Deserialisation Of Untrusted Data

jackson-databind can deserialize untrusted data. The vulnerability is due to an incomplete fix for the CVE-2017-7525...

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to buffer overflow bug in GlobOpt.cpp which would allow a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229,...

Information Disclosure

libexif.so is vulnerable to information disclosure. A buffer overread and integer overflow occur when decoding pentax makernote entries of an input file, which discloses confidential information such as heap chunk metadata and applications' private data. It may also result in a denial of service...

Remote Code Execution (RCE)

laravel/framework is vulnerable to remote code execution RCE. It can occur because there is an unserialized call on the potentially untrusted X-XSRF-TOKEN value. The attacker can execute arbitrary code when decrypting certain files if they have access to the application key...

Denial Of Service (DoS)

openpsa/midcom is vulnerable to denial of service Dos attacks. The library uses a vulnerable version of PHP and calls the insecure method xmlparseintostruct. This can allow a malicious user to upload an XML file with the RSS Upload feature to cause a buffer under read or segmentation fault that c...

Security Constraint Bypass

tomcat-catalina is vulnerable to security constraint bypass. Security constraints are only applied after a servlet has already been loaded. Depending on the order in which the servlets were loaded, its possible that some of the constraints were not applied at all. Leveraging this, users may have...

Cross-Site Request Forgery(CSRF)

Wordpress is vulnerable to cross-site request forgery CSRF attacks. The attacks can be launched because wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php have flaws, allowing the widget-access action requests to be hijacked by the attackers...

Security Constraint Bypass

Tomcat Catalina is vulnerable to security constraint bypasses. If an error page is a static file, catalina is supposed to serve the content of the file as if processing a GET request, regardless of the HTTP method used. Catalina, however, did not do this. This leads to unexpected results for stat...

Timing Attack

jasypt is vulnerable to timing attacks. The attacks are possible because it uses Arrays.equals to verify passwords with different lengths, thereby revealing the time taken to compare the passwords...

Remote Code Execution (RCE) Through Deserialization

Jackson-databind is vulnerable to remote code execution attacks. These attacks are possible during bean deserialization and attackers are able to execute code and commands...

Buffer Overflow

OpenSSL is vulnerable to buffer overflows. A malicious user can pass large amounts of input data to the EVPEncodeUpdate function, which can cause a buffer overflow in the length check, allowing the malicious user to cause heap corruption...

Information Disclosure

mcrypt is vulnerable to information exposure. The vulnerability exists because TLS, SSH, and IPSec protocols have missing validate birthday bound which allows to remote attack access confidential information in system...

Arbitrary JavaScript Execution

react-pdf is vulnerable to Arbitrary JavaScript Execution. This vulnerability is due to isEvalSupported set to true by default, allowing for the execution of arbitrary JavaScript code embedded within the PDF...

Remote Code Execution (RCE)

jenkins-core is vulnerable to Remote Code Execution. The vulnerability is due to unsafe deserialization of Java objects. This flaw allows attackers to execute arbitrary code via a crafted serialized Java object, which could trigger an LDAP query to a third-party server...

Path Traversal

Jenkins Matrix Project Plugin is vulnerable to Path Traversal. The vulnerability is caused due to improper sanitization of user-defined axis names in multi-configuration projects. This could allow an attacker to manipulate or replace the config.xml files with arbitrary content, resulting in Path...

Denial Of Service (DoS)

openjdk is vulnerable to Denial of Service DoS. The vulnerability applies to Java deployments, primarily clients running sandboxed Java Web Start applications or applets, that load untrusted code e.g., code from the internet and rely on the Java sandbox for security. Successful exploitation can...

Path Traversal

golang is vulnerable to Path Traversal. The vulnerability is due to a lack of file path validation in pathwindows.go. This can allows an attacker to access arbitrary locations on a Windows system...

Remote Code Execution

activemq is vulnerable to Remote Code Execution. The vulnerability is due to BaseDataStreamMarshaller.java as there is no class validation and does not verify that the loaded class is a valid Throwable. This allows an attacker to manipulate serialized class types within the OpenWire protocol,...

Cross-Site Scripting (XSS)

github.com/golang/go is vulnerable to Cross-site Scripting XSS. The vulnerability is due improper handling of "" comment tokens, hashbang "!" comment tokens, in...

Denial Of Service (DoS)

imagemagick is vulnerable to Denial of Service DoS attacks. The vulnerability exists due to a flaw in the way the identify command handles certain image files. A remote attacker can exploit this vulnerability to cause the ImageMagick process to leak memory, which could eventually lead to a denial...

Improper Access Control

Jenkins Core is vulnerable to Improper Access Control. The vulnerability exists due to loading the context actions via POST request, which allows an attacker to craft a URL and perform unauthorized actions on behalf of an unexpected user...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. Unusual patterns of input data cause the upcomingHeaderNewlines function to parse HTTP and MIME headers which allocates more memory than required, causing the application to crash via memory exhaustion...

Authorization Bypass

openssl is vulnerable to Authorization Bypasses. Invalid certificate policies in leaf certificates are ignored by OpenSSL, allowing malicious CA to bypass policy checking. Policy processing is disabled by default, but can be enabled by passing the '-policy' argument to command line utilities or...

