Writeup Exploits
60,754 exploits tracked across all sources.
hutool-json 5.8.10 - Denial of Service via XML.toJSONObject Stack Overflow
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CVSS 7.5
Hutool < 5.7.19 - Improper Certificate Validation
Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.
CVSS 9.8
byacc < 1.9.20200330 - Use-After-Free in Comment Processing
When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).
CVSS 7.8
byacc < 1.9.20200330 - Denial of Service via Infinite Loop in more_curly()
When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.
CVSS 5.5
Mailman Core <3.3.5 - Info Disclosure
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
CVSS 6.3
QEMU < 6.0.0 - Denial of Service via USB Redirector Device Stack Allocation
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
CVSS 5.5
libvirt < 7.5.0 - Incorrect Permission Assignment for Critical Resource via SELinux MCS Category Pair Generation
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
CVSS 6.3
libvirt 4.1.0-7.4.0 - Denial of Service via Improper Locking in virStoragePoolLookupByTargetPath
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
CVSS 6.5
Samba 4.1.0-4.15.9 - Uncontrolled Resource Consumption via MaxQueryDuration LDAP Bypass
MaxQueryDuration not honoured in Samba AD DC LDAP
CVSS 6.5
nbdkit 1.11.8-1.24.6 - Denial of Service via STARTTLS Plaintext Injection
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
CVSS 3.1
Atlassian Atlasboard < 1.1.9 - Path Traversal via renderWidgetResource
The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.
CVSS 7.5
GitLab 14.1.1-14.1.6 - Two-Factor Authentication Bypass via Basic Authentication
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
CVSS 3.1
GitLab 10.8.0-14.1.6 - Information Disclosure via SendEntry Rails Log Exposure
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
CVSS 2.0
Wireshark 3.4.0-3.4.9 - Denial of Service via IPPUSB Dissector NULL Pointer Dereference
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
CVSS 7.5
Wireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via Modbus Dissector NULL Pointer Dereference
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVSS 7.5
Wireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via C12.22 Dissector Buffer Overflow
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVSS 7.5
Wireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via PNRP Dissector Large Loop
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVSS 7.5
Wireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via Bluetooth DHT Dissector
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVSS 7.5
Wireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via Bluetooth SDP Dissector Buffer Overflow
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVSS 7.5
Wireshark 3.4.0-3.4.9 - Denial of Service via Bluetooth HCI_ISO Dissector Buffer Overflow
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
CVSS 7.5
Wireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via IEEE 802.11 Dissector
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVSS 7.5
Wireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via Bluetooth DHT Dissector
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVSS 7.5
GitLab 11.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Diff Feature
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.
CVSS 4.3
GitLab 12.10-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Inefficient Regular Expression
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.
CVSS 4.3
GitLab 12.10-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthorized Service Desk Email Address Disclosure
Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
CVSS 4.3
By Source