rack’s header parsing |
$2540.0 |
| 52 |
CVE-2023-36617: ReDoS vulnerability in URI (Ruby) |
$2540.0 |
| 53 |
Argocd's web terminal session doesn't expire |
$2540.0 |
| 54 |
[curl] CVE-2023-38039: HTTP header allocation DOS |
$2540.0 |
| 55 |
OpenSSL engines can be used to bypass and/or disable the Node.js permission model |
$2540.0 |
| 56 |
CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows |
$2540.0 |
| 57 |
OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304) |
$2540.0 |
| 58 |
curl cookie mixed case PSL bypass |
$2540.0 |
| 59 |
ASAR Integrity bypass via filetype confusion |
$2540.0 |
| 60 |
[curl] CVE-2023-32001: fopen race condition |
$2480.0 |
| 61 |
odbc apache airflow provider code execution vulnerability |
$2480.0 |
| 62 |
Path traversal by monkey-patching Buffer internals |
$2430.0 |
| 63 |
CVE-2022-27774: Credential leak on redirect |
$2400.0 |
| 64 |
CVE-2022-27782: TLS and SSH connection too eager reuse |
$2400.0 |
| 65 |
CVE-2022-27778: curl removes wrong file on error |
$2400.0 |
| 66 |
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag |
$2400.0 |
| 67 |
CVE-2022-32207: Unpreserved file permissions |
$2400.0 |
| 68 |
CVE-2022-32206: HTTP compression denial of service |
$2400.0 |
| 69 |
Apache HTTP Server: mod_proxy_ajp: Possible request smuggling |
$2400.0 |
| 70 |
Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing |
$2400.0 |
| 71 |
Airflow Daemon Mode Insecure Umask Privilege Escalation |
$2400.0 |
| 72 |
potential denial of service attack via the locale parameter |
$2400.0 |
| 73 |
POST following PUT confusion |
$2400.0 |
| 74 |
CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style) |
$2400.0 |
| 75 |
CVE-2022-23520: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations) |
$2400.0 |
| 76 |
Rails ActionView sanitize helper bypass leading to XSS using SVG tag. |
$2400.0 |
| 77 |
RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0 |
$2400.0 |
| 78 |
UAF in OpenSSL up to 3.0.7 |
$2400.0 |
| 79 |
Potential DoS vulnerability in Django in multipart parser |
$2400.0 |
| 80 |
CVE-2023-27535: FTP too eager connection reuse |
$2400.0 |
| 81 |
Open Redirect Vulnerability in Action Pack |
$2400.0 |
| 82 |
Inadequate Encryption Strength in nodejs-current reads openssl.cnf from /home/iojs/build/... upon startup on MacOS |
$2400.0 |
| 83 |
Apache Airflow Google Cloud Sql Provider Remote Command Execution |
$2400.0 |
| 84 |
Privilege Esacalation at Apache Airflow 2.5.1 |
$2400.0 |
| 85 |
Authenticated but unauthorized users may enumerate Application names via the API |
$2400.0 |
| 86 |
CVE-2023-28710 Apache Airflow Spark Provider Arbitrary File Read via JDBC |
$2400.0 |
| 87 |
Permission model improperly protects against path traversal in Node.js 20 |
$2330.0 |
| 88 |
CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation . |
$2142.0 |
| 89 |
[CVE-2024-35176] DoS vulnerability in REXML |
$2142.0 |
| 90 |
CVE-2024-7347: Buffer overread in the ngx_http_mp4_module |
$2142.0 |
| 91 |
CVE-2024-41989: Denial-Of-Service vulnerability in the floatformat template filter when input string contains a big exponent in scientific notation |
$2142.0 |
| 92 |
Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298 |
$2000.0 |
| 93 |
Internet-based attacker can run Flash apps in local sandboxes by using special URL schemes (PSIRT-3299, CVE-2015-3079) |
$2000.0 |
| 94 |
Two out-of-bounds array reads in Python AST builder (Re-opening 520612 with CVEs) |
$2000.0 |
| 95 |
CVE-2021-3711: SM2 decrypt buffer overflow |
$2000.0 |
| 96 |
Ruby CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse |
$2000.0 |
| 97 |
CVE-2022-21831: Possible code injection vulnerability in Rails / Active Storage |
$2000.0 |
| 98 |
Argo CD reconciles apps outside configured namespaces when sharding is enabled |
$2000.0 |
| 99 |
CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding |
$1800.0 |
| 100 |
CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding |
$1800.0 |
| 101 |
CVE-2022-32214 - HTTP Request Smuggling Due To Improper Delimiting of Header Fields |
$1800.0 |
| 102 |
CVE-2023-23919: Multiple OpenSSL error handling issues in nodejs crypto library |
$1800.0 |
| 103 |
HTTP Request Smuggling Due to Incorrect Parsing of Header Fields |
$1800.0 |
| 104 |
DiffieHellman doesn't generate keys after setting a key |
$1800.0 |
| 105 |
HTTP Request Smuggling via Empty headers separated by CR |
$1800.0 |
| 106 |
LZMADecompressor.decompress Use After Free |
$1500.0 |
| 107 |
Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation |
$1500.0 |
| 108 |
3 heap corruptions in PHP |
$1500.0 |
| 109 |
Stack Buffer Overflow in GD dynamicGetbuf |
$1500.0 |
| 110 |
Inadequate error handling in bzread() |
$1500.0 |
| 111 |
Perl $ENV Key Stack Buffer Overflow |
$1500.0 |
| 112 |
OpenSSH / dropbearSSHd xauth command injection |
$1500.0 |
| 113 |
efree() on uninitialized Heap data in imagescale leads to use-after-free |
$1500.0 |
| 114 |
imagecolormatch Out Of Bounds Write on Heap |
$1500.0 |
| 115 |
Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow |
$1500.0 |
| 116 |
phar_tar_writeheaders_int() buffer overflow |
$1500.0 |
| 117 |
CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm |
$1500.0 |
| 118 |
Buffer over-write in finfo_open with malformed magic file. |
$1500.0 |
| 119 |
Out of Bounds Memory Read in php_jpg_get16 |
$1500.0 |
| 120 |
Use after free and out of bounds read in xmlrpc_decode() |
$1500.0 |
| 121 |
Heap overflow in utf32be_mbc_to_code |
$1500.0 |
| 122 |
Negative size parameter in mb_split |
$1500.0 |
