Buffer Overflow

rsyslog is vulnerable to buffer overflow. The vulnerability exists because when there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum which leads to a memory corruption...

Privilege Escalation

linux is vulnerable to heap buffer overflow flaw. The vulnerability exists in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c which allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

Validation Bypass

firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in decode and verify functions in JWT.php because the token validations are not properly handled when multiple keys are loaded in a key ring which allows an attacker to bypass server-side validations...

Regular Expression Denial Of Service (ReDoS)

glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an incorrect regex implementation on the enclosure variable. This vulnerability is caused by an incomplete fix of CVE-2020-28469...

Remote Code Execution (RCE)

redis is vulnerable to remote code execution. The vulnerability exists due to an integer overflow bug which could corrupt the memory heap...

Buffer Overflow

dnsmasq is vulnerable to buffer overflow. An attacker may forge malicious DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine...

Denial Of Service (DoS)

handlebars is vulnerable to denial of service. A bug in matching of templates can cause an infinite loop due to greedy matching of raw-block-contents. This could potentially be abused by submitting malicious templates to cause a denial of service condition when system resources are exhausted...

Remote Code Execution (RCE)

DNN.Platform is vulnerable to remote code execution RCE. This is due to the application storing profile information for users in the DNNPersonalization cookie as XML and the structure includes a type attribute that instructs the server the type of object to create upon deserialization. The...

Null Pointer Dereference

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution RCE attacks. These attacks are possible when using a namespace or url tag which doesn't have a value and action set and where its upper action configuration is using a wildcard namespace or has no namespace...

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE. The library does not merge block data properly for loops, leading to an invalid pointer read that can crash the application or cause arbitrary code to be executed...

Access Bypass

OpenSSL is vulnerable to access bypass. OpenSSL accepts client authentication with a Diffie-Helman certificate without receiving a CertificateValue message. This allows attacks to gain access without the knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that...

Denial Of Service (DoS)

OpenSSL is vulnerable to to Denial of Service DoS attacks. The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g, found in the affected versions of OpenSSL, does not verify that certain memory allocations succeed, allowing a malicious user to cause ...

Heap Buffer Overflow

libwebp.so is vulnerable to Out Of Bounds Memory Write. The vulnerability is due to the BuildHuffmanTable function in src/dec/vp8ldec.c improperly allocating memory to the table when parsing a stream, which results in an application crash or Arbitrary Code Execution when reading a crafted webp...

Privilege Escalation

cassandra-all is vulnerable to Privilege Escalation. The vulnerability exists when enabling FQL/Audit logs, which allows an attacker with JMX access to run arbitrary commands...

Server-side Request Forgery (SSRF)

directus is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists when importing a file from a remote web server POST to /files/import, allowing an attacker to bypass the security controls that were implemented to patch the CVE-2022-23080 vulnerability by performing a DNS...

Regular Expression Denial Of Service

debug is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in useColors function of node.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string...

Improper Access Control

openjdk is vulnerable to improper access control. The vulnerability allows an attacker to perform unauthorized updates, insertions or deletions of some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...

Arbitrary Code Execution

Apache Commons Text is vulnerable to Arbitrary Code Execution. The vulnerability exists in the lookup module due to insecure interpolation defaults when untrusted configuration values are used which allows an attacker to inject arbitrary code into the system...

Remote Code Execution (RCE)

openjdk17 is vulnerable to remote code execution. The vulnerability exists in Oracle Java SE and Oracle GraalVM Enterprise Edition which allows an unauthenticated attacker to update, insert or delete Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...

HTTP Request Smuggling

io.netty:netty-codec-http is vulnerable to HTTP request smuggling. Improper validation of control chars, when they are present at the beginning and/or end of the header name leads to HTTP request smuggling which allows an attacker to exploit other remote systems when these headers are used as a...

Domain Hijacking

c-ares is vulnerable to Domain Hijacking. Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames leading to Domain Hijacking...

Authorization Bypass

squid is vulnerable to authorization bypass. When handling a URN request, the corresponding HTTP request that is made does not go through the access checks, allowing an attacker to bypass access checks and gain access to restricted HTTP servers such as HTTP servers listening on localhost...

