Denial Of Service (DoS)

github.com/velocidex/velociraptor is vulnerable to Denial of Service DoS attacks. Due of poor validation in the PE and OLE parsers, an attacker is able to cause the application to crash by processing a deliberately malformed file...

Cross-Site Request Forgery (CSRF)

github.com/phachon/mm-wiki is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in Save function of user.go which allows an attacker to execute arbitrary code via the system/user/save parameter...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...

Authorization Bypass

github.com/moby/moby is vulnerable to Authorization Bypass. Encrypted overlay networks accept cleartext VXLAN datagrams tagged with the VNI of the network, which allows remote attackers to arbitrary inject ethernet frames into the encrypted overlay network...

Denial Of Service (DoS)

github.com/moby/moby is vulnerable to Denial Of Service DoS. The vulnerability exists due to the lack of VXLAN encryption validation in bpf.go allowing an attacker to inject cleartext VXLAN datagrams in the encrypted overlay network which can cause an application crash...

Path Traversal

github.com/sjqzhang/go-fastdfs is vulnerable to Path Traversal. The vulnerability exists because the Upload function of fileserver.go does not properly check custom paths, which allows an attacker to access files outside the expected directory through the /group1/upload in the File Upload Handler...

Timing Attack

github.com/hashicorp/vault is vulnerable to Timing Attacks. The vulnerability exists in mult and div functions of shamir.go because of not implementing a constant time which allows an attacker to observe a large number of unseal operations on the host...

Symlink Bypass

github.com/opencontainers/runc is vulnerable to Symlink Attack. The vulnerability exists because the proc and sysfs attributes do not properly check whether the destination is a symlink or not, which allows an attacker to bypass the AppArmor or SELinux when /proc inside the container is symlinked...

Denial Of Service (DoS)

github.com/crewjam/saml is vulnerable to Denial of Service DoS attacks. The vulnerability is due to the flate.NewReader function because it allows users to pass more than 1 MB of data to the processing functions, which will be decompressed server-side. After repeating the request a number of time...

Path Traversal

github.com/dablelv/go-huge-util is vulnerable to Path Traversal. The vulnerability exists due to the Create function in file/file.go because the library fails to strip ../ from the uncompressed file name, which allows an attacker to traverse outside the expected directory...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to Denial Of Service DoS. The vulnerability exists because upstream watch handling was shared between connect-proxy and gateways, allowing an attacker with service:write permission to cause a server and client crash...

Denial Of Service (DoS)

github.com/crossplane/crossplane-runtime is vulnerable to Denial Of Service DoS. The vulnerability exists due to the Pave and setValue functions in paved.go because it does not enforce the max index size of a field path, allowing an attacker to use excessive memory and cause an application crash...

GO-2023-1602 Denial of service via deflate decompression bomb in github.com/russellhaering/gosaml2

A bug in SAML authentication library can result in Denial of Service attacks. Attackers can craft a "deflate"-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process bein...

Stored Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to map attributes in the Geomap plugin which library does not properly sanitize, allowing an attacker with an editor role to inject and execute malicious JavaScript. If an admin user clicks on the m...

OS Command Injection

github.com/gogs/gogs is vulnerable to OS Command Injection. The vulnerability exists because the isRepositoryGitPath function of repoeditor.go does not properly check the git path on case-insensitive file systems, which allows an attacker to upload malicious file configs into the system...

Information Disclosure

github.com/moby/hyperkit is vulnerable to Information Disclosure. The vulnerability exists in the pcivtblkproc function of pcivirtioblock.c, which leads to the disclosure of host memory into the virtualized guest...

Denial Of Service (DoS)

github.com/golang/net is vulnerable to Denial of Service DoS attacks. An attacker is able to cause excessive CPU consumption through the HPACK decoder via a small number of maliciously crafted HTTP/2 stream requests, resulting in an application crash...

Denial Of Service (DoS)

github.com/golang/image is vulnerable to Denial of Service DoS attacks. An attacker is able to consume a significant amount of memory through the DecodeConfig component when passed a malformed TIFF image, resulting in an application crash...

Privilege Escalation

github.com/mosn/mosn is vulnerable to Privilege Escalation. The vulnerability exists due to the prefixMatcher function in matcher.go while using JWT authorization, which is case-sensitive to the prefix that the URL matches, which may result in authentication bypass...

SQL Injection

github.com/zhaojh329/rttys is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the username parameter via a maliciously registered account allows an attacker to inject and execute arbitrary SQL queries on the target system...