| 123 |
Out of Bounds Memory Read in exif_process_user_comment |
$1500.0 |
| 124 |
Out of Bounds Memory Read in exif_scan_thumbnail |
$1500.0 |
| 125 |
Buffer overflow in PyCArg_repr in _ctypes/callproc.c for Python 3.x to 3.9.1 |
$1500.0 |
| 126 |
Improper handling of wildcards in --allow-fs-read and --allow-fs-write |
$1290.0 |
| 127 |
Integrity checks according to policies can be circumvented in Node.js 20 and Node.js 18 |
$1270.0 |
| 128 |
Local Privilege Escalation during execution of VeraCryptExpander.exe (UAC bypass) |
$1250.0 |
| 129 |
Request line injection via HTTP/2 in Apache mod_proxy |
$1200.0 |
| 130 |
Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044) |
$1200.0 |
| 131 |
Off-by-slash vulnerability in nodejs.org and iojs.org |
$1200.0 |
| 132 |
Permissions policies can be bypassed via Module._load and require.extensions (High) (CVE-2023-30587) |
$1165.0 |
| 133 |
Possible XSS Vulnerability in Action Controller |
$1068.0 |
| 134 |
CVE-2016-0772 - python: smtplib StartTLS stripping attack |
$1000.0 |
| 135 |
Type confusion in partial.setstate, partial_repr, partial_call leads to memory corruption, reliable control flow hijack |
$1000.0 |
| 136 |
msilib.OpenDatabase Type Confusion |
$1000.0 |
| 137 |
chain.setstate Type Confusion |
$1000.0 |
| 138 |
SSL_peek() hang on empty record (CVE-2016-6305) |
$1000.0 |
| 139 |
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec |
$1000.0 |
| 140 |
SEH buffer overflow msgfmt_format_message |
$1000.0 |
| 141 |
Negative size parameter (-1) in memcpy mbfl_strcut |
$1000.0 |
| 142 |
imagegammacorrect allows arbitrary write access |
$1000.0 |
| 143 |
Uninitialized pointer in phar_make_dirstream() |
$1000.0 |
| 144 |
Heap corruption in tar/zip/phar parser |
$1000.0 |
| 145 |
Type Confusion Vulnerability - SOAP / make_http_soap_request() |
$1000.0 |
| 146 |
select_colors write out-of-bounds |
$1000.0 |
| 147 |
Inappropriate URL parsing may cause security risk! |
$1000.0 |
| 148 |
php curl ext size_t overflow lead to heap corruption |
$1000.0 |
| 149 |
In correct casting from size_t to int lead to heap overflow in mcrypt_generic |
$1000.0 |
| 150 |
php mcrypt ext - In correct casting from size_t to int lead to heap overflow in mdecrypt_generic |
$1000.0 |
| 151 |
Invalid free in phar_extract_file() |
$1000.0 |
| 152 |
Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack |
$1000.0 |
| 153 |
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) |
$1000.0 |
| 154 |
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.50 |
$1000.0 |
| 155 |
Undici ProxyAgent vulnerable to MITM |
$1000.0 |
| 156 |
[CVE-2020-27194] Linux kernel: eBPF verifier bug in or binary operation tracking function leads to LPE |
$750.0 |
| 157 |
IP-in-IP protocol routes arbitrary traffic by default - CVE-2020-10136 |
$750.0 |
| 158 |
CVE-2020-9383 Floppy OOB read |
$750.0 |
| 159 |
Dependency Policy Bypass via process.binding |
$635.0 |
| 160 |
CRLF Injection in Nodejs ‘undici’ via host |
$600.0 |
| 161 |
Usage of disabled protocol in curl |
$560.0 |
| 162 |
CVE-2024-2379: QUIC certificate check bypass with wolfSSL |
$560.0 |
| 163 |
unsanitized input goes to regex function leads to ReDos that make request hangs |
$540.0 |
| 164 |
CVE-2023-40273: Session fixation in Apache Airflow web interface |
$540.0 |
| 165 |
Regular Expression Denial of Service (ReDoS) Vulnerability before 2.6.3 |
$540.0 |
| 166 |
Apache Airflow path traversal by authenticated user |
$540.0 |
| 167 |
CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags |
$540.0 |
| 168 |
[CVE-2023-38546] cookie injection with none file |
$540.0 |
| 169 |
CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature |
$540.0 |
| 170 |
Pickle deserialization vulnerability in XComs |
$540.0 |
| 171 |
Command Injection using malicious hostname in expanded proxycommand |
$540.0 |
| 172 |
Apache Airflow: Bypass permission verification to read code of other dags |
$540.0 |
| 173 |
jdbc apache airflow provider code execution vulnerability |
$520.0 |
| 174 |
Type confusion in FutureIter_throw() which may potentially lead to an arbitrary code execution |
$500.0 |
| 175 |
imagefilltoborder stackoverflow on truecolor images |
$500.0 |
| 176 |
Write out-of-bounds at number_format |
$500.0 |
| 177 |
memcpy negative size parameter in php_resolve_path |
$500.0 |
| 178 |
memcpy negative parameter _bc_new_num_ex |
$500.0 |
| 179 |
Invalid parameter in memcpy function trough openssl_pbkdf2 |
$500.0 |
| 180 |
Out of bounds memory read in unserialize() |
$500.0 |
| 181 |
Unsafe arithmetic in PyString_DecodeEscape |
$500.0 |
| 182 |
cURL / libcURL - CVE-2016-8624 invalid URL parsing with '#' |
$500.0 |
| 183 |
mod_userdir CRLF injection (CVE-2016-4975) |
$500.0 |
| 184 |
linkinfo - openbasedir bypass on Windows PHP |
$500.0 |
| 185 |
[bower] Arbitrary File Write through improper validation of symlinks while package extraction |
$500.0 |
| 186 |
Windows builds with insecure path defaults (CVE-2019-1552) |
$500.0 |
| 187 |
potential remote code execution with phar archive |
$500.0 |
| 188 |
xml_parse_into_struct segmentation fault |
$500.0 |
| 189 |
stack-buffer-overflow through "ResourceBundle" methods |
$500.0 |
| 190 |
bcpowmod accepts negative scale and corrupts one definition |
$500.0 |
| 191 |
get_icu_value_internal out-of-bounds read |
$500.0 |
| 192 |
locale_accept_from_http out-of-bounds access |
$500.0 |
| 193 |
Illegal write access through Locale methods |
$500.0 |
| 194 |
CVE-2015-8874 Stack overflow with imagefilltoborder |
$500.0 |
| 195 |