Privilege Escalation

kernel is vulnerable to privilege escalation. An integer overflow flaw in ibuverbspollcq could allow a local, unprivileged user to cause a denial of service or escalate their privileges...

Directory Traversal

werkzeug is vulnerable to directory traversal. An attacker is able to access arbitrary files through the SharedDataMiddleware due to the way Python's os.path.join function works on Windows...

Null Pointer Dereference

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Denial Of Service (DoS)

httpd is vulnerable to denial of service. It was discovered that modproxyajp, when used in configurations with modproxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP Apache JServ Protocol CPing request was responded to by...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Remote Code Execution (RCE)

libxml2.so is vulnerable to remote code execution RCE attacks. The application does not forbid namespace nodes in XPointer ranges, allowing a malicious user to inject and execute arbitrary code...

Regular Expression Denial Of Service (ReDoS)

moment is vulnerable to denial of service DoS attacks. These attacks are possible because the regular expression that is used for matching dates takes awhile for long strings...

Json Web Token (JWT) Bypass

json-web-token is vulnerable to Json Web Token JWT Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm listed in the token without further verification. An attacker can forge a token using the HS256...

NULL Pointer Dereference

openssl is vulnerable to NULL Pointer Dereference. The vulnerability exists because there is a missing check network subcomponent in the Linux kernel, which later leads to invalid usage of the digest api most likely leading to a crash...

Improper Locking

openssl is vulnerable to denial of service DoS attacks. When an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems this results in a denial of service when the affected process han...

Arbitrary File Upload

WSO2 Carbon Services is vulnerable to arbitrary file upload. The vulnerability exists because the file upload permissions and validations are not properly handled which allows an attacker to upload arbitrary files...

Privilege Escalation

openjdk7 is vulnerable to privilege escalation. An attacker is able to have unauthorised creation, deletion or modification access to critical data of the system...

Denial Of Service (DoS)

mariadb is vulnerable to denial of service. An easily exploitable vulnerability allows a high privileged attacker with network access to cause a hang or frequently repeatable crash...

Use After Free

kernel is vulnerable to use after free. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system...

Directory Traversal

commons-io is vulnerable to Directory Traversal. Invoking the method FileNameUtils.normalize with a malicious input string would potentially allow access to files within the parent directory...

Arbitrary Code Execution

underscore is vulnerable to arbitrary code execution. An attacker is able to inject and execute arbitrary OS commands via the template function when a variable property is passed as an argument due to lack of validation...

Arbitrary Code Execution (RCE)

wpasupplicant is vulnerable to arbitrary code execution RCE. The vulnerability exists in the way p2p/p2ppd.c processes P2P Wi-Fi Direct provision discovery requests...

Denial Of Service (DoS)

kernel is vulnerble to denial of service. A local user with the ability to read the /sys/class/zram-control/hotadd file can create ZRAM device nodes in the /dev/ directory and causes the kernel to allocate memory that is not accounted for. With this vulnerability, continual reading of the device...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A number of buffer overflow flaws were found in the PHP session extension; the strreplace function; and the imapmailcompose function. If very long strings were passed to the strreplace function, an integer overflow could occur in memory allocation. I...

Information Disclosure

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Cross Site Scripting (XSS)

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Arbitrary File Overwrite

bash is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have...

Remote Code Execution (RCE)

samba4 is vulnerable to remote code execution RCE attacks. The vulnerability exists as the RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation,...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution RCE attacks. The application contains a use-after-free bug in JavascriptArray.cpp, allowing arbitrary code to be executed. This CVE is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301...

Server-Side Template Injection (SSTI)

spring-boot-admin-server is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists because the mailNotifierTemplateEngine function of AdminServerNotifierAutoConfiguration.java does not properly implement the configuration for ClasspathResourceLoader, which allows an attacker ...

Remote Code Execution (RCE)

org.apache.dubbo:dubbo-common is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of class validation when deserializing untrusted user input which allows an attacker to upload and execute malicious code...