CVE-2020-9383 Floppy OOB read |
Buffer Over-read |
jordyzomer |
High |
2021-08-22 |
IP-in-IP protocol routes arbitrary traffic by default - CVE-2020-10136 |
Improper Access Control - Generic |
yannayl |
Medium |
2021-08-15 |
[CVE-2020-27194] Linux kernel: eBPF verifier bug in `or` binary operation tracking function leads to LPE |
Privilege Escalation |
simonscannell |
High |
2021-07-23 |
Uncovering file quarantine and UX security issues in macOS apps ( .terminal, .fileloc and .url) |
Violation of Secure Design Principles |
metnew |
No rating |
2021-07-23 |
Canonical Snapcraft vulnerable to remote code execution under certain conditions |
None supplied |
itszn |
Medium |
2021-07-23 |
Fragmentation and Aggregation Flaws in Wi-Fi |
Cryptographic Issues - Generic |
vanhoefm |
No rating |
2021-07-23 |
Ubuntu Linux privilege escalation (dirty_sock) |
Privilege Escalation |
initstring |
High |
2019-08-28 |
Cross-site information assertion leak via Content Security Policy |
Information Disclosure |
zemnmez |
No rating |
2018-09-05 |
ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers |
Privilege Escalation |
fransrosen |
Critical |
2018-05-19 |
Unsecure: Bypass alerts of Little Flocker / Little Snitch / HandsOff! / BlockBlock (same concept can be applied to other security tools) |
None supplied |
pwnsdx |
No rating |
2017-12-12 |
Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse |
Reusing a Nonce, Key Pair in Encryption |
vanhoefm |
Medium |
2017-11-03 |
RCE via ssh:// URIs in multiple VCS |
OS Command Injection |
joernchen |
High |
2017-09-21 |
Race Conditions in OAuth 2 API implementations |
Improper Authentication - Generic |
dor1s |
Medium |
2017-09-19 |
ntpd: read_mru_list() does inadequate incoming packet checks |
Denial of Service |
magnusstubman |
Low |
2017-07-12 |
Mercurial can be tricked into granting authorized users access to the Python debugger |
Code Injection |
claudijd |
High |
2017-07-12 |
Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714) |
None supplied |
stewie |
No rating |
2016-05-03 |
libcurl duphandle read out of bounds |
None supplied |
sparaschoudis |
No rating |
2015-11-05 |
Heap overflow in H. Spencer’s regex library on 32 bit systems |
Memory Corruption - Generic |
guido |
No rating |
2015-04-06 |
open redirect in rfc6749 |
Open Redirect |
asanso |
No rating |
2015-04-06 |
Drupal 7 pre auth sql injection and remote code execution |
SQL Injection |
shorst |
No rating |
2015-04-06 |
FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers |
Cryptographic Issues - Generic |
prosecco-inria |
No rating |
2015-04-01 |
Bad Write in TTF font parsing (win32k.sys) |
Memory Corruption - Generic |
dirtybit |
No rating |
2015-03-01 |
libcurl: URL request injection |
None supplied |
isciurus |
No rating |
2015-01-08 |
rsync hash collisions may allow an attacker to corrupt or modify files |
Cryptographic Issues - Generic |
mik |
No rating |
2014-11-18 |
TLS Virtual Host Confusion |
None supplied |
adl |
No rating |
2014-11-10 |
GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability |
None supplied |
stephane-chazelas |
No rating |
2014-10-01 |
Multiple issues in looking-glass software (aka from web to BGP injections) |
Cross-site Scripting (XSS) - Generic |
kaeso |
No rating |
2014-09-17 |
LZ4 Core |
Memory Corruption - Generic |
donb |
No rating |
2014-07-25 |
Bypassing Same Origin Policy With JSONP APIs and Flash |
None supplied |
molnarg |
No rating |
2014-07-19 |
Uncontrolled Resource Consumption with XMPP-Layer Compression |
Denial of Service |
gianko |
No rating |
2014-04-20 |
TLS Triple Handshake Attack |
None supplied |
prosecco-inria |
No rating |
2014-03-03 |
OpenSSH: Memory corruption in AES-GCM support |
None supplied |
markus |
No rating |
2013-11-07 |