imagegif/output out-of-bounds access |
$500.0 |
| 196 |
Out-of-bounds reads in zif_grapheme_stripos with negative offset |
$500.0 |
| 197 |
imagecropauto out-of-bounds access |
$500.0 |
| 198 |
wddx_deserialize null dereference in php_wddx_pop_element |
$500.0 |
| 199 |
Integer underflow / arbitrary null write in fread/gzread |
$500.0 |
| 200 |
wddx_deserialize null dereference with invalid xml |
$500.0 |
| 201 |
Null pointer deref with ob_start with get_defined_vars |
$500.0 |
| 202 |
Null pointer deref with ob_start with compact |
$500.0 |
| 203 |
Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes |
$500.0 |
| 204 |
Out-of-Bound Read in phar_parse_zipfile() |
$500.0 |
| 205 |
Use-After-Free / Double-Free in WDDX Deserialize |
$500.0 |
| 206 |
imagescale out-of-bounds read |
$500.0 |
| 207 |
Illegal write/read access caused by gdImageAALine overflow |
$500.0 |
| 208 |
imap_rfc822_parse_headers GS Violation |
$500.0 |
| 209 |
gdImageTrueColorToPaletteBody allows arbitrary write/read access |
$500.0 |
| 210 |
pass2_no_dither out-of-bounds access |
$500.0 |
| 211 |
wddx_deserialize null dereference |
$500.0 |
| 212 |
wddx_deserialize allows illegal memory access |
$500.0 |
| 213 |
wddx_deserialize use-after-free |
$500.0 |
| 214 |
Urllib connects to a wrong host |
$500.0 |
| 215 |
Use-after-free in _asyncio_Future_remove_done_callback |
$500.0 |
| 216 |
Incorrect GC behavior in xxlimited could lead to use-after-free |
$500.0 |
| 217 |
null pointer dereference in set_conversion_mode due uncheck _ctypes_conversion_errors |
$500.0 |
| 218 |
Inappropriately parsing HTTP response leads to PHP segment fault! |
$500.0 |
| 219 |
Potential infinite loop in gdImageCreateFromGifCtx! |
$500.0 |
| 220 |
NULL pointer dereference in SimpleXMLElement::asXML() |
$500.0 |
| 221 |
crash in openssl_random_pseudo_bytes function |
$500.0 |
| 222 |
crash in gzcompress and 3 other compress functions |
$500.0 |
| 223 |
missing NULL check in dom_document_save_html |
$500.0 |
| 224 |
heap overflow in php_ereg_replace function |
$500.0 |
| 225 |
crash in implode() function |
$500.0 |
| 226 |
iconv() function missing string length check |
$500.0 |
| 227 |
crash in bzcompress function |
$500.0 |
| 228 |
crash in get_icu_value_internal function |
$500.0 |
| 229 |
crash in locale_get_keywords() when keyword value in locale string too long |
$500.0 |
| 230 |
another crash in locale_get_keywords function |
$500.0 |
| 231 |
Invalid memory access in zend_strtod() function |
$500.0 |
| 232 |
crash in simplestring_addn function |
$500.0 |
| 233 |
Invalid memory access in spl_filesystem_dir_open function |
$500.0 |
| 234 |
Invalid memory access in php_basename function |
$500.0 |
| 235 |
Invalid memory access in spl_filesystem_info_set_filename function |
$500.0 |
| 236 |
crash in locale_compose() function |
$500.0 |
| 237 |
php_snmp_parse_oid integer overflow in memory allocation |
$500.0 |
| 238 |
ldap_escape could produce string larger than 2Gb |
$500.0 |
| 239 |
integer overflow in curl_escape caused heap corruption |
$500.0 |
| 240 |
gzuncompress does NOT check output string size which leads to an overflow |
$500.0 |
| 241 |
gzdecode does NOT check output string size which leads to an overflow |
$500.0 |
| 242 |
integer overflow in fgetcsv caused heap corruption |
$500.0 |
| 243 |
memory corruption in wordwrap function |
$500.0 |
| 244 |
integer overflow in recode_string caused heap corruption |
$500.0 |
| 245 |
integer overflow in fgets cause heap corruption |
$500.0 |
| 246 |
integer overflow in preg_quote caused heap corruption |
$500.0 |
| 247 |
integer overflow in imap_binary caused heap corruption |
$500.0 |
| 248 |
integer overflow in pg_escape_bytea caused heap corruption |
$500.0 |
| 249 |
integer overflow in str_pad caused heap corruption |
$500.0 |
| 250 |
heap overflow in substr_replace |
$500.0 |
| 251 |
integer overflow in php_ldap_do_escape caused heap corruption |
$500.0 |
| 252 |
integer overflow in pg_escape_string caused heap corruption |
$500.0 |
| 253 |
integer overflow in php_uuencode caused heap corruption |
$500.0 |
| 254 |
integer overflow in urlencode caused heap corruption |
$500.0 |
| 255 |
integer overflow in quoted_printable_encode caused heap corruption |
$500.0 |
| 256 |
Integer overflow lead to heap corruption in sql_regcase |
$500.0 |
| 257 |
integer overflow in bzdecompress caused heap corruption |
$500.0 |
| 258 |
integer overflow in base64_decode caused heap corruption |
$500.0 |
| 259 |
Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow |
$500.0 |
| 260 |
NULL Pointer Dereference at _gdScaleVert |
$500.0 |
| 261 |
Integer Overflow in _gd2GetHeader() resulting in heap overflow |
$500.0 |
| 262 |
Heap BufferOver Flow in escapeshellargs and escapeshellcmd functions |
$500.0 |
| 263 |
Arbitary Memory Read via gdImageRotateInterpolated Array Index Out of Bounds |
$500.0 |
| 264 |
Stack overflow when decompressing tar archives |
$500.0 |
| 265 |
buffer overread in base64 code of the xmlrpc module |
$500.0 |
| 266 |
OOB read in php_strip_tags_ex |
$500.0 |
| 267 |
CVE-2017-13041 The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). |
$500.0 |
| 268 |
CVE-2017-13040 The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. |
$500.0 |
| 269 |
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c |
$500.0 |
| 270 |
CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link |
$497.0 |
| 271 |
Unbounded memory growth with session handling in TLSv1.3 |
$497.0 |
| 272 |
Renderers can obtain access to random bluetooth device without permission |
