Writeup Exploits
60,918 exploits tracked across all sources.
Wireshark 3.6.0-3.6.10 - Denial of Service via Excessive Iteration in Packet Dissectors
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.6.0-3.6.10 and 4.0.0-4.0.2 - Denial of Service via TIPC Dissector
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.6.0-3.6.10 - Denial of Service via Packet Injection or Crafted Capture File
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 4.0.0-4.0.2 - Denial of Service in EAP Dissector
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.6.0-3.6.10 - Denial of Service via iSCSI Dissector
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.6.0-3.6.10 - Denial of Service via GNW Dissector Packet Injection
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVSS 6.3
Wireshark 3.6.0-3.6.10 - Denial of Service via NFS Dissector Memory Leak
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVSS 6.3
GitLab 13.11-15.8.4, 15.9-15.9.3, 15.10 - Unauthorized Project Update Access via Fork Diff
An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.
CVSS 6.5
Isoftforce Dreamer CMS <4.0.1 - Info Disclosure
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.
CVSS 5.3
Dreamer CMS <4.1.3 - Info Disclosure
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.
CVSS 4.3
Dreamer CMS <= 4.0.1 - Cross-Site Scripting
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.
CVSS 3.5
Dreamer CMS <= 4.0.1 - Cross-Site Scripting
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.
CVSS 3.5
Dreamer CMS 4.0.01 - SQL Injection
Dreamer CMS 4.0.01 is vulnerable to SQL Injection.
CVSS 9.8
Dreamer CMS 4.0.0 - SQL Injection via tableName Parameter
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.
CVSS 9.8
QEMU Guest Agent - Privilege Escalation
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
CVSS 7.8
GitLab <15.9.6, <15.10.5, <15.11.1 - RCE
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.
CVSS 4.8
libtiff < 4.4.0 - Out-of-bounds Read in tiffcrop
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVSS 6.8
libtiff < 4.4.0 - Out-of-bounds Read in tiffcrop
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVSS 6.8
libtiff < 4.4.0 - Out-of-bounds Read in tiffcrop
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVSS 6.8
libtiff < 4.4.0 - Out-of-bounds Read in tiffcrop
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVSS 6.8
libtiff < 4.4.0 - Out-of-bounds Read in tiffcrop via Crafted TIFF File
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVSS 6.8
libtiff < 4.4.0 - Out-of-bounds Read in tiffcrop via Crafted TIFF File
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVSS 6.8
libtiff < 4.4.0 - Out-of-bounds Read in tiffcrop
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVSS 6.8
libtiff < 4.4.0 - Out-of-bounds Read in tiffcrop
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVSS 6.8
libtiff < 4.4.0 - Use-After-Free in tiffcrop
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVSS 6.8
By Source