Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
data tools project data tools vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz up to and including 6.0.0 allows malicious users to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Harfbuzz Project Harfbuzz
Fedoraproject Fedora 36
5
CVSSv2
CVE-2009-1188
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x prior to 3.02pl4 and Poppler prior to 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote malicious users to execute arbitrary code or cause a denial o...
Poppler Poppler 0.7.3
Poppler Poppler 0.3.2
Poppler Poppler 0.10.3
Poppler Poppler 0.4.0
Poppler Poppler 0.8.5
Poppler Poppler 0.9.3
Poppler Poppler 0.10.1
Poppler Poppler 0.10.0
Poppler Poppler 0.7.1
Poppler Poppler 0.6.1
Poppler Poppler 0.3.1
Poppler Poppler 0.5.2
Poppler Poppler 0.5.91
Poppler Poppler 0.6.0
Poppler Poppler 0.3.3
Poppler Poppler 0.4.2
Poppler Poppler 0.10.4
Poppler Poppler 0.9.2
Poppler Poppler 0.6.4
Poppler Poppler 0.1.2
Poppler Poppler 0.8.0
Poppler Poppler 0.8.3
NA
CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an malicious user to ...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
NA
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the ra...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
NA
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 lengt...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2009-1182
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and previous versions, CUPS 1.3.9 and previous versions, Poppler prior to 0.10.6, and other products allow remote malicious users to execute arbitrary code via a crafted PDF file.
Glyphandcog Xpdfreader
Glyphandcog Xpdfreader 1.01
Foolabs Xpdf 1.00a
Foolabs Xpdf 0.92d
Foolabs Xpdf 0.92c
Glyphandcog Xpdfreader 0.90
Glyphandcog Xpdfreader 0.80
Glyphandcog Xpdfreader 0.3
Glyphandcog Xpdfreader 0.2
Glyphandcog Xpdfreader 2.03
Glyphandcog Xpdfreader 2.02
Foolabs Xpdf 0.93b
Foolabs Xpdf 0.93a
Glyphandcog Xpdfreader 0.92
Foolabs Xpdf 0.91c
Foolabs Xpdf 0.91b
Glyphandcog Xpdfreader 0.6
Foolabs Xpdf 0.5a
Glyphandcog Xpdfreader 3.00
Glyphandcog Xpdfreader 3.01
Glyphandcog Xpdfreader 1.00
Foolabs Xpdf 0.93c
4.3
CVSSv2
CVE-2009-1183
The JBIG2 MMR decoder in Xpdf 3.02pl2 and previous versions, CUPS 1.3.9 and previous versions, Poppler prior to 0.10.6, and other products allows remote malicious users to cause a denial of service (infinite loop and hang) via a crafted PDF file.
Foolabs Xpdf 0.91c
Foolabs Xpdf 0.91b
Foolabs Xpdf 0.93b
Foolabs Xpdf 1.00a
Foolabs Xpdf 0.91a
Foolabs Xpdf 0.92e
Foolabs Xpdf 0.5a
Foolabs Xpdf 0.92b
Foolabs Xpdf 0.93c
Foolabs Xpdf 0.92c
Foolabs Xpdf 0.7a
Foolabs Xpdf 0.93a
Foolabs Xpdf 0.92d
Foolabs Xpdf 0.92a
Glyphandcog Xpdfreader 0.2
Glyphandcog Xpdfreader 0.3
Glyphandcog Xpdfreader 0.4
Glyphandcog Xpdfreader 0.5
Glyphandcog Xpdfreader 0.6
Glyphandcog Xpdfreader 0.80
Glyphandcog Xpdfreader 0.90
Glyphandcog Xpdfreader 1.00
NA
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would r...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2023-40583
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not ge...
Protocol Libp2p
NA
CVE-2023-39326
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of d...
Golang Go
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »