38468 matches found
Remote Code Execution (RCE)
github.com/golang/go is vulnerable to remote code execution RCE. If custom domains are used, a malicious user can set a domain example.com/proj1 to point to a subversion repository and another domain example.com/proj1/proj2 to point to a git repository. When the go get command is run, arbitrary...
Remote Code Execution (RCE)
kernel is vulnerable to remote code execution RCE attacks. The vulnerability exists as the native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP...
Denial Of Service (DoS)
kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the pivotroot implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service...
Denial Of Service (DoS)
kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause ...
Arbitrary Code Execution
kernel is vulnerable to arbitrary code execution attacks. The vulnerability exists as Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in...
Arbitrary Code Execution
kernel is vulnerable to arbitrary code execution attacks. The vulnerability exists as the NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have...
Privilege Escalation
kernel is vulnerable to privilege escalation attacks. The vulnerability exists as an elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate becau...
Privilege Escalation
openssh is vulnerable to privilege escalation. It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pamenv PAM module configured to read user environment settings, a local user could use this...
Authorization Bypass
httpd is vulnerable to authorization bypass. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for...
Deserialization Of Untrusted Data
Apache ActiveMQ allows for deserialization of objects both in the Broker and in any applications which process ObjectMessage messages, specifically by using ObjectMessagegetObject. Broker deserialization happens in HTTP, Stop, Web Console, and other components. The deserialization in versions 5.0...
Denial Of Service (DoS)
httpd is vulnerable to denial of service. The modlua httpd module improperly processed certain WebSocket Ping requests, allowing a remote attacker to cause the httpd child process to crash via a malicious WebSocket Ping request...
Information Disclosure
PostgreSQL is vulnerable to information disclosure. An information leak occurs when the server handles certain error messages, allowing an authenticated database user could to obtain results of a query they did not have privileges to execute, by observing the constraint violation error messages...
Denial Of Service (DoS)
perl is vulnerable to denial of service DoS attacks. The vulnerability exists through a heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service...
Denial Of Service (DoS)
krb5 is vulnerable to denial of service DoS attacks. The vulnerability exists as the pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF...
Authorization Bypass
RealtimeKit is vulnerable to authorization bypass. It does not properly use D-Bus for communications with a polkit authority. A race condition in the PolkitUnixProcess PolkitSubject allows a local user to bypass access restrictions via a setuid or pkexec process. This is a related issue to...
Denial Of Service (DoS)
MySQL is vulnerable to denial of service. An unspecified vulnerability allows remote attackers to crash the service via vectors related to Error Handling...
Remote Code Execution (RCE)
glibc is vulnerable to remote code execution RCE attacks. The vulnerability exists through multiple integer overflows in the 1 strtod, 2 strtof, 3 strtold, 4 strtodl, and other unspecified "related functions" in stdlib in GNU C Library aka glibc or libc6 2.16 allow local users to cause a denial o...
Denial Of Service (Dos)
libxml2 is vulnerable to denial of service. An attacker is able to crash the application via a malicious XML document containing malformed XPath expressions...
Denial Of Service (DoS)
krb5 is vulnerable to denial of service DoS attacks. The vulnerability exists as schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and...
Remote Code Execution (RCE)
php is vulnerable to remote code execution RCE attacks. The vulnerability exists through a format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary cod...
Authentication Bypass
libcurl.so is vulnerable to authentication bypasses. The library re-uses NTLM connections, allowing a malicious user to reuse a connection to bypass authentication...
Cross-site Scripting (XSS)
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle newline characters, which makes it easier for remote attackers to condu...
Deserialization Of Untrusted Data
jackson-databind is susceptible to deserialization of untrusted data. It is due to an incomplete fix for the CVE-2017-7525 which has classes which perform general-purpose data-binding functionality and tree-model for untrusted data...
Arbitrary Code Execution
intelliants/subrion is vulnerable to arbitrary code execution attacks. The vulnerability exists due to the lack of blacklist against .pht or .phar files in /panel/uploads, allowing such files to be uploaded and subsequently executed...
Remote Code Execution (RCE)
Microsoft.PowerShell.EditorServices.Protocol is vulnerable to remote code execution. Improper processing of local connections allow a remote attacker to execute arbitrary commands in the context of the authenticated user...
Remote Code Execution (RCE)
Microsoft Chakracore is vulnerable to remote code execution. The scripting engine does not properly handle objects in memory, which would allow an attacker to execute arbitrary commands in the context of the authenticated user. This CVE ID is different from CVE-2017-11886, CVE-2017-11889,...
Directory Traversal
tomcat-util is vulnerable to directory traversal attacks. The vulnerability exists due to the ability to include ../, ..\, and ..%5C characters in the URL, allowing directory traversal attacks...
Denial Of Service (DoS)
Apache Tomcat is vulnerable to denial of service DoS. Simultaneous requests to a directory containing a large number of files causes heavy CPU consumption, resulting in a denial of service condition...
Denial Of Service (DoS)
libglusterfs.so is vulnerable to a denial of service DoS attack or information disclosures. The library does not restrict the ../ characters from being passed in pathnames, allowing a malicious user to gain access to file statuses or crash the application with a malformed filename...
