Integer Overflow

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. CVE-2015-4024 An uninitialized pointer use flaw was found ...

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Path Traversal

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

Memory Corruption And Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code with the...

Arbitrary Code Execution

kernel-rt is vulnerable to arbitrary code execution. The vulnerability exists as it uses incorrect uid and gid values during credentials passing in the scmsetcred function...

Arbitrary Code Execution

Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script...

Denial Of Service (DoS)

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP Border Gateway Protocol routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF Open Shortest Path First routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd...

Cross-site Scripting (XSS)

bootstrap is vulnerable to Cross-site Scripting XSS. The attack exists because it does not escape the data-template, data-content and data-title options for tooltip/popover plugins, allowing to inject malicious script through it...

Use After Free

httpd24 is vulnerable to information disclosure attacks. The vulnerability exists as Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This...

Authorization Bypass

Linux kernel is vulnerable to authorization bypass. When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands...

Denial Of Service (DoS)

OpenSSL is susceptible to denial of service attack. During buffer reading and writing with the SSLMODERELEASEBUFFERS mode, TLS/SSL client or server using OpenSSL can crash while processing SSL/TLS due to the flaw in ssl3readbytes function in s3pkt.c in OpenSSL...

Cross-site Scripting (XSS)

notebook is vulnerable to a cross-site scripting XSS attack. The library does not properly sanitize URLs passed through a directory name, allowing a malicious user to inject and execute arbitrary Javascript...

Blockwise Chosen-boundary Attacks

github.com/openshift/origin is vulnerable to blockwise chosen-boundary attacks aka the "BEAST" attack. It encrypts data by using CBC mode with chained initialization vectors which allows attackers to obtain plaintext HTTP headers through blockwise chosen-boundary attacks on HTTPS sessions. This...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS. A flaw in OpenSSL allows attackers to a double free to occur through DTLS packets...

Memory Exhaustion

nghttp2 is vulnerable to a memory exhaustion issue. The vulnerability is due to temporary buffering of HTTP/2 incoming headers exceeding the limit, which is intended to generate an informative HTTP 413 response. However, if a client continues to send headers without stopping, it leads to memory...

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression backtracking in the ng-srcset directive. This potentially leads to Regular Expression Denial of Service ReDoS...

Regular Expression Denial Of Service (ReDoS)

Django is vulnerable to Regular Expression Denial Of Service. The vulnerability is due to the chars and words functions in text.py as there is no proper limiting or optimization while using regular expressions to parse and truncate input text. This allows an attacker to craft very long or...

Remote Code Execution (RCE)

exim4 is vulnerable to Remote Code Execution RCE. A memory corruption vulnerability exists in the smtp service of Exim, which listens on TCP port 25 by default that allows an attacker to execute arbitrary code on a vulnerable system by sending a specially crafted SMTP message...

Authorization Bypass

Org.apache.zookeeper: zookeeper is vulnerable to authorization bypass. This vulnerability exists due to improper implementation of a User-Controlled Key for user authentication, allowing an attacker to gain access to the system and perform unauthorized actions. Note that this vulnerability is onl...

Buffer Overflow

libkrb5.so is vulnerable to Buffer Overflows. A buffer overflow in the RPC library can be exploited by remote attackers to cause a denial of service or an arbitrary code execution. This vulnerability is only exploitable on systems whose unistd.h header file which does not define the FDSETSIZE mac...

Missing Authorization Checks

matrixsynapse is vulnerable to Improper Authentication. The vulnerability is due to the completelogin function as It fails to verify the deactivated status of users during login. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the jwtconfig.enabled...

Cross-Site Scripting (XSS)

odoo is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability allows a remote attacker to inject arbitrary web script via the browser of a victim, by posting crafted content...

Improper Input Validation

OpenJDK is vulnerable to Improper Input Validation. An attacker can update, insert or delete access to some of Oracle Java SE and Oracle GraalVM Enterprise Edition accessible data through multiple protocols...

Use-After-Free

linux-lts is vulnerable to Use-After-Free. The vulnerability occurs within the netfilter 'nftables' when processing batch requests. This can be abused and used to perform arbitrary read and write operations on to the kernel memory...

Cross-Site Scripting (XSS)

nunjucks is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused by a bypass of the html autoescape functionality when there are two user controlled parameters on the same line of a template, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Denial Of Service (DoS)

Linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists because the null pointer dereferences occur while the slip driver is in progress to detach in the sltxtimeout of the slip.c, allowing an attacker to cause an application crash...

