Writeup Exploits
60,918 exploits tracked across all sources.
QEMU virtio-fs < 6.2.0-7 - Privilege Escalation via SGID Directory Group Ownership
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
CVSS 7.8
GitLab CE/EE <14.7.1 - Info Disclosure
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
CVSS 4.3
Gitlab CE/EE <14.5.4-14.7.1 - Info Disclosure
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.
CVSS 4.3
GitLab 7.9-14.7.1 - Server-Side Request Forgery via Irker DNS Rebinding
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.
CVSS 5.4
GitLab <14.5.4, <14.6.4, <14.7.1 - DoS
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.
CVSS 4.9
libnbd - Unchecked Return Value in nbdcopy Multi-threaded Copy Operation
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
CVSS 4.8
GitLab 8.15.0-14.6.4 - Denial of Service via Math Feature Formula in Issue Comments
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.
CVSS 3.5
libtiff 3.9.0-4.3.0 - Denial of Service via TIFFFetchStripThing memcpy Null Pointer
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
CVSS 5.5
libtiff 4.0-4.3.0 - Denial of Service via Crafted TIFF File
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
CVSS 5.5
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Use-After-Free in CMS Protocol Dissector
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Denial of Service via CSN.1 Dissector Unaligned Access
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Denial of Service via PVFS Protocol Dissector
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Denial of Service via Large Loops in Protocol Dissectors
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
CVSS 4.3
Wireshark 3.4.0-3.4.11 and 3.6.0-3.6.1 - Denial of Service via RTMPT Protocol Dissector Infinite Loop
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS 6.3
GitLab 10.0.0-14.6.5 - Environment Variable Exposure via Sendmail Email Address Injection
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
CVSS 5.8
libtiff 4.3.0 - Denial of Service via Crafted TIFF File
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
CVSS 5.5
libtiff 4.3.0 - Heap Buffer Overflow in ExtractImageSection Function
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
CVSS 6.1
libtiff 4.3.0 - Denial of Service via Crafted TIFF File
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
CVSS 5.5
libtiff < 4.3.0 - Denial of Service via memcpy() in TIFFFetchNormalTag
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
CVSS 7.7
libtiff < 4.3.0 - Denial of Service via memcpy() in TIFFFetchNormalTag
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
CVSS 7.7
libtiff 4.3.0 - Denial of Service via Crafted TIFF File
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
CVSS 5.5
libtiff 4.3.0 - Out-of-bounds Read in tiffcp via Crafted TIFF File
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
CVSS 5.5
libtiff 4.3.0 - Out-of-bounds Read in tiffcrop
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
CVSS 5.5
LibTIFF 4.3.0 - Denial of Service via Malicious TIFF File
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.
CVSS 4.3
mutt 0.94.13-2.2.3 - Buffer Overflow in uudecoder
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
CVSS 4.3
By Source