Exposed API
Apache's spark contains an exposed API due to the default value of spark.master.rest.enabled being set to true. This allows remote attackers to connect to the API without authentication and run driver programs but not launch executors...
Same Origin Policy Bypass
libcurl.so is vulnerable to same origin policy bypass. This is due to the libcurl's cookie parser having no public suffix awareness, which could allow for cookies to be set for arbitrary sites by setting a cookie for a top-level domain...
Side-Channel Attack
libgcrypt.so is vulnerable to side-channel attacks. The elliptic-point curve multiplication during decryption is not properly performed, which allows attackers within close proximity to extract the secret decryption key within seconds by measuring electromagnetic emanations...
Denial Of Service (DoS)
libtiff.so is vulnerable to denial of service DoS attacks. A malicious user can pass a TIFF image to the TIFFRGBAImageOK function in tifgetimage.c to cause an out-of-bounds read that can crash the application...
Denial Of Service (DoS)
libgd.so is vulnerable to denial of service DoS attacks. The library contains a memory leak during interpolation, allowing a malicious user to cause a DoS condition by calling the gdImageScaleTwoPass function in gdinterpolation.c...
Arbitrary File Write
wildfly-deployment-repository is vulnerable to the zip-slip vulnerability. The library does not validate the target path when extracting and deploying .war files, leading to arbitrary file writes outside of the intended target directory...
Denial Of Service (DoS)
libtiff.so is vulnerable to denial of service DoS attacks. The vulnerability exists due to a heap-based buffer overflow that occurs in the PackBitsDecode function of tifpackbits.c, causing a DoS attack when parsing an invalid bmp file...
Denial Of Service (DoS)
ImageMagick is vulnerable to denial of service DoS attacks. A malicious user can pass an .mpc file to the WriteMPCImage function in mpc.c, causing a memory leak that can crash the application or consume resources...
TLS Session Resumption Client Certificate Bypass
libcurl.so is vulnerable to TLS session resumption client certificate bypass attacks. The vulnerability exists in Curlclonesslconfig of lib/vtls/vtls.c where libcurl.so does not prevent the TLS session resumption if the client certificate has been replaced...
Denial Of Service (DoS)
libxml2 is affected by a denial-of-service DoS vulnerability. In xpath.c:xmlXPathCompOpEval, the cases XPATHOPAND and XPATHOPOR does not check for NULL values when assigning valuePopctxt which can result in a NULL pointer deference leading to a denial of service condition...
Remote Code Execution (RCE)
icu4c is vulnerable to remote code execution RCE attacks. A malicious user can pass a string to the ucnvUTF8FromUTF8 function in ucnvu8.cpp to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...
Denial Of Service (DoS)
libxml2.so is vulnerable to denial of service. The vulnerability exists in the xmlParserEntityCheck and xmlParseAttValueComplex functions that calls xmlStringDecodeEntities recursively without incrementing the depth counter, causing a stack buffer overflow attack which then lead to an application...
Information Disclosure
libcurl.so is vulnerable to information disclosures. When running with the --write-out command, the application skips the end of the string zero byte if the string ends with % or \\ , causing the application to read out of the buffer and disclose sensitive information...
Denial Of Service (DoS) Through Uninitialized Memory Leak
http-proxy-agent is susceptible to denial of service DoS. auth parameters are passed to the buffer constructor without proper sanitization, leading to DoS via uninitialized memory leak...
Denial Of Service (DoS)
FFmpeg is vulnerable to denial of service DoS attacks. A malicious user can pass a file which contains a large itemnum value to bypass the large value checking, causing the file to consume a large amount of memory that can lead to memory exhaustion in the system...
Denial Of Service (DoS) Through Heap Based Buffer Overflow
ImageMagick is vulnerable to denial of service DoS attacks through heap-based buffer overflows and possibly other attacks. A malicious user can pass a SFW file to the system to cause a heap-based buffer overflow, causing the application to crash...
Denial Of Service (DoS) Through Memory Leak
ImageMagick is vulnerable to denial of service DoS attacks. These attacks are possible through the WritePICONImage function and can be triggered using a mishandled OpenPixelCache call...
SQL Injection
Moodle is vulnerable to SQL injection attacks. The attacks exist because the application does not filter null bytes \0 characters in query strings, leading to SQL statements failing and causing error to the Microsoft SQL driver. This can allow a malicious user to inject and execute SQL queries...
Copy-Paste Vulnerability (CPV) Through Libxslt
nokogiri has a copied version of the libxslt library. The copy that nokogiri includes is vulnerable to the following issues: 1. CVE-2016-1683 - Denial of Service DoS via an out-of-bounds heap memory access. This is caused by libxslt mishandling namespace nodes leading to out-of-bounds heap memory...
Privilege Escalation
github.com/openshift/origin is vulnerable to privilege escalation attacks. The vulnerability exists because it does not prevent the unauthorised users to edit a build configuration to use a restricted strategy...
Remote Code Execution (RCE)
ffmpeg is vulnerable to remote code execution RCE attacks. A heap-based buffer overflow in libavformat/rtmppkt.c is caused by the failure to check for RTMP packet size mismatches. The resulted buffer overflow can be exploited by aligning chunks and by using a white-what-where condition to launch...