38332 matches found
Denial Of Service (DoS) Through Out Of Bounds Read
OpenSSL is vulnerable to denial of service DoS attacks. The vulnerability exists when a truncated packet causes an out-of-bounds OOB read on an SSL/TLS server/client on a 32-bit host using a specific cipher such as CHACHA20/POLY1305 or RC4-MD5 cipher...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of serviceDoS attacks. This is because of the way Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted...
Stored XSS
Grafana is vulnerable to Stored XSS. The vulnerability is due to not sanitizing the SVG image output displayed on the browser leading to arbitrary JavaScript to be executed in the context of the currently authorized user. The attacker with an editor role can achieve vertical privilege escalation ...
Side-Channel Attack
openssl is vulnerable to side channel attacks. The library falls back to non-side channel resistant code paths when an OpenSSL EC group is constructed without a cofactor present, using explicit parameters instead of a named curve. This can result in the recovery of the full key during an ECDSA...
Sensitive Information Disclosure
webpack is vulnerable to Sensitive Information Disclosure. The vulnerability exists because ImportParserPlugin.js does not restrict cross-realm object access and mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to obtain access to the real...
Use-After-Free
chromium is vulnerable to use-after-free. The vulnerability is possible because of a flaw in the Service Worker API component, which leads to heap use-after-free...
Unauthenticated Access
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Denial Of Service (DoS)
libcurl.so is vulnerable to denial of service DoS. The vulnerability is due to a flaw in the 'globbing' feature, which causes integer overflow and out-of-bounds read if the input is a malicious one...
Improper Verification Of Cryptographic Signature
github.com/minio/minio is vulnerable to authorization bypass. The vulnerability is due to improper signature verification due to the ability to use arbitrary secrets to upload objects if the attacker has prior WRITE permissions and access to the access key and bucket name...
Regular Expression Denial Of Service (ReDoS)
angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists due to inefficient regular expression complexity in the angular.copy function. which allows an attacker to crash the application by submitting maliciously crafted input...
Server-Side Request Forgery (SSRF)
django is vulnerable to server-side request forgery. The vulnerability exists due to the inadequate validation of leading zeroes in IPv4 addresses in the validateipv4address function...
Improper Authorization
github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability is due to the JWT auth method improperly validating the audience and role-bound claims, allowing invalid logins to succeed when they should have been rejected...
Denial Of Service (DoS)
python3 is vulnerable to denial of service. An attacker is able to craft a TAR archive that results in an infinite loop when parsed in tarfile.open due to a lack of header validation in procpax...
Information Disclosure
github.com/openshift/origin is vulnerable to information disclosure. The vulnerability is possible because kubernetes watch cache does not return the correct data in a multi tenant environment, revealing the data of a user to another user...
Arbitrary Code Execution
php-cgi is susceptible to arbitrary code execution. An attacker can inject arbitrary script because it does not properly handle the query strings without an = equals sign character, leading to malicious code execution with the privileges of the PHP interpreter...
Denial Of Service (DoS)
Python is vulnerable to denial of serviceDoS attacks. This is because the implementation of catastrophic backtracking. A remote authenticated user could trigger a denial of service condition via backtracking in 'difflib.ISLINEJUNK' method in difflib which may leads to a application crash...
Arbitrary Code Execution Or Denial Of Service (DoS)
OpenSSL is vulnerable to arbitrary code execution or denial of service attacks. Due to a flaw, an attacker can use a certificate which leads to a crash or execution of arbitrary code upon verification or re-encoding of certificate by OpenSSL...
Path Traversal
Apache HTTP Server is vulnerable to path traversal attacks. An attacker could use a path traversal attack to map URLs to the files outside of the document root are not protected by the “require all denied” directive in the Apache configuration file...
Denial-of-service (DoS)
github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of malformed Bitbucket Server webhook payloads—specifically a non-array repository.links.clone field—which allows an attacker to send a single unauthenticated malicious request that...
Path Traversal
aws-java-sdk-s3 is vulnerable to path traversal. The vulnerability exists due to the insufficient guard logic used for the download directory in the leavesRoot function of TransferManager.java, allowing an attacker to access files from the S3 bucket that is one level up in the file system by...
Remote Code Execution (RCE)
Redis is vulnerable to remote code execution. The vulnerability exists due to heap-based Lua stack to be overflowed. An attacker is able to crash the system by sending a maliciously crafted script to the system...
Denial Of Service (DoS) Through Memory Leak
ImageMagick is vulnerable to denial of service DoS attacks. Leveraging a flaw in the ReadDIBImage function, attackers can pass a dib file to the application to cause memory leaks...
Remote Code Execution (RCE)
Joplin is vulnerable to remote code execution. The vulnerability is due to the application not validating the schema or protocol of existing links. An attacker can upload a malicious markdown file with links, which will be opened by shell.openExternal when a user opens the markdown file, resultin...
