38468 matches found
Regular Expression Denial Of Service (ReDoS)
glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an incorrect regex implementation on the enclosure variable. This vulnerability is caused by an incomplete fix of CVE-2020-28469...
Denial Of Service (DoS)
mysql is vulnerable to denial of service DoS. The vulnerability exists in InnoDB allows an attacker cause a hang or frequently repeatable crash in the application...
Remote Code Execution (RCE)
DNN.Platform is vulnerable to remote code execution RCE. This is due to the application storing profile information for users in the DNNPersonalization cookie as XML and the structure includes a type attribute that instructs the server the type of object to create upon deserialization. The...
Memory Corruption And Code Execution
Linux kernel is vulnerable to memory corruption vulnerability. The vulnerability exists in the function cdromioctlmediachanged of the file drivers/cdrom/cdrom.c. A privileged user could use an incorrect bounds check in the CDROM driver CDROMMEDIACHANGED ioctl to read out some kernel memory conten...
Privilege Escalation
The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Linux kernel's Transparent Huge Pages THP implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent...
Denial Of Service (DoS)
memcached is vulnerable to denial of service. The UDP support of the server allows spoofed traffic amplification denial of service. A remote attacker is able to exploit the vulnerability and crash the application via a network flood to UDP port 11211...
Remote Code Execution (RCE)
struts2-core is vulnerable to remote code execution RCE attacks. These attacks are possible when using a namespace or url tag which doesn't have a value and action set and where its upper action configuration is using a wildcard namespace or has no namespace...
Server-Side Request Forgery (SSRF)
gitlab is vulnerable to Server-Side Request Forgery SSRF . This vulnerability occurs due to a flaw in the way that GitLab handles requests to the internal network for webhooks. An attacker can exploit this vulnerability to make HTTP requests to arbitrary domains of the attacker's choosing...
Race Condition
libcurl.so is vulnerable to a Race Condition. The library is susceptible to a TOCTOU race condition when it saves cookies, HSTS, and alt-svc data to a file. A victim might use the data for an intended purpose, but an attacker may overwrite the protected file...
Unintended Leaks Of Proxy-Authorization Header
requests is vulnerable to Unintended Leaks Of Proxy-Authorization Header. The vulnerability exists in the rebuildproxies function of sessions.py when the credentials are supplied in the URL user information component such as https://username:password@proxy:8080, which allows an attacker to gain...
Information Disclosure
github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists in the initContextWithJWT function of authjwt.go because the JWT URL-login flow leaks tokens to data sources through request parameters in proxy requests...
Remote Code Execution (RCE)
knplabs/knp-snappy is vulnerable to Remote Code Execution RCE. The vulnerability is due to the library not checking the file type during upload, which allows an attacker to upload a phar:// file which will be deserialized during the fileexists function because it fails to check the file type,...
Stored Cross-site Scripting (XSS)
github.com/grafana/grafana is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to map attributes in the Geomap plugin which library does not properly sanitize, allowing an attacker with an editor role to inject and execute malicious JavaScript. If an admin user clicks on the m...
Deserialization Of Untrusted Object
litedb is vulnerable to Deserialization Of Untrusted Objects. The vulnerability is caused by differing types in JSON documents, when a JSON document contains BsonDocument types, the library converts them to POCO. If an attacker can send a plain JSON string, they can inject and execute arbitrary...
Incorrect Calculation Of Buffer Size
PHP is vulnerable to Incorrect Calculation of Buffer Size. The vulnerability exists because the core path resolution function allocates a buffer one byte too small when resolving paths with lengths close to the system MAXPATHLEN setting, leading to the byte after the allocated buffer being...
Denial Of Service (DoS)
apache2 is vulnerable to Denial of ServiceDoS attacks. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool memory location beyond the header value sent, causing the application to crash...
Information Disclosure
OpenCart is vulnerable to information disclosure. The vulnerability exists in multiple functions of backup.php, allowing an attacker to obtain database information or read server files by injecting and executing malicious SQL queries...
Access Restriction Bypass
nginx is vulnerable to access restriction bypass. The vulnerability exists because TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates which allows an attacker to gain access to the system and perform unauthorized actions...
HTTP Request Smuggling
io.netty:netty-codec-http is vulnerable to HTTP request smuggling. Improper validation of control chars, when they are present at the beginning and/or end of the header name leads to HTTP request smuggling which allows an attacker to exploit other remote systems when these headers are used as a...
Cross-Site Scripting (XSS)
highcharts is vulnerable to cross-site scripting. The vulnerability exists because the chart options structure is not validated and sanitized when using useHTML flag, potentially allowing an attacker to inject and execute arbitrary Javascript in a user's browser...
Buffer Overflow
dnsmasq is vulnerable to buffer overflow. An attacker may forge malicious DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine...