$480.0 |
| 273 |
CVE-2022-27775: Bad local IPv6 connection reuse |
$480.0 |
| 274 |
CVE-2022-27776: Auth/cookie leak on redirect |
$480.0 |
| 275 |
CVE-2022-32205: Set-Cookie denial of service |
$480.0 |
| 276 |
CVE-2022-32208: FTP-KRB bad message verification |
$480.0 |
| 277 |
rubygems.org Batching attack to confirmation_token by bypass rate limit |
$480.0 |
| 278 |
Leak of sensitive values to Airflow rendered template |
$480.0 |
| 279 |
CVE-2023-23915: HSTS amnesia with --parallel |
$480.0 |
| 280 |
CVE-2023-23914: HSTS ignored on multiple requests |
$480.0 |
| 281 |
CVE-2023-27533: TELNET option IAC injection |
$480.0 |
| 282 |
CVE-2023-27534: SFTP path ~ resolving discrepancy |
$480.0 |
| 283 |
CVE-2023-27536: GSS delegation too eager connection re-use |
$480.0 |
| 284 |
CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution |
$480.0 |
| 285 |
CVE-2023-27538: SSH connection too eager reuse still |
$480.0 |
| 286 |
Possible DoS Vulnerability in Multipart MIME parsing in rack |
$480.0 |
| 287 |
CVE-2023-28320 - siglongjmp race condition |
$480.0 |
| 288 |
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID |
$480.0 |
| 289 |
[CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore |
$480.0 |
| 290 |
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing |
$480.0 |
| 291 |
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing |
$480.0 |
| 292 |
[CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing |
$480.0 |
| 293 |
Proxy-Authorization header not cleared on cross-origin redirect in undici.request |
$420.0 |
| 294 |
Cookie headers are not cleared in cross-domain redirect in undici-fetch |
$405.0 |
| 295 |
Proxy-Authorization header is not cleared in cross-domain redirect in undici |
$405.0 |
| 296 |
"urllib" will result to deny of service |
$240.0 |
| 297 |
Optionsbleed / CVE-2017-9798 |
$100.0 |
| 298 |
Some build dependencies are downloaded over an insecure channel (without subsequent integrity checks) |
$100.0 |
| 299 |
Out of bound read in exif_process_IFD_in_MAKERNOTE |
$0.0 |
| 300 |
NULL Pointer Dereference in exif_process_user_comment |
$0.0 |
| 301 |
urllib HTTP header injection CVE-2016-5699 |
$0.0 |
| 302 |
CVE-2016-2177 Undefined pointer arithmetic in SSL code |
$0.0 |
| 303 |
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) |
$0.0 |
| 304 |
SSLv2 doesn't block disabled ciphers (CVE-2015-3197) |
$0.0 |
| 305 |
Double-free in X509 parsing |
$0.0 |
| 306 |
Remote client memory corruption in ssl_add_clienthello_tlsext() |
$0.0 |
| 307 |
CVE-2017-3730: Bad (EC)DHE parameters cause a client crash |
$0.0 |
| 308 |
DoS vulnerability in mod_auth_digest CVE-2016-2161 |
$0.0 |
| 309 |
OCSP Status Request extension unbounded memory growth (CVE-2016-6304) |
$0.0 |
| 310 |
OOB write in BN_bn2dec() (CVE-2016-2182) |
$0.0 |
| 311 |
OOB write in MDC2_Update() (CVE-2016-6303) |
$0.0 |
| 312 |
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308) |
$0.0 |
| 313 |
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307) |
$0.0 |
| 314 |
Certificate message OOB reads (CVE-2016-6306) |
$0.0 |
| 315 |
OOB read in TS_OBJ_print_bio() (CVE-2016-2180) |
$0.0 |
| 316 |
Malformed SHA512 ticket DoS (CVE-2016-6302) |
$0.0 |
| 317 |
heap-buffer-overflow (READ of size 11) in Perl 5.25.x |
$0.0 |
| 318 |
read outside of buffer (heap buffer overflow) in S_regmatch - regexec.c:6057 |
$0.0 |
| 319 |
Buffer overflow in HTTP parse_hostinfo(), parse_userinfo() and parse_scheme() |
$0.0 |
| 320 |
Heap overflow caused by type confusion vulnerability in merge_param() |
$0.0 |
| 321 |
Use of uninitialized memory in unserialize() |
$0.0 |
| 322 |
heap-buffer-overflow (READ of size 61) in Perl_re_intuit_start() |
$0.0 |
| 323 |
Apache HTTP Request Parsing Whitespace Defects |
$0.0 |
| 324 |
Mercurial can be tricked into granting authorized users access to the Python debugger |
$0.0 |
| 325 |
ntpd: read_mru_list() does inadequate incoming packet checks |
$0.0 |
| 326 |
ap_find_token() Buffer Overread |
$0.0 |
| 327 |
Use-after-free in XML::LibXML::Node::replaceChild |
$0.0 |
| 328 |
Race Conditions in OAuth 2 API implementations |
$0.0 |
| 329 |
RCE via ssh:// URIs in multiple VCS |
$0.0 |
| 330 |
Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse |
$0.0 |
| 331 |
Interger overflow in eval trigger write out of bound |
$0.0 |
| 332 |
Unsecure: Bypass alerts of Little Flocker / Little Snitch / HandsOff! / BlockBlock (same concept can be applied to other security tools) |
$0.0 |
| 333 |
heap-buffer-overflow (WRITE of size 8) in Perl_pp_reverse() |
$0.0 |
| 334 |
heap-buffer-overflow (buffer read overrun) in curl: ourWriteOut() src/tool_writeout.c:115 |
$0.0 |
| 335 |
CVE-2017-1000101: cURL: URL globbing out of bounds read |
$0.0 |
| 336 |
Out of bounds read in libcurl's IMAP FETCH response parser |
$0.0 |
| 337 |
CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written |
$0.0 |
| 338 |
ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers |
$0.0 |
| 339 |
Heap Buffer Overflow (READ: 1786) in exif_iif_add_value |
$0.0 |
| 340 |
heap-buffer-overflow (READ of size 48) in exif_read_data() |
$0.0 |
| 341 |
CVE-2018-12882: heap-use-after-free in PHP 7.2 through 7.2.6, possible 7.2.7 |
$0.0 |
| 342 |
Cross-site information assertion leak via Content Security Policy |
$0.0 |
| 343 |
Client DoS due to large DH parameter (CVE-2018-0732) |
$0.0 |
| 344 |
Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS |
$0.0 |
| 345 |
DoS for HTTP/2 connections by crafted requests (CVE-2018-1333) |
$0.0 |
| 346 |