User Impersonation

keycloak-services is vulnerable to User Impersonation. The vulnerability is due to the OpenID Connect user authentication because the session UUID is not properly bound to the user session, allowing an attacker to obtain a certain piece of information from a user request in the same realm and...

Type Confusion

sequelize is vulnerable to Type Confusion. A remote attacker is able to inject malicious content due to improper parameter filtering, which results in type confusion, leading to code injection...

Out-of-bounds Write

kernel is vulnerable to Out-of-bounds Write. The vulnerability exists because the kernel debugger could be used to bypass UEFI Secure Boot restrictions. An attacker with access to a serial port could trigger the debugger and allow read and write access...

Open Redirect

openshift is vulnerable to Open Redirect. The vulnerability exists in the kube-apiserver, which allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties...

Privilege Escalation

device-mapper-multipath is vulnerable to privilege escalation. The library allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This...

Privilege Escalation

samba is vulnerable to Privilege Escalation. The vulnerability exists because the service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with...

Denial Of Service (DoS)

woodstox-core is vulnerable to Denial Of Service DoS. The vulnerability exists because the FullDTDReader.java does not properly limit the recursion limit for DTD parsing, allowing an attacker to cause an application crash through StackOverflow by passing a malicious input if DTD support is enable...

Remote Code Execution (RCE)

SnakeYaml is vulnerable to Remote Code Execution RCE. The vulnerability is due to deserializing unrestricted types in the Constructor method leading to Remote Code execution through classpath injection...

Buffer Overflow

OpenSSL is vulnerable to buffer overflow. The vulnerability exists due to incomplete X.509 certificate name constraint checking after successful chain signature verification. An attacker can add a malicious email address to the certificate to overflow an arbitrary number of bytes on the stack wit...

Signature Verification Bypass

github.com/grafana/grafana is vulnerable to signature verification bypass. A local attacker is able to convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed, due to the improper verification of plugin signature...

Path Traversal

twig/twig is vulnerable to path traversal. The vulnerability exists in findTemplate function of FilesystemLoader.php because the template loading directories are not properly configured which allows an attacker to load templates outside the configured directory...

Information Disclosure

github.com/containers/buildah is vulnerable to information disclosure. The vulnerability exists in configureUIDGID function in runcommon.go due to improper handling of the supplementary groups in the Buildah container engine which allows an attacker to gain access to containers and perform...

Denial Of Service (DoS)

go is vulnerable to Denial Of Service DoS. The vulnerability exists because of an index out of range in Float.GobDecode which allows a malicious user to cause an application crash...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists due to a flaw in hw, allowing an attacker to exploit the execution window of AMD LFENCE/JMP and expose sensitive information...

Command Injection

openssl is vulnerable to command injection. The vulnerability exists in crehash script which allows an attacker to inject and execute malicious commands...

Information Disclosure

notebook is vulnerable to information disclosure. Authenticated attackers are able to access sensitive files, when the server root directory's only protection from the server is being hidden. The issue is there because the requests directed through ContentsManager.allowhidden = False command only...

Privilege Escalation

logrotate is vulnerable to privilege escalation. The vulnerability exists due to a lack of verification of the permission of a state file which creates a world-readable permission file when it doesn't exists allowing an attacker to lock the state file and prevent any rotation...

Denial Of Service (DoS)

MariaDB is vulnerable to denial of service. The vulnerability exists due to an incorrect handling of withwindowfunc=true for a subquery...

Denial Of Service (DoS)

.NET and Visual Studio are vulnerable to Denial Of Service DoS. The vulnerability exists due to a flaw in dotnet allowing an attacker to crash the system by sending MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on th...

Cross-site Scripting (XSS)

mautic/core is vulnerable to cross-site scriptingXSS attacks. Insufficient sanitizations for the user inputs in InstallService.php allow remote authenticated attackers to inject and execute malicious javascript...

Timing Attack

firefox-esr is vulnerable to timing attack. An attacker allows to send a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals...

Symlink Attack

github.com/argoproj/argo-cd is vulnerable to symlink attack. The vulnerability exists due to a lack of sufficient check if the application target directory contains plain Kubernetes YAML manifests allowing out-of-bound manifests and JSON files to leak from Argo CD repo-server...

Remote Code Execution (RCE)

Slurm is vulnerable to remote code execution. The vulnerability exists because the user restrictions are not properly handled which allows an attacker to inject arbitrary codes...