Denial Of Service (DoS)

org.elasticsearch:elasticsearch is vulnerable to denial of service DoS attacks. A malicious unauthenticated user is able to forcibly shut down an elasticsearch node and cause denial of service conditions via a specifically formatted network request...

Remote Code Execution

nginx is vulnerable to remote code execution. A remote attacker who is able to provide DNS responses to a nginx server can likely achieve remote code execution due to an off-by-one error in ngxresolvercopy while processing DNS responses...

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to regular expression denial of service. An attacker can crash the application by providing a very high value of custom locale rule through the posPre attribute in the parsePattern function of parser.js...

CRLF Injection

urllib2 in python2 is vulnerable to CRLF injection. The vulnerability exists if an attacker controls a URL parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL followed by an HTTP header. This vulnerability is similar to...

Remote Code Execution (RCE)

RabbitMQ is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the...

Remote Code Execution (RCE)

github.com/go-gitea/gitea is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the newPullRequest function in the giteauploader.go file allowing an attacker to inject maliciously crafted script into the system...

Privilege Escalation

elasticsearch is vulnerable to privilege escalation. An attacker can disable the in-built protections on the security index, leading to access to the current index with index permission...

Remote Code Execution (RCE)

.NET is vulnerable to Remote Code Execution RCE. The vulnerability is due to data corruption in Kestrel HTTP/3 server, which can result in remote code execution. An attacker can exploit this to execute arbitrary code on the affected system...

Information Leakage

Elasticsearch is vulnerable to information leakage. An attacker can gain access to the other user's sensitive information in the response header if multiple users submitting requests, causing a race condition in response headers...

Server-side Request Forgery (SSRF)

github.com/darklynx/request-baskets is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the improper validation in the /api/baskets/name path, allowing an admin authenticated attacker to access network resources and sensitive information via a maliciously crafted AP...

Untrusted Search Path

python is vulnerable to Untrusted Search Path. The vulnerability is due to the Pynormpath function which cannot process paths with embedded null characters without truncating the path. If a path containing the \0 byte is passed to os.path.normpath, the path will be truncated unexpectedly at the...

Directory Traversal

Python is vulnerable to directory traversal attack. The vulnerability is due to the extract and extractall functions in the tarfile module which allows an attacker to overwrite arbitrary files via a dot dot.. sequence. The vulnerability results in an arbitrary file overwrite...

Cross-site Scripting (XSS)

angular is vulnerable to cross-site scriptingXSS attacks. The library permits interpolation of elements due to insecure page caching, allowing an attacker to inject and execute malicious javascript on the victim's browser. This vulnerability only affects Internet Explorer...

Cross-Site Scripting (XSS)

jquery is vulnerable to cross-site scripting XSS. When passing a HTML from untrusted sources to one of jQuery's DOM manipulation methods i.e. .html, .append, and others, untrusted code may potentially be executed...

Directory Traversal

johnpbloch/wordpress-core is vulnerable to Directory Traversal. The vulnerability exists in the determinelocale function via wplang parameter due to lack of file access restrictions which allows an unauthenticated attacker to access and load arbitrary translation files and to inject and execute...

Arbitrary Code Execution (ACE)

firefox is vulnerable to arbitrary code execution. The vulnerability exists due to memory corruption which allows an attacker to execute arbitrary code on the system...

Information Disclosure

request-tracker4 is vulnerable to information disclosure. The vulnerability exists due to a user enumeration through a timing side-channel attack...

Information Disclosure

A username disclosure flaw was found in Elasticsearch’s API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm...

Remote Code Execution (RCE)

php is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of Uninitialized array in pgqueryparams allowing an attacker to inject maliciously crafted script into the system...

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a missing sanitization in the href attribute of the tag while working with data-slide and data-slide-to attributes. This could enable an attacker to execute arbitrary JavaScript within the victim's browser...

Information Disclosure

github.com/openshift/origin is vulnerable to information disclosure. When a pod is used with the --credentials option is used, a local attacker can get private key information by reading the systemd journal. This is because when the --credential option is enabled, the router credentials are store...

Remote Code Execution (RCE)

openssh is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the insufficient trustworthy search path in the PKCS11 feature in ssh-agent of the library, allowing an attacker to inject and execute malicious code if an agent is forwarded to an attacker-controlled system. NOTE...

Regular Expression Denial Of Service (ReDoS)

Useragent is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to ReDoS caused by the presence of regular expressions that can be exploited to cause high CPU usage, leading to denial of service...

Remote Code Execution (RCE)

mosquitto is vulnerable to a remote code execution vulnerability. This vulnerability exists due to a flaw in the way the library handles certain requests. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected system...

Privilege Escalation

mysql is vulnerable to privilege escalation. The vulnerability exists due to a flaw in an improperly-checked return value...

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the updateAlternate function in datepicker.js as it does not properly sanitize altField...

