38169 matches found
Security Constraint Bypass
tomcat-catalina is vulnerable to security constraint bypass. Security constraints are only applied after a servlet has already been loaded. Depending on the order in which the servlets were loaded, its possible that some of the constraints were not applied at all. Leveraging this, users may have...
Escalation Of Privileges
puppet is vulnerable to escalation of privileges through world writable permissions. The vulnerabilities exists through modules which are unpacked with minitar, allowing files to be unpacked with higher privileges...
Directory Traversal
salt is vulnerable to directory traversal attacks. The attack is possible because of an incomplete fix for CVE-2017-12791. A malicious user can include escape characters and path separators into credentials when authenticating to a master to traverse the filesystem...
Cache Poisoning
tomcat-catalina is vulnerable to cache poisoning. The library does not add HTTP VARY: Origin headers to it's responses, causing inaccurate caching when re-used across-origins...
Cross-Site Request Forgery(CSRF)
Wordpress is vulnerable to cross-site request forgery CSRF attacks. The attacks can be launched because wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php have flaws, allowing the widget-access action requests to be hijacked by the attackers...
Timing Attack
jasypt is vulnerable to timing attacks. The attacks are possible because it uses Arrays.equals to verify passwords with different lengths, thereby revealing the time taken to compare the passwords...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service. The vulnerability exists in the d2iECPrivateKey function due to a use-after-free which allows an attacker to crash the application via a malformed Elliptic Curve private-key file...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious ASN.1 encoded RSA PSS certificate to the system that can cause a null pointer dereference that can lead to the system crashing...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service attacks. The attacks are due to a flaw in the way OpenSSL does the SSLv2 handshake messages. Therefore, when it has SSLv2 and EXPORT-grade cipher suites enabled, attackers can send malicious SSLv2 CLIENT-MASTER-Key messages to cause server failures...
Information Disclosure
mcrypt is vulnerable to information exposure. The vulnerability exists because TLS, SSH, and IPSec protocols have missing validate birthday bound which allows to remote attack access confidential information in system...
Denial Of Service (DoS)
OpenDaylight Service Function Chaining SFC is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of name resolution or references and allows an attacker to exploit incorrect resolutions to cause a Denial of Service DoS...
Information Exposure
sanitize-html is vulnerable to Information Exposure. The vulnerability is due to the parsing of CSS through the style attribute without disabling source maps, which can allow attackers to infer the file system structure and dependencies of the server...
Path Traversal
Jenkins Matrix Project Plugin is vulnerable to Path Traversal. The vulnerability is caused due to improper sanitization of user-defined axis names in multi-configuration projects. This could allow an attacker to manipulate or replace the config.xml files with arbitrary content, resulting in Path...
Denial Of Service (DoS)
openjdk is vulnerable to Denial of Service DoS. The vulnerability applies to Java deployments, primarily clients running sandboxed Java Web Start applications or applets, that load untrusted code e.g., code from the internet and rely on the Java sandbox for security. Successful exploitation can...
JSON Web Token (JWT) Algorithm Confusion
fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher constant defined in fast-jwt/src/crypto.js which is used to match all common PEM formats for public keys. An attacker can craft a malicious JWT token utilizing the HS256...
Improper Access Control
Jenkins Core is vulnerable to Improper Access Control. The vulnerability exists due to loading the context actions via POST request, which allows an attacker to craft a URL and perform unauthorized actions on behalf of an unexpected user...
Use After Free
libcurl.so is vulnerable to Use After Free. Even when the CURLOPTPOSTFIELDS option is enabled, libcurl may mistakenly use the read callback CURLOPTREADFUNCTION while performing HTTPS transfers to request data to send. The application might misbehave and send the incorrect data or use memory that ...
Denial Of Services (DoS)
engine.io is vulnerable to Denial Of Services DoS. The vulnerability exists due to the uncaught exception that occurs in the handleUpgrade function of server.ts and userver.ts when providing an invalid query param, which allows an attacker to crash the application through a maliciously crafted...
Cross-Site Scripting (XSS)
ckeditor4 is vulnerable to Cross-Site Scripting XSS attacks. A web page with missing Content Security Policy configuration, initializing the editor on an element other than as a base, allows an attacker to inject and execute malicious javascript on victim's browser...
Authorization Bypass
openssl is vulnerable to Authorization Bypasses. X509VERIFYPARAMadd0policy allows certificates with invalid or incorrect policies to pass certificate verification, but is disabled by default in OpenSSL and not commonly used by applications...
Incorrect ECC Calculation
Go is vulnerable to Incorrect ECC Calculation in its crypto/elliptic package. The vulnerability is due to defects in the functions ScalarBaseMult and ScalarMult in p256asm.go and p256ordinv.go files while performing P256 Curve implementation of Elliptic-curve cryptography ECC. The functions do no...
Information Disclosure
curl is vulnerable to Information Disclosure. curls HSTS support allows the use of HTTPS instead of HTTP but the HSTS could fail when used subsequently on the same command line leading to Cleartext Transmission which allows an attacker to gain sensitive information of the system...
