38468 matches found
Remote Code Execution (RCE)
RESTEasy is vulnerable to remote code execution. SnakeYAML unmarshalling is exploitable for code execution. As RESTeasy uses SnakeYAML and enables the yaml provider by default, under certain conditions, RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of...
Remote Code Execution (RCE)
Jupyter notebook is vulnerable to remote code execution RCE attacks. A malicious user can pass a HTML/SVG file to the application to inject and execute arbitrary javascript code to the notebook server...
Remote Code Execution (RCE)
flex-messenger-core is vulnerable to remote code execution RCE. The AMF3 deserializers in the library allows the instantiation of arbitrary classes via parameter-less java beans constructors. This allows a malicious user to send a malicious AMF3 object to the system to execute arbitrary code...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious Pre-Shared Key identity hint to the system that can lead to a double free that can lead to the system crashing...
Information Disclosure
OpenSSL is vulnerable to information disclosure. This is possible because the SSL protocol 3.0 uses a nondeterministic CBC padding allowing attackers to perform man-in-the-middle MitM attacks. This is also known as the POODLE issue...
Out-of-bounds Read
apache2 is vulnerable to Out-of-bounds Read. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Apache HTTP Server. The request would contain a specially crafted modmacro directive that would cause the server to read data from outside of the...
CRLF Injection
undici is vulnerable to CRLF Injection. The vulnerability exists because the headers.host string does not properly sanitize the HTTP header in the processHeader function in request.js, allowing an attacker to redirect to a malicious URL through a malicious HTTP header...
Denial Of Service (DoS)
Django is vulnerable to Denial Of Service DoS. The vulnerability exists because transreal.py caches the Accept-Language headers, allowing an attacker to cause an application crash via excessive memory usage if the value of the Accept-Language headers are very large...
Authentication Bypass
opensearch is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly handle white spaces in JWT roles which allow users to potentially claim roles that they are not assigned to by injecting and executing malicious code...
Denial Of Service (DoS)
openjdk is vulnerable to denial of service. The vulnerability exists due to a lack of validation of authentication allowing an attacker to crash the system using APIs in the specified Component...
Shell Command Injection
imageprocessing is vulnerable to shell command injection. The apply function in chainable.rb does not properly check unsanitized user input operational commands, allowing an attacker to inject and execute malicious shell commands...
Denial Of Service (DoS)
linux is vulnerable to denial of service DoS attacks. A malicious user is able to cause heap overflow in legacy parameter, causing it to crash...
Browser Window Spoof Using Fullscreen Mode
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed...
Authorization Bypass
elgg/elgg is vulnerablbe to authorization bypass. The vulnerability exists through the user-controlled key, userguid allowing unauthorized access to remote attackers...
Denial Of Service (DoS)
glibc is vulnerable to denial of service. The vulnerability exists due to a use-after-free which allows an attacker to crash the system...
Denial Of Service (DoS)
busybox is vulnerable to denial of service. The vulnerability exists due to the incorrect handling of a special element in ash when processing a crafted shell command, allowing an attacker to cause an application crash...
Remote Code Execution (RCE)
com.vaadin, flow-server is vulnerable to remote code execution. An attacker is able to inject malicious code into the frontend resources during application rebuilds...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. A use-after-free in ext4expandextraisize and ext4xattrsetentry allows an attacker to crash the kernel...
Denial Of Service (DoS)
apache tomcat is vulnerable to denial of service. An infinite loop to occurs when invalid payload lengths are parsed. An attacker is able to cause a denial of service condition in the application via malicious WebSocket frames with invalid payload lengths...
Privilege Escalation
java is vulnerable to privilege escalation. An unspecified vulnerability allows an attacker to affect confidentiality, integrity and availability of the system via unknown vectors...
Arbitrary Code Execution
seamonkey is vulnerable to arbitrary code execution. The vulnerability exists as a webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey...
Denial Of Service (DoS)
jboss-remoting is vulnerable to denial of service. A vulnerability was found in the way RemoteMessageChannel reads from an empty buffer. An attacker could abuse the flaw to cause a denial of service via high CPU consumption caused by an infinite loop...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...
Sensitive Information DIsclosure
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...
Stack-based Buffer Overflow
The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Server Caching Daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that...
Cross-Site Tracing (XST)
spring-web is vulnerable to cross-site tracing XST attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting XSS vulnerability to be vulnerable to XST...
Remote Code Execution (RCE)
tomcat-catalina is vulnerable to remote code execution RCE attacks. On a Windows system with HTTP PUTs enabled a malicious user can upload a JSP file to the server which would then be executed...
Information Disclosure
BouncyCastle is vulnerable to information disclosure attacks. Attackers can use a malicious application to obtain sensitive user information...
Server-Side Request Forgery (SSRF)
n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...
Denial Of Service (DoS)
node-tar is vulnerable to Denial of service DoS. The vulnerability is caused by to lack of validation on the number of folders created during the folder creation process. This allows an attacker to consume excessive CPU and memory resources, potentially causing the system to become unresponsive o...
Denial Of Service (DoS)
node-tar is vulnerable to Denial of service DoS. The vulnerability is caused due to lack of validation on the number of folders created during the folder creation process.This allows an attackers to consume excessive CPU and memory resources, potentially causing the system to become unresponsive ...
Improper Verification Of Cryptographic Signature
browserify-sign is vulnerable to Improper Verification Of Cryptographic Signature. An upper bound check issue in DSA verification allows an attacker to construct signatures that can be successfully verified by any public key, which leads to a signature forgery attack. The attacker could exploit...
Remote Code Execution (RCE)
mediawiki is vulnerable to Remote Code Execution RCE. The vulnerability allows an attacker to inject arbitrary code into a web page, potentially allowing them to steal user data or take control of the user's computer...
Prototype Pollution
xlsx is vulnerable to Prototype Pollution. The vulnerability exists due to the lack of checks for user inputed specially crafted files, which allows an attacker to inject malicious properties, resulting in prototype pollution...
Buffer Overflow
OpenSSL is vulnerable to buffer overflow. The vulnerability is due to incomplete X.509 certificate name constraint checking after successful chain signature verification. An attacker can add a malicious email address to the certificate to overflow four attacker-controlled bytes on the stack. This...
Remote Code Execution (RCE)
Icinga Web 2 is vulnerable to remote code execution. The vulnerability exists due to the lack of validation of access to the configuration which can create SSH resource files in unintended directories...
Prototype Pollution
json-schema is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the checkObj function in validate.js and modify attributes such as proto. and constructor...
Regular Expression Denial Of Service (ReDoS)
prism is vulnerable to regular expression denial of service. An attacker is able to send a malicious input string,leading to an intensive usage of CPU and an application crash...
Denial Of Service (DoS)
Kernel is vulnerable to denial of service. The vulnerability exists due to an Out-of-bounds Write Due To A Heap Buffer Overflow In hidinputchangeresolutionmultipliers Of Hid-input.c...
Arbitrary Code Execution
glibc is vulnerable to arbitrary code execution. A heap-based buffer over-read in proceednextnode in posix/regexec.c allows an attacker to execute arbitrary code on the host OS via an attempted case-insensitive regular-expression match...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists through a pivotroot race condition in fs/namespace.c by corrupting a mountpoint reference counter...
Command Injection
lodash is vulnerable to Command Injection. The vulnerability exists through the unsanitized values of template...
Regular Expression Denial Of Service (ReDoS)
glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists as the enclosure regex used to check for strings ending in enclosure containing path separator has an unescaped exclamation mark...
EL Expression Injection
hibernate-validator is vulnerable to EL Expression Injection. The vulnerability exists as the value of modType in the validation message is improperly evaluated with $...
Denial Of Service (DoS)
OpenJDK is vulnerable to denial of service DoS. It is due to an incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl...
Information Disclosure
kernel is vulnerable to information disclosure. It can leak sensitive information from kernel stack memory via HIDPCONNADD command...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists through insufficient input validation in kernel mode driver in Intel i915 graphics...
Arbitrary Code Execution
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...