XML hash collision DoS vulnerability in Python's xml.etree module |
$0.0 |
| 347 |
Heap Use After Free in unserialize() |
$0.0 |
| 348 |
Out of Bounds Memory Read in unserialize() |
$0.0 |
| 349 |
Heap Use After Free Read in unserialize() |
$0.0 |
| 350 |
HTTP MitM on Flash Player settings manager allows attacker to set sandbox settings |
$0.0 |
| 351 |
Linux kernel: CVE-2017-6074: DCCP double-free vulnerability |
$0.0 |
| 352 |
Ubuntu Linux privilege escalation (dirty_sock) |
$0.0 |
| 353 |
CVE-2019-0196: mod_http2 with scoreboard Use-After-Free (Read) |
$0.0 |
| 354 |
Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem |
$0.0 |
| 355 |
Linux kernel: CVE-2017-7308: a signedness issue in AF_PACKET sockets |
$0.0 |
| 356 |
Linux kernel: CVE-2017-1000112: a memory corruption due to UFO to non-UFO path switch |
$0.0 |
| 357 |
ZeroMQ libzmq remote code execution |
$0.0 |
| 358 |
Mailsploit: a sender spoofing bug in over 30 email clients |
$0.0 |
| 359 |
[CVE-2018-18312] regcomp: heap-buffer-overflow write / reg_node overrun |
$0.0 |
| 360 |
[CVE-2018-18313] regcomp: heap-buffer-overflow read in S_grok_bslash_N |
$0.0 |
| 361 |
Integer overflow leading to buffer overflow |
$0.0 |
| 362 |
Mercurial git subrepo lead to arbritary command injection |
$0.0 |
| 363 |
Exim off-by-one RCE vulnerability |
$0.0 |
| 364 |
CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host |
$0.0 |
| 365 |
Silent omission of certificate hostname verification in LibreSSL and BoringSSL |
$0.0 |
| 366 |
ChaCha20-Poly1305 with long nonces |
$0.0 |
| 367 |
pngcrush_measure_idat() off-by-one error (CVE-2015-2158) |
$0.0 |
| 368 |
pngcrush double-free/segfault could result in DoS (CVE-2015-7700) |
$0.0 |
| 369 |
Use after free with assign by ref to overloaded objects |
$0.0 |
| 370 |
Denial of service in libxml2, using malicious lzma file to consume available system memory |
$0.0 |
| 371 |
CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) |
$0.0 |
| 372 |
CVE-2017-10965: Null pointer dereference in Irssi <1.0.4 |
$0.0 |
| 373 |
CVE-2017-11367: Global buffer overflow (READ of size 4) in shoco C library |
$0.0 |
| 374 |
libtiff 4.0.6 segfault / read outside of buffer (CVE-2016-9297) |
$0.0 |
| 375 |
libtiff 4.0.6 heap bufer overflow / out of bounds read (CVE-2016-9273) |
$0.0 |
| 376 |
CVE-2017-5204: The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print() |
$0.0 |
| 377 |
CVE-2017-5341 The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print() |
$0.0 |
| 378 |
CVE-2017-5484 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print() |
$0.0 |
| 379 |
CVE-2017-5342 In tcpdump before 4.9.0 a bug in multiple protocol parsers could cause a buffer overflow in print-ether.c:ether_print() |
$0.0 |
| 380 |
CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(). |
$0.0 |
| 381 |
CVE-2017-12985: The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ip6_print() |
$0.0 |
| 382 |
CVE-2017-13009 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). |
$0.0 |
| 383 |
CVE-2017-13010 The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). |
$0.0 |
| 384 |
CVE-2017-13038 The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). |
$0.0 |
| 385 |
CVE-2017-12986 The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). |
$0.0 |
| 386 |
CVE-2017-13008 The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). |
$0.0 |
| 387 |
CVE-2017-12858: Heap UAF in _zip_buffer_free() / Double free in _zip_dirent_read() |
$0.0 |
| 388 |
Information disclosure in mmap module - python 2.7.12 |
$0.0 |
| 389 |
Crash (DoS) when parsing a hostile TIFF |
$0.0 |
| 390 |
Memory corruption when parsing a hostile PHAR archive |
$0.0 |
| 391 |
Format string implementation vulnerability, resulting in code execution |
$0.0 |
| 392 |
Use After Free Vulnerability in WDDX Packet Deserialization |
$0.0 |
| 393 |
Type Confusion Vulnerability in PHP_to_XMLRPC_worker() |
$0.0 |
| 394 |
Session WDDX Packet Deserialization Type Confusion Vulnerability |
$0.0 |
| 395 |
Type Confusion in WDDX Packet Deserialization |
$0.0 |
| 396 |
Integer Overflow in php_html_entities() |
$0.0 |
| 397 |
Integer Overflow in php_raw_url_encode |
$0.0 |
| 398 |
Multiple Heap Overflows in php_raw_url_encode/php_url_encode |
$0.0 |
| 399 |
Integer Overflow in SplFileObject::fread |
$0.0 |
| 400 |
Integer Overflow in nl2br() |
$0.0 |
| 401 |
Integer Overflow in addcslashes()/addslashes() |
$0.0 |
| 402 |
Integer Overflow in Length of String-typed ZVAL |
$0.0 |
| 403 |
Integer Overflow/Heap Overflow in json_encode()/json_decode() |
$0.0 |
| 404 |
Use After Free Vulnerability in SNMP with GC and unserialize() |
$0.0 |
| 405 |
Use After Free in unserialize() with Unexpected Session Deserialization |
$0.0 |
| 406 |
Use After Free Vulnerability in array_walk()/array_walk_recursive() |
$0.0 |
| 407 |
Use After Free/Double Free in Garbage Collection |
$0.0 |
| 408 |
Use After Free Vulnerability in unserialize() |
$0.0 |
| 409 |
PHP Session Data Injection Vulnerability |
$0.0 |
| 410 |
Create an Unexpected Object and Don't Invoke __wakeup() in During Deserialization |
$0.0 |
| 411 |
Memory Corruption in During Deserialized-object Destruction |
$0.0 |
| 412 |
Use After Free in PHP7 unserialize() |
$0.0 |
| 413 |
NULL Pointer Dereference in WDDX Packet Deserialization with PDORow |
$0.0 |
| 414 |
Use-after-free in unserialize() |
$0.0 |
| 415 |
GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] |
$0.0 |
| 416 |
Use-after-free in ArrayObject Deserialization |
$0.0 |
| 417 |
Type Confusion in Object Deserialization |
$0.0 |
| 418 |