Same-Origin Policy Bypass
chromium is vulnerable to Same-Origin Policy Bypass. The vulnerability exists due to the insufficient policy enforcement in Intents of the library, allowing an attacker to bypass same origin policy via a maliciously crafted HTML page...
Denial Of Service (DoS)
libressl is vulnerable to denial of service. The vulnerability exists due to a bug in the BNmodsqrt function which goes into an infinite loop which then causes an application crash...
Privilege Escalation
open-vm-tools is vulnerable to Privilege Escalation. The vulnerability is a file descriptor hijack within the vmware-user-suid-wrapper allowing a malicious attacker to simulate user inputs...
Open Redirect
rails is vulnerable to open redirect. A remote attacker is able to redirect users to a malicious websites via a crafted X-Forwarded-Host header in combination with a certain "allowed host" format in host authorization middleware...
Directory Traversal
Tomcat is vulnerable to directory traversal. The methods getResource, getResourceAsStream, and getResourcePaths in ServletContext do not correctly validate that the paths given to them do not contain "/..". However the impact of the directory traversal is limited as "/../" is rejected. This allow...
Arbitrary Code Execution
ppp is vulnerable to arbitrary code execution. eap.c has an rhostname buffer overflow in the eaprequest and eapresponse functions, allowing an attacker to execute arbitrary code on the host OS via the vulnerability...
Access Control Bypass
rsync is vulnerable to access control bypass. A remote attacker is able to bypass access restrictions as the daemon does not check for fnamecmp filenames in the daemonfilterlist data structure in recvfiles function in receiver.c. The sanitizepaths protection mechanism is also not applied to...
Cross-site Scripting (XSS)
bootstrap is vulnerable to Cross-site Scripting XSS. The library does not properly sanitize the parent variable in collapse.js, allowing a malicious user to inject and execute arbitrary Javascript...
Remote Code Execution (RCE)
Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which can lead to output of wrong hostnames leading to Domain Hijacking and injection vulnerabilities in applications...
Privilege Escalation
github.com/moby/moby is vulnerable to privilege escalation. The vulnerability exists due to insecure permission which allows an attacker to traverse directory contents and execute programs...
Directory Traversal
ruby is vulnerable to directory traversal. It mishandles path checking within File.fnmatch functions...
Cross-site Scripting (XSS)
org.keycloak:keycloak-services is vulnerable to Cross-site Scripting XSS attacks. A remote attacker is able to insert an arbitrary URI into an error page via the oob OAuth endpoint due to incorrect null-byte handling...
Time-of-check To Time-of-use (TOCTOU)
networkd-dispatcher is vulnerable to time-of-check-time-of-use. The vulnerability exists in the vulnerable systemd unit which allows an attacker to replace scripts that elieves to be owned by root user...
Remote Code Execution (RCE)
tar is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization on the path of the entries when extracting tar files which allows an attacker to execute remote codes...
Denial Of Service (Dos)
python is vulnerable to denial of service. A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enabl...
Cross-site Scripting (XSS)
React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the meta / APIs during server-side rendering, which allows an attacker to inject malicious script content into generated script:ld+json tags and execute arbitrary JavaScript...
Authentication Bypass
cxf-rt-rs-security-oauth2 is vulnerable to authentication bypass. The vulnerability exists as the access token services does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. An attacker with a an authorization code that is issued to...
Integer Overflow
OpenSSL is vulnerable to integer overflows. It exists due to a mishandling of overflow in rsaz512sqr for the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli...
Server Side Request Forgery (SSRF)
org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forger...
Privilege Escalation
froxlor/froxlor is vulnerable to Privilege Escalation. The vulnerability is caused by improper handling of symbolic links. An attacker could write arbitrary data to the home directory and escalate privileges...
Privilege Escalation
openjdk is vulnerable to privilege escalation. The vulnerability exists due to a network access via multiple protocols to compromise which allows an attacker to upgrade their privilege and to gain elevated access to resources that are normally protected from an application or user...
Denial Of Service (DoS)
org.apache.tomcat:tomcat is vulnerable to denial of service attacks. A malicious user is able to cause denial of service conditions, when running over an untrusted network because EncryptInterceptor does not provide protection against DoS attacks...
Regular Expression Denial Of Service (ReDoS)
angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists due to inefficient regular expression complexity in the resource service which allows an attacker to crash the application by submitting maliciously crafted input...
Arbitrary Code Execution
mariadb-galera is vulnerable to arbitrary code execution attacks. The vulnerability exists as Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before...
Prototype Pollution
json5 is vulnerable to prototype pollution. The vulnerability exists in the internalize function in parse.js due to not restricting keys named proto which allows an attacker to inject specially crafted strings to pollute the prototype of the resulting object...
Remote Code Execution (RCE)
ckeditor4 is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization malformed HTML allowing an attacker to inject maliciously crafted script...
Integer Overflow
github.com/opencontainers/runc is vulnerable to integer overflows. The vulnerability exists in containerlinux.go due to insecure handling of null bytes in mount sources which allows an attacker to bypass the namespace restrictions of the container by adding their ownNetlink payload which disables...