Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution RCE attacks. The application contains a use-after-free bug in JavascriptArray.cpp, allowing arbitrary code to be executed. This CVE is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301...

Cross-Site WebSocket Hijacking (CSWSH)

jenkins-core is vulnerable to Cross-Site Scripting. The vulnerability is due to improper origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenkins controller...

Server-Side Template Injection (SSTI)

spring-boot-admin-server is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists because the mailNotifierTemplateEngine function of AdminServerNotifierAutoConfiguration.java does not properly implement the configuration for ClasspathResourceLoader, which allows an attacker ...

HTTP Request Smuggling

apache2 is vulnerable to HTTP Request Smuggling. The vulnerability exists due to the special characters in the origin response header can truncate/split the response forwarded to the client through the modproxyuwsgi...

Use-After-Free

busybox is vulnerable to use-after-free. The vulnerability exists in copyvar which allows an attacker to send crafted awk pattern crashing the application...

Out-of-Bounds Read

pcre2 is vulnerable to out of bounds read. The vulnerability exists due to a memory corruption in the compilexclassmatchingpath function of the pcre2jitcompile.c file which allows an attacker to cause an application crash...

Privilege Escalation

jenkins-2-plugins is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of the path allowing an attacker to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

Privilege Escalation

Linux kernel is vulnerable to Privilege Escalation. An attacker may exploit the vulnerability by triggering a free of kernel buffer by using the IORINGOPPROVIDEBUFFERS in the looprwiter in fs/iouring.c...

Remote Code Execution (RCE)

kernel is vulnerable to remote code execution. The vulnerability exists due to incorrect computation of branch displacements...

Denial Of Service

mariadb is vulnerable to denial of service. The vulnerability exists due to the system allowing high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Arbitrary Code Execution

dnsmasq is vulnerable to arbitrary code execution. A buffer overflow in the rfc1035.c:extractname function allows an attacker to execute arbitrary code on the host OS...

CRLF Injection

firefox is vulnerable to CRLF injection. A flaw was found in the way Firefox handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Firefox now treats two copies of the Location,...

Access Control Bypass

ruby is vulnerable to access control bypass. A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted untainted...

Privilege Escalation

openssh is vulnerable privilege escalation. When ssh was unable to create untrusted cookie, ssh used a trusted cookie instead, possibly allowing the administrative user of a untrusted remote server, or untrusted application run on the remote server, to gain unintended access to a users local X...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The BodyStream::OnInputStreamReady was missing protections against a state confusion bug and allows an attacker to successfully crash the application...

Arbitrary Code Execution

log4j-core is vulnerable to arbitrary code execution. Deserialization of untrusted data in TcpSocketServer and UdpSocketServer when listening for log data allows an attacker to execute arbitrary code via a malicious deserialization gadget...

Information Disclosure

php is vulnerable to information disclosire. File rename across filesystems may allow unintended access to the file being renamed while the process is on-going...

Information Disclsoure

kernel is vulnerable to information disclosure. The vulnerability exists as KVM leaks uninitialized stack contents to guest...

Unauthenticated Access

oracle java SE is vulnerable to unauthenticated access vulnerability. This exists due to not validating the length of the object identifier read from the DER input in Libraries component of OpenJDK before allocating memory to store the OID. An attacker able to make a Java application decode a...

Remote Code Execution (RCE)

apache tomcat is vulnerable to remote code execution. This is due to a bug in the way the JRE passes command line arguments to Windows when enableCmdLineArguments is enabled., allowing a remote attacker to inject arbitrary commands that are executed by the host. The CGI Servlet is disabled by...

Remote Code Execution (RCE)

RESTEasy is vulnerable to remote code execution. SnakeYAML unmarshalling is exploitable for code execution. As RESTeasy uses SnakeYAML and enables the yaml provider by default, under certain conditions, RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of...

Integer Overflow

github.com/kubernetes/minikube is vulnerable to integer overflows. The library uses a vulnerable version of nginx ingress controller that can cause sensitive information to leak when handling a malicious request. This is related to CVE-2017-7529...

Denial Of Service (DoS)

Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt are vulnerable to Denial Of Service DoS. The vulnerability is cause by improper JWT compression checks, which results in resource exhaustion due processing of malicious JSON Web EncryptionJWE token. Successful exploitation...

Path Traversal

org.apache.tiles: tiles-core is vulnerable to Path Traversal. The vulnerability is due to missing validation in the DefaultLocaleResolver.LOCALEKEY attribute set on the session while resolving XML definition files. This can lead to Server Side Request Forgery SSRF or XML External Entity Injection...

Out-of-bounds Read

apache2 is vulnerable to Out-of-bounds Read. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Apache HTTP Server. The request would contain a specially crafted modmacro directive that would cause the server to read data from outside of the...