Use After Free in unserialize() |
$0.0 |
| 419 |
Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization |
$0.0 |
| 420 |
Use-after-free in PHP7's unserialize() |
$0.0 |
| 421 |
Python 2.7 32-bit JSON encoding heap corruption |
$0.0 |
| 422 |
CVE-2017-10966: Heap-use-after-free in Irssi <1.0.4 |
$0.0 |
| 423 |
4 severe remote + several minor OpenVPN vulnerabilities |
$0.0 |
| 424 |
rpcbind "rpcbomb" CVE-2017-8779, CVE-2017-8804 |
$0.0 |
| 425 |
Two vulnerability in GNU binutils |
$0.0 |
| 426 |
memory allocator fails to realloc small block to large one |
$0.0 |
| 427 |
PHP INI Parsing Stack Buffer Overflow Vulnerability |
$0.0 |
| 428 |
Multiple issues in Libxml2 (2.9.2 - 2.9.5) |
$0.0 |
| 429 |
memory corruption while parsing HTTP response |
$0.0 |
| 430 |
Out-Of-Bounds Read in timelib_meridian() |
$0.0 |
| 431 |
PHP WDDX Deserialization Heap OOB Read in timelib_meridian() |
$0.0 |
| 432 |
PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy) |
$0.0 |
| 433 |
PHP mbstring / Oniguruma multiple remote heap/stack corruptions |
$0.0 |
| 434 |
external entity expansion in Apache POI |
$0.0 |
| 435 |
Heapoverflow in zipimporter module |
$0.0 |
| 436 |
Integer overflow in wordwrap |
$0.0 |
| 437 |
mod_http2, memory corruption on early pushes (CVE-2019-10081) |
$0.0 |
| 438 |
mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082) |
$0.0 |
| 439 |
Flash “local-with-filesystem” Bypass in navigateToURL |
$0.0 |
| 440 |
A reflected XSS in python/Lib/DocXMLRPCServer.py |
$0.0 |
| 441 |
Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c |
$0.0 |
| 442 |
Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak |
$0.0 |
| 443 |
mod_remoteip stack buffer overflow and NULL pointer dereference |
$0.0 |
| 444 |
Heap Buffer Overflow |
$0.0 |
| 445 |
Multiple use after frees in obj2ast_* methods |
$0.0 |
| 446 |
Additional information for CVE-2016-5699 |
$0.0 |
| 447 |
use of uninitialized variables in operator.methodcaller |
$0.0 |
| 448 |
Two vulnerabilities in the ssl module |
$0.0 |
| 449 |
stack buffer overflows in the curses module |
$0.0 |
| 450 |
Py_DECREF on a non-owned object in the _sre module |
$0.0 |
| 451 |
integer overflow in binascii.b2a_qp |
$0.0 |
| 452 |
integer overflow in the _csv module's join_append_data function |
$0.0 |
| 453 |
EIP control using type confusion in json encoding |
$0.0 |
| 454 |
UAF in xmlparser_setevents (2) |
$0.0 |
| 455 |
UAF in xmlparser_setevents (1) |
$0.0 |
| 456 |
NULL Pointer Dereference while unserialize php object |
$0.0 |
| 457 |
Invalid read when wddx decodes empty boolean element |
$0.0 |
| 458 |
CachingIterator null dereference when convert to string |
$0.0 |
| 459 |
Memory corruption in _php_math_number_format_ex() |
$0.0 |
| 460 |
Heap overflow due to integer overflow in bzdecompress() function |
$0.0 |
| 461 |
Memory corruption due to missing check size in _php_math_number_format_ex() |
$0.0 |
| 462 |
Heap overflow due to integer overflow in pg_escape_string() function |
$0.0 |
| 463 |
Heap overflow due to integer overflow in php_escape_html_entities_ex() function |
$0.0 |
| 464 |
malloc negative size parameter |
$0.0 |
| 465 |
Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412) |
$0.0 |
| 466 |
Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF |
$0.0 |
| 467 |
Missing type check when unserializing SplArray |
$0.0 |
| 468 |
integer overflow in xml_utf8_encode |
$0.0 |
| 469 |
Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128) |
$0.0 |
| 470 |
Heap overflow in curl_escape |
$0.0 |
| 471 |
Out of bound when verify signature of tar phar in phar_parse_tarfile |
$0.0 |
| 472 |
Out of bound when verify signature of zip phar in phar_parse_zipfile |
$0.0 |
| 473 |
Heap Overflow due to integer overflows |
$0.0 |
| 474 |
heap-buffer-overflow (write) simplestring_addn simplestring.c |
$0.0 |
| 475 |
Stack-based buffer overflow vulnerability in virtual_file_ex |
$0.0 |
| 476 |
Stack-based buffer overflow vulnerability in php_stream_zip_opener |
$0.0 |
| 477 |
Double Free Corruption in wddx.c (extension) |
$0.0 |
| 478 |
Heap Overflow Due To Integer Overflow |
$0.0 |
| 479 |
_php_mb_regex_ereg_replace_exec - double free |
$0.0 |
| 480 |
Multiple vulnerabilities related to PCRE functions (already fixed) |
$0.0 |
| 481 |
Trivial age-old heap overflow in 32-bit PHP |
$0.0 |
| 482 |
Use-after-free vulnerability in SPL(SplObjectStorage, unserialize) |
$0.0 |
| 483 |
Use-after-free vulnerability in SPL(ArrayObject, unserialize) |
$0.0 |
| 484 |
An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. |
$0.0 |
| 485 |
PHP-FPM fpm_log.c memory leak and buffer overflow |
$0.0 |
| 486 |
An integer overflow bug in php_implode() could lead heap overflow, make PHP to crash |
$0.0 |
| 487 |
openssl_seal() uninitialized memory usage |
$0.0 |
| 488 |
Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability |
$0.0 |
| 489 |
Adobe Flash Player PSDK Class Use After Free Vulnerability |
$0.0 |
| 490 |
Adobe Flash Player ShimAdPolicySelector(adPolicySelectorType=0) class Memory Corruption |
$0.0 |
| 491 |
Adobe Flash Player TimedEvent.parent Memory Corruption Vulnerability |
$0.0 |
| 492 |
Adobe Flash Player ShimContentResolver(resolverType=1) class Memory Corruption Vulnerability |
$0.0 |
| 493 |
Adobe Flash Player ShimContentResolver(resolverType=0) class Memory Corruption Vulnerability |
$0.0 |
| 494 |
Adobe Flash Player ShimOpportunityGenerator class Memory Corruption Vulnerability |
$0.0 |
| 495 |
Adobe Flash Player ShimContentResolver.configure Memory Corruption Vulnerability |
$0.0 |
| 496 |
Adobe Flash Player ShimContentFactory.retrieveResolvers Memory Corruption Vulnerability |
$0.0 |
| 497 |
Adobe Flash Player ShimContentFactory class Memory Corruption Vulnerability |
$0.0 |
| 498 |
Adobe Flash Player Metadata class Memory Corruption Vulnerability |
$0.0 |
| 499 |
Adobe Flash Player OpportunityGenerator class Memory Corruption Vulnerability |
$0.0 |
| 500 |
Adobe Flash Player ContentFactory class Memory Corruption Vulnerability |
$0.0 |
| 501 |
Adobe Flash Player Uninitialised Memory Corruption |
$0.0 |
| 502 |
Adobe Flash Player ASnative(900,1).call(TextField) Use-After-Free Vulnerability |
$0.0 |
| 503 |
Adobe Flash Player ASnative(900,1).call(MovieClip) Use-After-Free Vulnerability |
$0.0 |
| 504 |
Adobe Flash Player ASnative(101,10) Memory Corruption Vulnerability |
$0.0 |
| 505 |
Adobe Flash Player Race Condition Vulnerability |
$0.0 |
| 506 |
Adobe Flash Player TextField Use-After-Free Vulnerability |
$0.0 |
| 507 |
Misusing of FPU Instruction Could Cause Security Vulnerabilities in Adobe Flash Player |
$0.0 |
| 508 |
use-after-free vulnerability in Flash Player |
$0.0 |
| 509 |
Race condition in Flash workers may cause an exploitable double free |
$0.0 |
| 510 |
Multiple HTTP Smuggling reports |
$0.0 |
| 511 |
Exim use-after-free vulnerability while reading mail header involving BDAT commands |
$0.0 |
| 512 |
CVE-2017-13090 wget heap smash |
$0.0 |
| 513 |
CVE-2017-13089 wget stack smash |
$0.0 |
| 514 |
GarlicRust - heartbleed style vulnerability in major I2P C++ router implementations |
$0.0 |
| 515 |
Exim handles BDAT data incorrectly and leads to crash/hang |
$0.0 |
| 516 |
Ericsson Erlang OTP Core Allocation Subsystem Integer Overflow (All Versions) |
$0.0 |
| 517 |
Widespread failure of certificate validation in Android apps |
$0.0 |
| 518 |
Roundcube virtualmin privilege escalation (CVE-2017-8114) |
$0.0 |
| 519 |
CVE-2017-8798 - miniupnp getHTTPResponse chunked encoding integer signedness error |
$0.0 |
| 520 |
RCE on default Ubuntu Desktop >= 12.10 Quantal |
$0.0 |
| 521 |
Malicious Server can force read any file on clients system with default configuration in MySQL Clients |
$0.0 |
| 522 |
Incorrect logic in MySQL & MariaDB protocol leads to remote SSRF/Remote file read |
$0.0 |
| 523 |
The “Malstaller” Attack, global hijacking of any installation process to achieve RCE with elevated privileges, Windows OS (vendor agnostic) |
$0.0 |
| 524 |
CVE-2016-1924 OpenJPEG opj_tgt_reset Out-of-Bounds Read Vulnerability |
$0.0 |
| 525 |
CVE-2016-4796 OpenJPEG color_cmyk_to_rgb Out-of-Bounds Read Vulnerability |
$0.0 |
| 526 |
CVE-2016-3182 OpenJPEG color_esycc_to_rgb Out-of-Bounds Read Vulnerability |
$0.0 |
| 527 |
CVE-2016-3183 OpenJPEG sycc422_to_rgb Out-of-Bounds Read Vulnerability |
$0.0 |
| 528 |
CVE-2016-7163 OpenJPEG opj_pi_create_decode Integer Overflow Vulnerability |
$0.0 |
| 529 |
CVE-2016-5157 OpenJPEG opj_dwt_interleave_v Out-of-Bounds Write Vulnerability |
$0.0 |
| 530 |
putty pscp client-side post-auth stack buffer overwrite when processing remote file size |
$0.0 |
| 531 |
tcpdump: CVE-2018-14879 - buffer overflow in tcpdump.c:get_next_file() |
$0.0 |
| 532 |
Tcpdump before 4.9.3 has a buffer over-read in print-802_11.c (CVE-2018-16227) |
$0.0 |
| 533 |
Tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option() (CVE-2018-16229) |
$0.0 |
| 534 |
Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd |
$0.0 |
| 535 |
CRLF Injection in urllib |
$0.0 |
| 536 |
Heap Buffer Overflow (READ: 4) in phar_parse_pharfile |
$0.0 |
| 537 |
PHP Integer Overflow in gdImageWebpCtx |
$0.0 |
| 538 |
CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element |
$0.0 |
| 539 |
Uninitialized read in gdImageCreateFromXbm |
$0.0 |
| 540 |
Invalid Read on exif_process_SOFn |
$0.0 |
| 541 |
Uninitialized read in exif_process_IFD_in_MAKERNOTE |
$0.0 |
| 542 |
Uninitialized read in exif_process_IFD_in_TIFF |
$0.0 |
| 543 |
Windows only: arbitrary file read vulnerability in openssl s_server |
$0.0 |
| 544 |
heap buffer overflow in phar_detect_phar_fname_ext |
$0.0 |
| 545 |
Long filenames cause OOM and temp files are not cleaned |
$0.0 |
| 546 |
Use of uninitialized value in ftp_getrc_msg method of mod_proxy_ftp.c |
$0.0 |
| 547 |
Null Pointer Dereference in phar_create_or_parse_filename |
$0.0 |
| 548 |
DOS in stream filters |
$0.0 |
| 549 |
PHP 7.3.3: Heap-use-after-free (READ of size 8) in match_at() |
$0.0 |
| 550 |
Out-of-Bound Read in urldecode() [CVE-2020-7067] |
$0.0 |
| 551 |
mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full (CVE-2020-7065) |
$0.0 |
| 552 |
null pointer dereference in imap_mail |
$0.0 |
| 553 |
Use After Free in GC with Certain Destructors |
$0.0 |
| 554 |
Use after free vulnerability in phar_parse_zipfile |
$0.0 |
| 555 |
PHP builded for Windows with TS support does not resolve relalative paths with drive letter correctly |
$0.0 |
| 556 |
DirectoryIterator class silently truncates after a null byte |
$0.0 |
| 557 |
Null Pointer Dereference in PHP Session Upload Progress |
$0.0 |
| 558 |
Out-of-bounds Read in php_strip_tags_ex |
$0.0 |
| 559 |
PHP link() silently truncates after a null byte on Windows |
$0.0 |
| 560 |
[CVE-2020-10543] Buffer overflow caused by a crafted regular expression |
$0.0 |
| 561 |
DOMPurify bypass |
$0.0 |
| 562 |
Integer overflow in CipherUpdate |
$0.0 |
| 563 |
Heap buffer overflow vulnerability while processing a malformed TIFF file. |
$0.0 |
| 564 |
Canonical Snapcraft vulnerable to remote code execution under certain conditions |
$0.0 |
| 565 |