Remote Code Execution (RCE)

netdata is vulnerable to Remote Code Execution RCE. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent when an alert is triggered. This can be done by providing a specially crafted registryhostname as part of the health da...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service. Lack of sanitization of user-provided input results in read buffer overrun in X509auxprint, X509aliasset13 and X509printex3, leading to information leakage and application crash...

Information Disclosure

elasticsearch is vulnerable to information disclosure. The library does not properly filter the settings API, allowing a malicious user can pass a query to the cluster/settings API to gain access to sensitive configuration information like passwords, tokens or usernames...

Timing Attack

python is vulnerable to Timing Attack. The vulnerability is caused by a loophole in hmac.comparedigest function making it deviate from constant time operation. An attacker can mount a timing attack by exploiting the accumulator variable result in the hmac.comparedigest function...

Information Disclosure

electron is vulnerable to information disclosure. The vulnerability exists as ther Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong fram...

Improper Input Validation

python is vulnerable to improper input validation. The vulnerability arises due to incorrect parsing of an email address containing a special character. An attacker can bypass protection mechanisms in which application access is granted only after verifying its domain name...

Remote Code Execution (RCE)

OpenSSH is vulnerable to remote code execution. The vulnerability exists due to a forwarding of an agent to an attacker-controlled host on an unconstrained agent-socket access on a legacy operating system...

Cross-Site Scripting (XSS)

jquery is vulnerable to cross-site scripting XSS. The regular expression in load method does not properly remove HTML tags containing a whitespace character in the closing script tag e.g...

HTTP Request Smuggling

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...

Memory Leak

inflight is vulnerable to a Memory Leak. The vulnerability is due to lack of restrictions on how many callbacks the library can concurrently support, which can result in a NodeJS out of heap memory crash...

Remote Code Execution (RCE)

pdfjs-dist is vulnerable to Remote Code Execution RCE. The vulnerability is due to the default setting isEvalSupported set to true, which allows unrestricted execution of attacker-controlled JavaScript within the hosting domain context...

Denial Of Service (DoS)

bind9 is vulnerable to denial of service. The vulnerability exists due to broken authoritative servers using a flaw in response processing that may cause degradation in BIND resolver performance...

HTTP Request Smuggling

github.com/clickhouse/ch-go is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper parsing or handling of HTTP requests. Specifically, the vulnerability arises from the way large, uncompressed malicious external data is processed, allowing an attacker to smuggle an addition...

Privilege Escalation

electron is vulnerable to privilege escalation. When the nodeIntegrationInSubFrames enable, An attacker can get access to a new renderer process within JS execution, and if the application exposes IPC messages without IPC senderFrame validation, leading to gaining access to confidential data in...

Command Injection

gry is vulnerable to Command Injection. The vulnerability exists due to improper input sanitization of multiple functions in index.js, which allows an attacker to inject maliciously crafted commands into the system...

Remote Code Execution (RCE)

telnet is vulnerable to remote code execution. The vulnerability exists due to a lack of check on the boundary of Nextitem Function. This vulnerability exists in the telnet-server package, not in the telnet client-side package...

Denial Of Service (DoS)

python is vulnerable to denial of service DoS. The vulnerability exists through an integer overflow in Modules/pickle.c, allowing for memory exhaustion when serializing gigabytes of data...

Remote Code Execution (RCE)

mysql-connector-java is vulnerable to Remote Code Execution. The vulnerability is due to not sanitizing the propertiesTransformClassName when instantiated or not in setupPropertiesTransformer in the ConnectionUrl.java file. This potentially leads to Arbitrary Code Execution...

Access Control Bypass

github.com/grafana/grafana is vulnerable to Access Control Bypass. The vulnerability exists due to a lack of write authorization checks in authorization.go, which allows an attacker with the viewer role and send a test alert using the api, as well as block SMTP servers...

Bot Protection Bypass

Anubis is vulnerable to Bot Protection Bypass. The vulnerability is due to insufficient validation due to allowing attackers to specify a nonce and set the challenge difficulty to zero, effectively bypassing the bot protection mechanism...

Remote Code Execution (RCE)

werkzeug is vulnerable to Remote Code Execution. The vulnerability is due to the debugger accepting requests from non localhost locations, which allows an attacker to execute arbitrary code under specific situations. The prerequisites to this attack are the attacker must convince a developer into...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists through information exposure in fdlockedioctl function in drivers/block/floppy.c...

Sandbox Restrictions Bypass

electron is vulnerable to sandbox restrictions bypass. Apps using both contextIsolation and sandbox: true/nativeWindowOpen: true/nodeIntegrationInSubFrames: true allow the code running in the main world context in the renderer to reach into the isolated electron context and perform privileged...

Cross-Site Request Forgery (CSRF)

apache2 is vulnerable to cross-site request forgery. An attacker may exploit the vulnerability by sending a crafted request uri-path that can cause modproxy to forward the request to an origin server choosen by the remote user...