38468 matches found
Open Redirect
Volo.Abp.Account.Web is vulnerable to Open Redirect. The vulnerability is due to improper validation of the returnUrl parameter in the register function, where an attacker can redirect users to arbitrary external domains by exploiting this vulnerability...
Cross-Site WebSocket Hijacking (CSWSH)
jenkins-core is vulnerable to Cross-Site Scripting. The vulnerability is due to improper origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenkins controller...
Denial Of Service (DoS)
Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt are vulnerable to Denial Of Service DoS. The vulnerability is cause by improper JWT compression checks, which results in resource exhaustion due processing of malicious JSON Web EncryptionJWE token. Successful exploitation...
Type Confusion
modsecurity-crs is vulnerable to Type Confusion. coreruleset does not block multiple Content-Type headers, which allows an attacker to bypass a WAF with a crafted payload, which occurs when the web application relies on only the last Content-Type headers...
Server-side Request Forgery (SSRF)
directus is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists when importing a file from a remote web server POST to /files/import, allowing an attacker to bypass the security controls that were implemented to patch the CVE-2022-23080 vulnerability by performing a DNS...
Regular Expression Denial Of Service
debug is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in useColors function of node.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string...
Privilege Escalation
openjdk7 is vulnerable to privilege escalation. An attacker is able to have unauthorised creation, deletion or modification access to critical data of the system...
Directory Traversal
jetty-deploy is vulnerable to directory traversal. The vulnerability exists through the WebAppProvider filter as it does not canonicalize files passed in from the scanner, allowing access to files outside of its working directory...
Privilege Escalation
kernel is vulnerable to privilege escalation. An integer overflow flaw in ibuverbspollcq could allow a local, unprivileged user to cause a denial of service or escalate their privileges...
Access Control Bypass
ruby is vulnerable to access control bypass. A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted untainted...
HTTP Request Smuggling
netty-codec-http is vulnerable to HTTP request smuggling. The vulnerability exists as it improperly handles whitespaces in the Transfer-Encoding, and the Content-Length headers. This vulnerability is caused by an incomplete fix for CVE-2019-16869...
Arbitrary Code Execution
log4j-core is vulnerable to arbitrary code execution. Deserialization of untrusted data in TcpSocketServer and UdpSocketServer when listening for log data allows an attacker to execute arbitrary code via a malicious deserialization gadget...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as vhostnet has an infinite loop while receiving packets leads to DoS...
Access Controls Bypass
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDPCORK option when the UDP Fragmentation Offload UFO...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Remote Code Execution
tomcat-catalina is vulnerable to remote code execution. With HTTP PUTs enabled, it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...
Arbitrary File Overwrite
bash is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have...
Remote Code Execution (RCE)
struts2-struts1-plugin is vulnerable to remote code execution RCE attacks. These attacks are possible because the user input are not sanitized and are directly passed through messages.add to be used as a part of an error message in the ActionMessage class. This doesn't affect users of the Struts...
Path Traversal
org.apache.tiles: tiles-core is vulnerable to Path Traversal. The vulnerability is due to missing validation in the DefaultLocaleResolver.LOCALEKEY attribute set on the session while resolving XML definition files. This can lead to Server Side Request Forgery SSRF or XML External Entity Injection...
Arbitrary File Upload
WSO2 Carbon Services is vulnerable to arbitrary file upload. The vulnerability exists because the file upload permissions and validations are not properly handled which allows an attacker to upload arbitrary files...
Privilege Escalation
jenkins-2-plugins is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of the path allowing an attacker to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...
Deserialisation Of Untrusted Object
JMSSink in log4j is vulnerable to deserialization of untrusted object. The insecure use of JNDI in JMSSink allows an attacker to send malicious object in LDAP store if it is accessible by an attacker or is configured to use an untrusted site, leading to a remote code execution. Note: this...
Remote Code Execution (RCE)
kernel is vulnerable to remote code execution. The vulnerability exists due to incorrect computation of branch displacements...
Denial Of Service (DoS)
mariadb is vulnerable to denial of service. An easily exploitable vulnerability allows a high privileged attacker with network access to cause a hang or frequently repeatable crash...
Use After Free
kernel is vulnerable to use after free. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system...
Arbitrary Code Execution
underscore is vulnerable to arbitrary code execution. An attacker is able to inject and execute arbitrary OS commands via the template function when a variable property is passed as an argument due to lack of validation...
Arbitrary Code Execution (RCE)
wpasupplicant is vulnerable to arbitrary code execution RCE. The vulnerability exists in the way p2p/p2ppd.c processes P2P Wi-Fi Direct provision discovery requests...
Use-after-free
kernel is vulnerable to use-after-free. drivers/tty/ttyjobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt...
Arbitrary Code Execution
dnsmasq is vulnerable to arbitrary code execution. A buffer overflow in the rfc1035.c:extractname function allows an attacker to execute arbitrary code on the host OS...
Remote Code Execution (RCE)
nukeviet/nukeviet is vulnerable to remote code execution. The vulnerability exists due to the lack of verification and sanitization of an untrusted nvloginhash cookie...
Out Of Bound Writes (OOB)
kernel-rt is vulnerable to out of bound writes attacks. A user or process able to access the /dev/kvm device could use this flaw to crash the system, resulting in a denial of service...
Denial Of Service (DoS)
kernel is vulnerble to denial of service. A local user with the ability to read the /sys/class/zram-control/hotadd file can create ZRAM device nodes in the /dev/ directory and causes the kernel to allocate memory that is not accounted for. With this vulnerability, continual reading of the device...
Privilege Escalation
openssh is vulnerable privilege escalation. When ssh was unable to create untrusted cookie, ssh used a trusted cookie instead, possibly allowing the administrative user of a untrusted remote server, or untrusted application run on the remote server, to gain unintended access to a users local X...
Cross-site Scripting (XSS)
Mozilla Thunderbird is vulnerable to Cross-site Scripting XSS. A malicious web page could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird;...
XML External Entities (XXE)
jackson-mapper-asl is vulnerable to XML external entity attacks. This vulnerability is similar to CVE-2016-3720 whereby the external DTD is not disabled, allowing an attacker to retrieve system files, or perform requests on behalf of the server using malicious XML documents...
Information Disclosure
php is vulnerable to information disclosire. File rename across filesystems may allow unintended access to the file being renamed while the process is on-going...
Information Disclsoure
kernel is vulnerable to information disclosure. The vulnerability exists as KVM leaks uninitialized stack contents to guest...
Unauthenticated Access
oracle java SE is vulnerable to unauthenticated access vulnerability. This exists due to not validating the length of the object identifier read from the DER input in Libraries component of OpenJDK before allocating memory to store the OID. An attacker able to make a Java application decode a...
Arbitrary Code Execution
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...
Use-After-Free
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...
Denial Of Service (DoS)
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a...
Arbitrary Code Injection
The Apache HTTP Server is a popular web server. Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitra...
Remote Code Execution (RCE)
samba4 is vulnerable to remote code execution RCE attacks. The vulnerability exists as the RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation,...
Denial Of Service (DoS)
node is vulnerable to denial of service. A use-after-free UAF bug in the TLS implementation allows a remote attacker to cause a denial of service condition in the HTTP server by sending duplicate or unexpected messages during the SSL handshake...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution RCE attacks. The application contains a use-after-free bug in JavascriptArray.cpp, allowing arbitrary code to be executed. This CVE is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301...
Integer Overflow
github.com/kubernetes/minikube is vulnerable to integer overflows. The library uses a vulnerable version of nginx ingress controller that can cause sensitive information to leak when handling a malicious request. This is related to CVE-2017-7529...
HTTP Request Smuggling
apache2 is vulnerable to HTTP Request Smuggling. The vulnerability exists due to the special characters in the origin response header can truncate/split the response forwarded to the client through the modproxyuwsgi...
Information Disclosure
opensearch is vulnerable to Information Disclosure. The vulnerability exists because the excluded fields are not correctly applied for specific queries in the Field-level security FLS with .keyword fields , allowing an attacker to gain read access to indexes through the restricted fields...
Denial Of Service (DoS)
php, Python, sha3 and pysha3 are vulnerable to Denial Of Service DoS. The vulnerability exists through the integer overflow and resultant buffer overflow in the sponge function interface due to the improper implementation of Keccak XKCP SHA-3 reference, allowing an attacker to crash the applicati...
HTTP Request Smuggling (HRS)
Apache HTTP Server is vulnerable to http request smuggling . The vulnerability exists due to inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp which allows an attacker to smuggle requests to the AJP server it forwards requests...