Fragmentation and Aggregation Flaws in Wi-Fi |
$0.0 |
| 566 |
Uncovering file quarantine and UX security issues in macOS apps ( .terminal, .fileloc and .url) |
$0.0 |
| 567 |
Buffer Overflow in ext_lm_group_acl helper |
$0.0 |
| 568 |
Buffer Overflow in smblib.c |
$0.0 |
| 569 |
Several protocol parsers in before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal() |
$0.0 |
| 570 |
CVE-2020-10938-buffer overflow/out-of-bounds write in compress.c:HuffmanDecodeImage() |
$0.0 |
| 571 |
CVE-2017-13019: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print() |
$0.0 |
| 572 |
CVE-2017-13050: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print() |
$0.0 |
| 573 |
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print() |
$0.0 |
| 574 |
Squid as reverse proxy RCE and data leak |
$0.0 |
| 575 |
Cache Poisoning |
$0.0 |
| 576 |
Cache Manager ACL Bypass |
$0.0 |
| 577 |
URN Request bypass ACL Checks |
$0.0 |
| 578 |
UrnState Heap Overflow |
$0.0 |
| 579 |
Squid leaks previous content from reusable buffer |
$0.0 |
| 580 |
Basic Authentication Heap Overflow |
$0.0 |
| 581 |
HTTP Smuggling multiple issues in Squid 3.x & squid 4.x |
$0.0 |
| 582 |
1-byte heap buffer overflow in DNS resolver |
$0.0 |
| 583 |
The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values |
$0.0 |
| 584 |
Ruby - Regular Expression Denial of Service Vulnerability of Date Parsing Methods |
$0.0 |
| 585 |
Buffer overflow in req_parsebody method in lua_request.c |
$0.0 |
| 586 |
Buffer Overflow in optimized_escape_html method |
$0.0 |
| 587 |
Use of uninitialized value of in req_parsebody method of lua_request.c |
$0.0 |
| 588 |
CVE-2022-24288: Apache Airflow: TWO RCEs in example DAGs |
$0.0 |
| 589 |
Read and write beyond bounds in mod_sed |
$0.0 |
| 590 |
OAUTH2 bearer not-checked for connection re-use |
$0.0 |
| 591 |
CVE-2022-27779: cookie for trailing dot TLD |
$0.0 |
| 592 |
CVE-2022-27780: percent-encoded path separator in URL host |
$0.0 |
| 593 |
CVE-2022-30115: HSTS bypass via trailing dot |
$0.0 |
| 594 |
Read beyond bounds in ap_strcmp_match() [zhbug_httpd_47.7] |
$0.0 |
| 595 |
Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126] |
$0.0 |
| 596 |
Read beyond bounds in mod_isapi.c [zhbug_httpd_41] |
$0.0 |
| 597 |
Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2] |
$0.0 |
| 598 |
DoS via lua_read_body() [zhbug_httpd_94] |
$0.0 |
| 599 |
CVE-2022-27781: CERTINFO never-ending busy-loop |
$0.0 |
| 600 |
Node.js - DLL Hijacking on Windows |
$0.0 |
| 601 |
Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame. |
$0.0 |
| 602 |
CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag |
$0.0 |
| 603 |
CVE-2022-35948: CRLF Injection in Nodejs ‘undici’ via Content-Type |
$0.0 |
| 604 |
[CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname |
$0.0 |
| 605 |
CVE-2022-42916: HSTS bypass via IDN |
$0.0 |
| 606 |
CVE-2022-35252: control code in cookie denial of service |
$0.0 |
| 607 |
CVE-2022-45402: Apache Airflow: Open redirect during login |
$0.0 |
| 608 |
CVE-2022-35260: .netrc parser out-of-bounds access |
$0.0 |
| 609 |
Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable |
$0.0 |
| 610 |
CVE-2022-43551: Another HSTS bypass via IDN |
$0.0 |
| 611 |
HTTP multi-header compression denial of service |
$0.0 |
| 612 |
Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522) |
$0.0 |
| 613 |
CVE-2023-27537: HSTS double-free |
$0.0 |
| 614 |
Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information |
$0.0 |
| 615 |
Security Unfavorable Specifications and Implementations in the CGI::Cookie Class |
$0.0 |
| 616 |
JWT audience claim is not verified |
$0.0 |
| 617 |
CVE-2023-28755: ReDoS vulnerability in URI |
$0.0 |
| 618 |
CVE-2023-28319: UAF in SSH sha256 fingerprint check |
$0.0 |
| 619 |
CVE-2023-28322: more POST-after-PUT confusion |
$0.0 |
| 620 |
CVE-2023-28321: IDN wildcard match |
$0.0 |
| 621 |
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements |
$0.0 |
| 622 |
CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE |
$0.0 |
| 623 |
Potential NULL dereference in libssh's sftp server |
$0.0 |
| 624 |
(CVE-2023-32004) Permission model bypass by specifying a path traversal sequence in a Buffer |
$0.0 |
| 625 |
(CVE-2023-32003) fs.mkdtemp() and fs.mkdtempSync() are missing getValidatedPath() checks |
$0.0 |
| 626 |
(CVE-2023-32006) Permissions policies can impersonate other modules in using module.constructor.createRequire() |
$0.0 |
| 627 |
CVE-2023-40611: Apache Airflow Dag Runs Broken Access Control Vulnerability |
$0.0 |
| 628 |
Secrets can be unmasked in the "Rendered Template" |
$0.0 |
| 629 |
CVE-2023-47037: Airflow Broken Access Control Vulnerability |
$0.0 |
| 630 |
Misconfiguration in AWS CloudFront CDN configuration makes rubygems.org serve (and cache) content from a unclaimed S3-bucket |
$0.0 |
| 631 |
CVE-2023-49920: Apache Airflow: Missing CSRF protection on DAG/trigger |
$0.0 |
| 632 |
curl HSTS long file name clears contents |
$0.0 |
| 633 |
CVE-2024-0853: OCSP verification bypass with TLS session reuse |
$0.0 |
| 634 |
CVE-2019-1551: rsaz_512_sqr overflow bug on x86_64 |
$0.0 |
| 635 |
[CVE-2024-25126] Denial of Service Vulnerability in Rack Content-Type Parsing |
$0.0 |
| 636 |
[CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch |
$0.0 |
| 637 |
[CVE-2024-26146] Header Parsing leads to Possible Denial of Service Vulnerability |
$0.0 |
| 638 |
libcurl: freeing stack buffer during x509 certificate parsing |
$0.0 |
| 639 |
curl: stack-buffer overread during punycode conversions |
$0.0 |