Command Injection
org.apache.sling:org.apache.sling.jcr.base is vulnerable to Command Injection. The vulnerability exists in the getRepository and getRepositoryFromURL functions of RepositoryAccessor.java because it allows a remote attacker to access data stored in a remote location via JDNI or RMI. An application...
Information Disclosure
imagemagick is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to gain access to embed the content of an arbitrary file when it parses a PNG image, resulting in disclosure of sensitive information...
Remote Code Execution(RCE)
git is vulnerable to Remote Code ExecutionRCE. When parsing gitattributes, multiple integer overflows may occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge, causing overflows to be triggered via a...
Denial Of Service (DoS)
Linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists through use after free in the networking code because the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc, allowing an attacker to cause an...
Regular Expression Denial Of Service (ReDoS)
loofah is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the attrnode.value attribute in the scrubattributes function of scrub.rb, allowing an attacker to crash the application by providing malicious SVG attributes...
Information Disclosure
System.Data.SqlClient and Microsoft.Data.SqlClient packages in the .NET framework are vulnerable to information disclosure. The vulnerability occurs during heavy load, which lets an attacker access arbitrary data from asynchronously executed queries...
Buffer Overflow
linux-lts, is vulnerable to buffer overflows. The vulnerability exists in linux kernel which allows an attacker to cause a memory corruption resulting in an application crash...
Arbitrary Code Execution Via Authorization Bypass
Pebble Templates is vulnerable to arbitrary code execution via authorization bypass. The vulnerability exists in BlacklistMethodAccessValidator.java because the methods that are allowed to access by pebble are not properly handled which allows an attacker to bypass and execute arbitrary codes...
Denial Of Service (DoS)
curl is vulnerable to denial of service attacks. A malicious user is able to cause an application crash due to improper validation of syntactic correctness of the input, which makes the server return a 400 Bad Request response...
Privilege Escalation
moodle/moodle is vulnerable to privilege escalation. The vulnerability exists due to application does not properly impose security restrictions in assigning roles which allows a remote attacker to escalate privileges on the system...
SQL Injection
Prestashop is vulnerable to SQL injection. The vulnerability is due to the file config/smarty.config.inc.php improperly neutralizing SQL code. An attacker can chain this vulnerability to then call the PHP eval function, executing arbitrary code...
Denial Of Service (DoS)
linux is vulnerable to denial of service. The vulnerability exists because the emsusbstartxmit in emsusb.c in the Linux kernel has a double free which allows an attacker to crash the application...
Privilege Escalation
linux-gcp:focal is vulnerable to privilege escalation. The vulnerability exists in afllc.c which allows an attacker to craft and inject malicious attacks...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...
Privilege Escalation
kernel is vulnerable to privilege escalation. There is a possible linked list corruption in uvcscanchainforward of uvcdriver.c due to an unusual root cause which could lead to a local escalation of privileges in the library with no additional execution privileges needed...
Heap-Based Buffer Overflow
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device...
XML External Entity (XXE) Injection
WSO2 Identity Application Management Component is vulnerable to XML external entity attacks. The vulnerability exists in unmarshalSP function in ApplicationManagementServiceImpl.java because the SP file content is not parsed securely during unmarshalling which allows an attacker to gain access to...
Denial Of Service (DoS)
Gson is vulnerable to denial of service. The vulnerability exists in internal java classes due to not preventing writing a replacement JDK object during serialization which allows an attacker to cause an application crash...
Privilege Escalation
virtualbox is vulnerable privilege escalation. The vulnerability exists due to a lack of validation of authentication...
Memory Corruption
firefox is vulnerable to memory corruption. The application crashes when a compromised content process sent an unexpected number of WebAuthN extensions in a register command to the parent process...
Remote Code Execution
netatalk is vulnerable to remote code execution. The vulnerability exists in Western Digital PR4100 NAS which allows an attacker to inject and execute codes...
Privilege Escalation
MariaDB is vulnerable to Privilege Escalation. The vulnerability exists due to a lack of sanitization of a user-supplied string before using it as a format specifier...
Authorization Bypass
url-parse is vulnerable to authorization bypass. The use of User-Controlled Key allows an attacker to transform original invalid URL into a valid one with url.pathname as host...
Cross-site Scripting (XSS)
python-django is vulnerable to cross-site scripting. The % debug % template tag in the library does not properly encode the current context, allowing an attacker to inject and execute malicious javascript...
Cross-site Request Forgery (CSRF)
github.com/filebrowser/filebrowser is vulnerable to cross-site request forgery. The vulnerability exists due to a lack of validation when creating a user with admin privilege allowing an attacker get access to filesystem via a maliciously crafted HTML webpage...
Denial Of Service (DoS)
webkit2gtk:edge is vulnerable denial of service...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists due to the XFS filesystem allowing for size increase of files with unaligned size allowing an attacker to leak data on the XFS filesystem...
Denial Of Service (DoS)
openjdk17 is vulnerable to denial of service. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle...