Arbitrary Code Execution, SQL Injection Attacks And Authentication Bypass

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

Remote Code Execution (RCE)

laravel/framework is vulnerable to remote code execution RCE. It can occur because there is an unserialized call on the potentially untrusted X-XSRF-TOKEN value. The attacker can execute arbitrary code when decrypting certain files if they have access to the application key...

Denial Of Service (DoS)

openpsa/midcom is vulnerable to denial of service Dos attacks. The library uses a vulnerable version of PHP and calls the insecure method xmlparseintostruct. This can allow a malicious user to upload an XML file with the RSS Upload feature to cause a buffer under read or segmentation fault that c...

Security Constraint Bypass

tomcat-catalina is vulnerable to security constraint bypass. Security constraints are only applied after a servlet has already been loaded. Depending on the order in which the servlets were loaded, its possible that some of the constraints were not applied at all. Leveraging this, users may have...

Buffer Overread

OpenSSL is vulnerable to buffer overreads. Attackers can cause a on-byte buffer overread by using a X.509 certificate with a malformed IPAddressFamily extension, as a result the certificate would incorrectly be displayed in clear text...

Cache Poisoning

tomcat-catalina is vulnerable to cache poisoning. The library does not add HTTP VARY: Origin headers to it's responses, causing inaccurate caching when re-used across-origins...

Security Constraint Bypass

Tomcat Catalina is vulnerable to security constraint bypasses. If an error page is a static file, catalina is supposed to serve the content of the file as if processing a GET request, regardless of the HTTP method used. Catalina, however, did not do this. This leads to unexpected results for stat...

Timing Attacks

OpenSSL is vulnerable to timing attacks. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2 doesn't check MAC addresses in constant time during the processing of a malformed CBC padding. This is also known as the "Lucky Thirteen" issue...

Information Disclosure

OpenSSL is vulnerable to information disclosure. The library contains a carry propagation bug that can allow a malicious user to gain information on the curve used for encryption during key negotiation using the Elliptic Curve Diffie-Hellman EC-DH Cipher...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because the AES-NI functionality for TLS 1.1 and 1.2 can cause an application crash through CBC data...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible due to multiple buffer overflows in crypto/srp/srplib.c. The buffer overflows can be triggered by an invalid SRP g, A or B parameter...

Access Restriction Bypass

OpenSSL is vulnerable to access restriction bypass. This is possible because OpenSSL does not enforce the no-ssl3 build option, which then allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23clnt.c and s23srvr.c...

Unsafe Number Generation

OpenSSL uses unsafe number generation. The library generates unsafe prime numbers, allowing a malicious user that can force a peer to perform multiple handshakes to conduct a man-in-the-middle attack...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a long digit string in hex format to trigger an integer overflow, which can cause heap memory corruption or null pointer dereferences that can cause the system to crash...

Buffer Overflow

OpenSSL is vulnerable to buffer overflows. A malicious user can pass large amounts of input data to the EVPEncodeUpdate function, which can cause a buffer overflow in the length check, allowing the malicious user to cause heap corruption...

Arbitrary JavaScript Execution

react-pdf is vulnerable to Arbitrary JavaScript Execution. This vulnerability is due to isEvalSupported set to true by default, allowing for the execution of arbitrary JavaScript code embedded within the PDF...

Remote Code Execution

WordPress is vulnerable to Remote Code Execution RCE. The vulnerability is due to a defect in the Plugins - Add New - Upload plugin functionality where uploaded file other than a zip file remains temporary available in the Media Library despite being not allowed during FTP upload when that file i...

Denial Of Service (DoS)

Clojure is vulnerable to Denial of Service DoS. The vulnerability is caused due to a lack of input validation in the clojure.core$partial$fn5920 function, which is part of the deserialization process. When an attacker manipulates the deserialization of inputs, they can exploit this function to...

Path Traversal

golang is vulnerable to Path Traversal. The vulnerability is due to a lack of file path validation in pathwindows.go. This can allows an attacker to access arbitrary locations on a Windows system...

Remote Code Execution

activemq is vulnerable to Remote Code Execution. The vulnerability is due to BaseDataStreamMarshaller.java as there is no class validation and does not verify that the loaded class is a valid Throwable. This allows an attacker to manipulate serialized class types within the OpenWire protocol,...