Information Disclosure

curl is vulnerable to Information Disclosure. curls HSTS support allows the use of HTTPS instead of HTTP but the HSTS could fail when used subsequently on the same command line leading to Cleartext Transmission which allows an attacker to gain sensitive information of the system...

Improper Authorization

Symfony is vulnerable to Improper Authorization. The vulnerability exists in Store.php because the HTTP cache system stores all headers, which can potentially be stored and then subsequently returned to other clients, which would allow an attacker to retrieve the victim's session...

NULL Pointer Dereference

openssl is vulnerable to null point dereference. The vulnerability exists because there is a missing check for the return value from the initialization function which later leads to invalid usage of the digest api most likely leading to a crash...

Information Disclosure

imagemagick is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to gain access to embed the content of an arbitrary file when it parses a PNG image, resulting in disclosure of sensitive information...

Denial Of Service (DoS)

Linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists through use after free in the networking code because the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc, allowing an attacker to cause an...

Denial Of Service (DoS)

xen is vulnerable to denial of service. The vulnerability exists due to the large memory allocation in the library, allowing an attacker to create many nodes more than the maximum allowed size and path length by accessing many nodes inside a transaction...

Denial Of Service (DoS)

libcurl.so is vulnerable to denial of service. The vulnerability exists due to stack-based buffer overflow when curl is instructed to parse a .netrc file for credentials which allows an attacker to crash the application via malicious input...

Sandbox Bypass

Jenkins Script Security Plugin is vulnerable to Sandbox Bypass. The vulnerability exists during the casting of array-like values to array types that intercepts per-element casts which allows an attacker to bypass sandbox restrictions and execute arbitrary codes...

Sandbox Bypass

Script Security is vulnerable to Sandbox Bypass. The vulnerability exists because the sandbox intercept Groovy casts perform implicitly which allows an attacker to bypass sandbox protection and execute arbitrary code...

Buffer Overflow

linux-lts, is vulnerable to buffer overflows. The vulnerability exists in linux kernel which allows an attacker to cause a memory corruption resulting in an application crash...

Double Free

libxml2 is vulnerable to double free. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary which may become corrupted resulting in logic errors, including memory errors like double free...

Information Exposure

Tinyproxy is vulnerable to information exposure.The vulnerability exists in processrequest function due to the lack of processing of the HTTP request lines which allows attackers to exploit this vulnerability to access sensitive information at system runtime...

Arbitrary Code Execution Via Authorization Bypass

Pebble Templates is vulnerable to arbitrary code execution via authorization bypass. The vulnerability exists in BlacklistMethodAccessValidator.java because the methods that are allowed to access by pebble are not properly handled which allows an attacker to bypass and execute arbitrary codes...

Denial Of Service (DoS)

snakeyaml is vulnerable to denial of service. The vulnerability exists in the Composer function of Composer.java as it does not properly restrict the nested depth limitation for collections which allows an attacker to crash the application through the stack overflow by providing malicious yaml...

Denial Of Service (DoS)

snakeyaml is vulnerable to Denial Of Service DoS. The vulnerability exists in the Composer function of Composer.java as it does not properly restrict the nested depth limitation for collections, allowing an attacker to crash the application through the stack overflow by providing malicious yaml...

Denial Of Service (DoS)

curl is vulnerable to denial of service attacks. A malicious user is able to cause an application crash due to improper validation of syntactic correctness of the input, which makes the server return a 400 Bad Request response...

Privilege Escalation

moodle/moodle is vulnerable to privilege escalation. The vulnerability exists due to application does not properly impose security restrictions in assigning roles which allows a remote attacker to escalate privileges on the system...

Out-of-Bounds Read

vim is vulnerable to out-of-bound reads. Vulnerability exists in the msgouttransspecial function in message.c to cause an out-of-bounds read that can crash the application...

Cross-site Scripting (XSS)

keycloak-core is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the SAML protocol mapper when the UPLOADSCRIPTS feature is disabled...

Remote Code Execution (RCE)

Redis is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the input allowing an attacker to inject maliciously crafted script into the system...

Remote Code Execution (RCE)

activerecord is vulnerable to Remote Code Execution RCE. Active Record uses YAML.unsafeload to convert the YAML data in to Ruby objects allowing an attacker who can manipulate data in the database to execute malicious code remotely...

HTTP Request Smuggling

llhttp is vulnerable to HTTP request smuggling. The vulnerability exists because the http.js does not properly handle the CRLF sequence, allowing an attacker to smuggle HTTP requests by submitting LF characters without CR...

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists because the emsusbstartxmit in emsusb.c in the Linux kernel has a double free which allows an attacker to crash the application...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

Denial Of Service (DoS)

moodle/moodle is vulnerable to denial of service. The vulnerability exists in loginattemptfailed function in authlib.php due to incorrect calculation of login attempts which allows an attacker to cause an application crash...

Heap-Based Buffer Overflow

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device...

XML External Entity (XXE) Injection

WSO2 Identity Application Management Component is vulnerable to XML external entity attacks. The vulnerability exists in unmarshalSP function in ApplicationManagementServiceImpl.java because the SP file content is not parsed securely during unmarshalling which allows an attacker to gain access to...