Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
2ca96b106cbf6af495fe558e5111838c74cab0492e9b5d376f567b430e57052f
MISP (Malware Information Sharing Platform and Threat Sharing) versions 2.4.79 and below suffer from a cross site scripting vulnerability.
d5d95664a334a528dd6612f67991bd576886442c2f66af94f4b6396b958b356c
Ubuntu Security Notice 3406-1 - It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
713a8ec2966db4dfb7a60eb6aba6c8abc38cb940925a7a8602735cf1998e3b56
Ubuntu Security Notice 3405-2 - USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
9fb7e5e4b1090eb89ab9343b4aac56e8f9b44171aade9cf1e7eb6e419ed30450
Ubuntu Security Notice 3405-1 - It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
e985c878ac1f840112d8ae173a55521c302cdeedb1d58e78149cb339271b8e3a
Ubuntu Security Notice 3404-2 - USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.
2d34da306d516c16c1e2ce1d0a0fe419b9503fabe728dc169521bcf6b9b61947
OpenSSL Security Advisory 20170828 - If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format.
bfe693c207e12bf41b62de943a276fa92f260530bb94dfc8fc7787631bc42165
Ubuntu Security Notice 3404-1 - A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.
fa33301449a180f6590fe7f0733eaeb35c623426b0539632995cb7b32c393c21
Matrimony version 2.7 suffers from a cross site request forgery vulnerability.
816a06c7d7595ef71786ff4e62fb3f1dc153c5931fd480a80b7b0ff526b4b08f
Whitepaper called Offensive and Defensive PowerShell. Written in Turkish.
2890c304c4261dd5eed0bdb50c6c7a26c5b83382a7c23c2b1b6541e599fd298f
Easy RM RMVB to DVD Burner version 18.11 buffer overflow exploit.
0e6caeaabff62e5b13661c152cc35327130cb5693f71488479e4f3a2ad4a8b9e
Posty version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6aac32b2b95d9b88395dda6d01793a7227412fd7fa133fa0f854618d81b1a38e
Easy WMV/ASF/ASX to DVD Burner version 2.3.11 buffer overflow exploit.
e32cd0f9d448918e1a94e76e77bfb0ff63cbbf3418eb1d6d9c56182c8950bec5
VX Search Enterprise version 10.0.14 remote buffer overflow exploit.
13eec855947676a3ba5f8e915538709a850cca19ce222df2d53ae8307fc7f669
Apple iOS versions prior to 10.3.1 kernel exploit that demonstrates a sandbox escape.
103a1cd8dfe8bcd292b357f7210598a04715f7f0c33d9dfc09c87d9f23994fcf
Easy DVD Creator version 2.5.11 buffer overflow exploit.
9397771736d3c2841192ff4302787d171ff5e46f90fdba2eee026273ffdcf605
Gentoo Linux Security Advisory 201708-10 - Multiple integer overflow flaws have been discovered in jbig2dec, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 0.13-r4 are affected.
e800564a9d543207a426b461e655f3bbd79afb05e0188afad6b3e1e318f2fa3d
Gentoo Linux Security Advisory 201708-9 - Multiple vulnerabilities have been found in AutoTrace, the worst of which could cause a Denial of Service condition. Versions less than or equal to 0.31.1-r8 are affected.
7cfe73403f43378408fb5b3769e1d307d509e53b27c65a073dcd33b95ed6497d
DiskBoss Enterprise version 8.3.12 suffers from a buffer overflow vulnerability.
acb4fa7dcfe7eccbd292c4cc9ee7681e572e6a9ac6b1bd1ae8607a988cb20793
VX Search Enterprise version 10.0.14 suffers from a buffer overflow vulnerability.
c82987e9cdbc390a6c4a1d521c941484c1f2effdb79fad3fbe918e9fcc39392a
Disk Savvy Enterprise version 9.9.14 buffer overflow exploit.
5c8b5ab18d37e5da0ee71bf65a0be4813f665141aeb5c9f7d9bed9c4c0fe4018
Sync Breeze Enterprise version 9.9.16 buffer overflow exploit.
78be6594ce68f662d2e0391314041a518191c4a1db137c1574eb5370a76b9fc7
Disk Pulse Enterprise version 9.9.16 buffer overflow exploit.
2c0cdf484d240ee492e1397fc67db40c22dd6fb44c1f20ddf77b518a562af77f
My Video Converter version 1.5.24 suffers from a buffer overflow vulnerability.
83b8c48ebbb41478a0b7f7b81d2f6a4f476813780f241c54e01f7f51a375d35b
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
9ce1fd262b4dec479c30e0663a3e5159358a36ffc8178481d6b0a7d77ceea512