38354 matches found
Denial Of Service (DoS)
apache2 is vulnerable to denial of service. An attacker is able to crash the system by sending a maliciously crafted URI sent to httpd configured as a forward proxy ProxyRequests on...
Side-channel Attack
kernel is vulnerable to side-channel attack. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory...
Authorization Bypass
elgg/elgg is vulnerablbe to authorization bypass. The vulnerability exists through the user-controlled key, userguid allowing unauthorized access to remote attackers...
Packet Injection
kernel is vulnerable to packet injection. The vulnerability exists due to the lack of sanitization of the authenticity of the Message Integrity Check allowing an attacker to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol...
Denial Of Service (DoS)
Kernel is vulnerable to denial of service. The vulnerability exists due to an Out-of-bounds Write Due To A Heap Buffer Overflow In hidinputchangeresolutionmultipliers Of Hid-input.c...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. A race condition getoldroot in fs/btrfs/ctree.c allows attackers to cause a denial of service due to the lack of locking on an extent buffer before a cloning operation...
Denial Of Service (DoS)
unbound is vulnerable to denial of service. The vulnerability exists due to an integer overflow in regionalalloc function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker and can be big enough...
Privilege Escalation
kernel is vulnerable to privilege escalation. A use-after-free in doepollctl and eploopcheckproc of eventpoll.c allows an attacker to obtain additional execution privileges...
Sandbox Escape
webkitgtk is vulnerable to sandbox escape. Maliciously crafted web content may violate iframe sandboxing policy...
Remote Code Execution
tomcat-catalina is vulnerable to remote code execution. If a remote attacker knows and is able to control the contents and name of a file, remote code execution can be achieved if the server is configured to use PersistenceManager with a FileStore and the PersistenceManager is configured with the...
Integer Overflow
Linux kernel is vulnerable to Integer Overflow. A child process could send arbitrary signals to a privileged suidroot parent process which interferes with donotifyparent protection mechanism...
Remote Code Execution (RCE)
github.com/go-gitea/gitea is vulnerable to remote code execution RCE. The vulnerability exists through git hooks which are enabled by default...
Unauthorized Read
Openjdk 7 is vulnerable to unauthorised read. It is difficult to exploit vulnerability but it allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker...
Denial Of Service (DoS)
mariadb is vulnerable to denial of service. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatabl...
Arbitrary Code Execution
kernel is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver...
Unauthorized Reverse Proxy Connection
The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9...
Insecure TLS Configuration
openssl uses an insecure TLS configuration. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the...
Stack-based Buffer Overflow
The Network Time Protocol NTP is vulnerable to Stack-based Buffer Overflow. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the...
Denial Of Service (DoS)
The kernel is vulnerable to denial of service in arch/powerpc/kernel/signal32.c and arch/powerpc/kernel/signal64.c via sigreturn system call...
Denial Of Service (DoS)
The JSON gem is vulnerable to denial of service. An attacker is able to create arbitrary objects in the target system using malicious JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects. This can potentially result in a denial of service condition. This...
Remote Code Execution (RCE)
jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists as it does not stop classes from the p6spy package from being used as deserialization gadgets...
Authentication Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists in sound/core/control.c as it does not ensure possession of a read/write lock...
Privilege Escalation
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
Use-after-free
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Remote Code Execution (RCE)
php is vulnerable to remote code execution RCE attacks. The vulnerability exists as the asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which...
Denial Of Service (DoS) Through Memory Consumption
OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because there is a memory leak in d1srtp.c which allows remote attackers to consume all the memory through a handshake message...
Server-Side Request Forgery (SSRF)
n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...
Remote Code Execution
.NET is vulnerable to Remote Code Execution RCE. The vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to RCE...
Remote Code Execution (RCE)
craftcms/cms is vulnerable to Remote Code Execution. The vulnerability is due to a lack of file protocol removal in FileHelper.php which allows an attacker to upload and execute malicious PHP code into the system...
Information Disclosure
umbracocms.identityextensions is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to gain access to unauthorized endpoints because access tokens directly returns in the URL fragments, resulting in disclosure of sensitive information...
Information Disclosure
com.google.guava, guava is vulnerable to Information Disclosure. The vulnerability exits due to incorrect default file permissions in FileBackedOutputStream, which allow an attacker to access the temporary directory...
Improper Certificate Validation
libcurl.so is vulnerable to Improper Certificate Validation. In place of a library's built-in name matching function, Curl may utilize its own name matching function for TLS. IDN hosts could be mismatched by this private wildcard matching function since they are rendered in a weak form before...
Weak Encryption
TrustWalletCore contains Weak Encryption implementations. The vulnerability exists in mt19937 seed generation which has only 32 bits of entropy resulting in only 4 billion mnemonics which allows an attacker to brute force the private key...
Integer Overflow
linux is vulnerable to Integer Overflows. A local authenticated attacker is able to cause integer overflows in rndisqueryoid of drivers/net/wireless/rndiswlan.c...
Information Disclosure
sequelize is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to inject malicious queries due to improper input filtering, resulting in the disclosure of sensitive information...
HTTP Response Splitting
apache2 is vulnerable to HTTP Response Splitting. A malicious backend may cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...
Arbitrary Code Execution
fluentd is vulnerable to remote code execution. The vulnerability exists in due to ojoptions.rb, where a non-default configuration allows unauthenticated attackers to execute arbitrary codes via specially crafted JSON payloads...
Denial Of Service (DoS)
nginx is vulnerable to denial of service. The module ngxhttpmp4module allows a local attacker to cause a worker process to crash, trigger a memory disclosure by using a specially crafted audio or video file...
Authentication Bypass
python-jwt is vulnerable to authentication bypass. An attacker can spoof the other user's identities and hijack their sessions by obtaining the JWT token and arbitrarily forging its contents without knowing the secret key through the verifyjwt function of init.py...
Remote Code Execution
font-converter is vulnerable to remote code execution. The vulnerability exists due to the missing sanitizations of user input passed to the exec function, which allows remote attackers to inject and execute malicious code...
Denial Of Service
kernel is vulnerable to denial of service. The vulnerability exists due to a race condition in perfeventopen which allows an attacker to gain root privileges and execute arbitrary codes and crash the system...
SQL Injection
prestashop/blockwishlist is vulnerable to SQL injection. The vulnerability exists in getProductsOrCount function in WishListProductSearchProvider.php because order by and order way statements are not properly validated which allows an attacker to inject SQL queries...
Denial Of Service (DoS)
.NET and Visual Studio are vulnerable to Denial Of Service DoS. The vulnerability exists due to a flaw in dotnet allowing an attacker to crash the system by sending MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on th...
Integer Overflow
MariaDB before 10.6.5 has a sqllex.cc integer overflow, leading to an application crash...
Information Disclosure
firefox is vulnerable to information disclosure. The vulnerability exists due to a browser stores files in the /tmp folder, which is accessible by all local users...
Buffer Overflow
The BPF subsystem in the Linux kernel is vulnerable to buffer overflow. The vulnerability exists in kernel/bpf/core.c and kernel/bpf/core.c because of mishandling situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists in the transparent inter-process communication functionality in net/tipc/crypto.c, allowing an attacker to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...
Packet Injection
kernel is vulnerable to packet injection. The vulnerability exists due to a flaw in Linux kernel's WiFi implementation which allows an attacker within the wireless range to abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating...
Prototype Pollution
json-schema is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the checkObj function in validate.js and modify attributes such as proto. and constructor...