Arbitrary Code Execution
php is vulnerable to arbitrary code execution. A number of buffer overflow flaws were found in the PHP session extension; the strreplace function; and the imapmailcompose function. If very long strings were passed to the strreplace function, an integer overflow could occur in memory allocation. I...
Directory Traversal
werkzeug is vulnerable to directory traversal. An attacker is able to access arbitrary files through the SharedDataMiddleware due to the way Python's os.path.join function works on Windows...
Null Pointer Dereference
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Denial Of Service (DoS)
httpd is vulnerable to denial of service. It was discovered that modproxyajp, when used in configurations with modproxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP Apache JServ Protocol CPing request was responded to by...
Information Disclosure
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
Information Disclosure
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known, are vulnerable to information disclosure. A local unprivileged attacker is able to perform a side-channel analysis known as Speculative...
Buffer Overflow
php is vulnerable to denial of service DoS attacks. The vulnerability exists as an integer overflow in the objectcustom function in ext/standard/varunserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application cra...
Regular Expression Denial Of Service (ReDoS)
moment is vulnerable to denial of service DoS attacks. These attacks are possible because the regular expression that is used for matching dates takes awhile for long strings...
NoSQL Injection
Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...
Json Web Token (JWT) Bypass
json-web-token is vulnerable to Json Web Token JWT Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm listed in the token without further verification. An attacker can forge a token using the HS256...
Server-Side Template Injection (SSTI)
spring-boot-admin-server is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists because the mailNotifierTemplateEngine function of AdminServerNotifierAutoConfiguration.java does not properly implement the configuration for ClasspathResourceLoader, which allows an attacker ...
Privilege Escalation
cassandra-all is vulnerable to Privilege Escalation. The vulnerability exists when enabling FQL/Audit logs, which allows an attacker with JMX access to run arbitrary commands...
Remote Code Execution (RCE)
org.apache.dubbo:dubbo-common is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of class validation when deserializing untrusted user input which allows an attacker to upload and execute malicious code...
NULL Pointer Dereference
openssl is vulnerable to NULL Pointer Dereference. The vulnerability exists because there is a missing check network subcomponent in the Linux kernel, which later leads to invalid usage of the digest api most likely leading to a crash...
Cross-site Scripting (XSS)
phpmyadmin/phpmyadmin is vulnerable to Cross-site Scripting XSS. An authenticated user is able to execute malicious code on a victim's browser by uploading a specially-crafted .sql file through the drag-and-drop interface...
Improper Access Control
openjdk is vulnerable to improper access control. The vulnerability allows an attacker to perform unauthorized updates, insertions or deletions of some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...
Remote Code Execution (RCE)
openjdk17 is vulnerable to remote code execution. The vulnerability exists in Oracle Java SE and Oracle GraalVM Enterprise Edition which allows an unauthenticated attacker to update, insert or delete Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...
Regular Expression Denial Of Service (ReDoS)
scss-tokenizer is vulnerable to regular expression denial of service. The vulnerability exists in the loadAnnotation function of previous-map.js due to the insecure regex pattern used in the match attribute, allowing an attacker to crash the application by providing malicious input...
Out-of-Bounds Read
pcre2 is vulnerable to out of bounds read. The vulnerability exists due to a memory corruption in the compilexclassmatchingpath function of the pcre2jitcompile.c file which allows an attacker to cause an application crash...
SQL Injection
postgresql is vulnerable to sql injection. The vulnerability exists incomplete efforts to operate safely when a privileged user is maintaining another user's objects which allows an attacker to inject and execute arbitrary sql functions...
Privilege Escalation
Linux kernel is vulnerable to Privilege Escalation. An attacker may exploit the vulnerability by triggering a free of kernel buffer by using the IORINGOPPROVIDEBUFFERS in the looprwiter in fs/iouring.c...
Domain Hijacking
c-ares is vulnerable to Domain Hijacking. Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames leading to Domain Hijacking...
Path Traversal
jenkins-2-plugins/blueocean is vulnerable to Path traversal vulnerability. It could allow to read arbitrary files...
Authorization Bypass
squid is vulnerable to authorization bypass. When handling a URN request, the corresponding HTTP request that is made does not go through the access checks, allowing an attacker to bypass access checks and gain access to restricted HTTP servers such as HTTP servers listening on localhost...
Denial Of Service (DoS)
handlebars is vulnerable to denial of service. A bug in matching of templates can cause an infinite loop due to greedy matching of raw-block-contents. This could potentially be abused by submitting malicious templates to cause a denial of service condition when system resources are exhausted...
Null Pointer Dereference
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...
Cross Site Scripting (XSS)
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
Denial Of Service (DoS)
OpenSSL is vulnerable to to Denial of Service DoS attacks. The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g, found in the affected versions of OpenSSL, does not verify that certain memory allocations succeed, allowing a malicious user to cause ...