Information Disclosure

opensearch is vulnerable to Information Disclosure. The vulnerability exists because the excluded fields are not correctly applied for specific queries in the Field-level security FLS with .keyword fields , allowing an attacker to gain read access to indexes through the restricted fields...

Cross-Site Scripting (XSS)

processwire is vulnerable to cross-site scripting. The vulnerability is due to lack of sanitization in the search users and search pages functions which allows an attacker to inject and execute arbitrary JavaScript...

Denial Of Service (DoS)

php, Python, sha3 and pysha3 are vulnerable to Denial Of Service DoS. The vulnerability exists through the integer overflow and resultant buffer overflow in the sponge function interface due to the improper implementation of Keccak XKCP SHA-3 reference, allowing an attacker to crash the applicati...

Information Disclosure

github.com/moby/moby is vulnerable to information disclosure. The vulnerability exists in the getUser function in ocilinux.go due to a lack of input validation, allowing an attacker to read sensitive information in the system...

SQL Injection

PostgreSQL JDBC Driver is vulnerable to SQL Injection. The vulnerability exists in java.sql.ResultRow.RefreshRow function because it's not properly escaping column names which allows a remote attacker to inject and execute malicious sql code into the system...

HTTP Request Smuggling (HRS)

Apache HTTP Server is vulnerable to http request smuggling . The vulnerability exists due to inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp which allows an attacker to smuggle requests to the AJP server it forwards requests...

Authentication Bypass

linux-aws is vulnerable to Authentication Bypass. The vulnerability exists due to the mishandles of seccomp permissions, allowing an attacker to bypass the intended restrictions on the PTSUSPENDSECCOMP flag through the PTRACESEIZEcode path...

Privilege Escalation

runc is vulnerable to privilege escalation. The vulnerability exists due to a bug in the runc exec --cap created processes with non-empty inheritable Linux process capabilities allowing an attacker to gain unauthorized access permissions...

Insecure File Lookup

Linux kernel is vulnerable to insecure file lookup . The vulnerability exists because it performs a regular lookup which allows an attacker to access potentially sensitive files, which results in Sensitive Information Disclosure...

Browser Window Spoof Using Fullscreen Mode

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed...

Denial Of Service (DoS)

glibc is vulnerable to denial of service. The vulnerability exists due to a use-after-free which allows an attacker to crash the system...

Improper Input Validation

Java SE is vulnerable to improper input validation. an attacker can gain access to sensitive information through the JSSE component in the oracle GraalVM enterprise edition...

Privilege Escalation

linux-kvm is vulnerable to privilege escalation. The vulnerability exists due to the lack of proper validation of user-supplied eBPF programs prior to executing...

Denial Of Service (DoS)

linux kernel is vulnerable to denial of service. The vulnerability exists due to net/netfilter/xtables.c and include/linux/netfilter/xtables.h lacking a full memory barrier upon the assignment of a new table value...

Directory Traversal

jetty-deploy is vulnerable to directory traversal. The vulnerability exists through the WebAppProvider filter as it does not canonicalize files passed in from the scanner, allowing access to files outside of its working directory...

Remote Code Execution (RCE)

nukeviet/nukeviet is vulnerable to remote code execution. The vulnerability exists due to the lack of verification and sanitization of an untrusted nvloginhash cookie...

Improper SSL Certificate Verification

faye is vulnerable to improper SSL certificate validation. The vulnerability exists as it does not implement certificate verification by default, allowing any hostname in the wss: connection made by the Faye::WebSocket::Client to be made unvalidated...

Denial Of Service (DoS)

apache tomcat is vulnerable to denial of service. An infinite loop to occurs when invalid payload lengths are parsed. An attacker is able to cause a denial of service condition in the application via malicious WebSocket frames with invalid payload lengths...

Remote Code Execution (RCE)

php is vulnerable to remote code execution. The FPM module write past allocated buffers and into space reserved for the FCGI protocol data. This can potentailly be exploited to execute arbitrary code on the system...

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to Denial Of Service DoS. Flaws in the processing of malformed web content allows a web page to contain malicious content, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists as the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to...

Remote Code Execution

jackson-databind is vulnerable to remote code execution. The vulnerability exists because it does not restrict the data sources for the org.apache.xbean.propertyeditor.JndiConverter object type, leading to deserialisation of arbitrary data from external untrusted sources which would allow an...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free Read in vhosttransportsendpkt...

Use After Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php 7.0.27. BZ1518843 Security Fixes: php: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field CVE-2016-7412 php:...

Access Controls Bypass

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDPCORK option when the UDP Fragmentation Offload UFO...