Denial Of Service (DoS)

samba is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability by sending a series of malicious RPC requests to a vulnerable Samba server. The RPC requests would be designed to cause the server to block for a long period of time, which would prevent legitimate users fr...

Cross-Site Scripting (XSS)

github.com/golang/go is vulnerable to Cross-site Scripting XSS. The vulnerability is due improper handling of "" comment tokens, hashbang "!" comment tokens, in...

Remote Code Execution (RCE)

rar is vulnerable to Remote Code Execution RCE. This vulnerability exists due to a flaw in the way WinRAR parses recovery volume names in the old RAR 3.0 format. A remote attacker can exploit this vulnerability by tricking the victim to open a specially crafted archive, which could lead to...

Denial Of Service (DoS)

imagemagick is vulnerable to Denial of Service DoS attacks. The vulnerability exists due to a flaw in the way the identify command handles certain image files. A remote attacker can exploit this vulnerability to cause the ImageMagick process to leak memory, which could eventually lead to a denial...

Prototype Pollution

xlsx is vulnerable to Prototype Pollution. The vulnerability exists due to the lack of checks for user inputed specially crafted files, which allows an attacker to inject malicious properties, resulting in prototype pollution...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. Unusual patterns of input data cause the upcomingHeaderNewlines function to parse HTTP and MIME headers which allocates more memory than required, causing the application to crash via memory exhaustion...

Authorization Bypass

openssl is vulnerable to Authorization Bypasses. X509VERIFYPARAMadd0policy allows certificates with invalid or incorrect policies to pass certificate verification, but is disabled by default in OpenSSL and not commonly used by applications...

Authorization Bypass

openssl is vulnerable to Authorization Bypasses. Invalid certificate policies in leaf certificates are ignored by OpenSSL, allowing malicious CA to bypass policy checking. Policy processing is disabled by default, but can be enabled by passing the '-policy' argument to command line utilities or...

Improper Authorization

Symfony is vulnerable to Improper Authorization. The vulnerability exists in Store.php because the HTTP cache system stores all headers, which can potentially be stored and then subsequently returned to other clients, which would allow an attacker to retrieve the victim's session...

NULL Pointer Dereference

openssl is vulnerable to null point dereference. The vulnerability exists because there is a missing check for the return value from the initialization function which later leads to invalid usage of the digest api most likely leading to a crash...

Use-after-free

kernel is vulnerable to Use-after-free. A user is able to trigger concurrent calls of PCM hwparams and hwfree ioctls causing race condition to happen inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Denial Of Service (DoS)

Linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists through use after free in the networking code because the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc, allowing an attacker to cause an...

Denial Of Service (DoS)

Linux Kernel is vulnerable to Denial Of Service DoS. The vulnerability exists due to the use after free in the l2capreassemblesdu function in l2capcore.c which allows an attacker to cause an application crash...

Denial Of Service (DoS)

libcurl.so is vulnerable to denial of service. The vulnerability exists due to stack-based buffer overflow when curl is instructed to parse a .netrc file for credentials which allows an attacker to crash the application via malicious input...

Information Disclosure

git is vulnerable to information disclosure. A local attacker is able to convinces a victim to clone a repository with a symbolic link pointing at a restricted component on the victim's machine, which allows the attacker to gain access to confidential information...

Sandbox Bypass

Jenkins Script Security Plugin is vulnerable to Sandbox Bypass. The vulnerability exists during the casting of array-like values to array types that intercepts per-element casts which allows an attacker to bypass sandbox restrictions and execute arbitrary codes...

Sandbox Bypass

Script Security is vulnerable to Sandbox Bypass. The vulnerability exists because the sandbox intercept Groovy casts perform implicitly which allows an attacker to bypass sandbox protection and execute arbitrary code...

Double Free

libxml2 is vulnerable to double free. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary which may become corrupted resulting in logic errors, including memory errors like double free...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to insufficient validation of untrusted input in VPN, allowing an attacker to crash the application by providing a malicious input...

Information Exposure

Tinyproxy is vulnerable to information exposure.The vulnerability exists in processrequest function due to the lack of processing of the HTTP request lines which allows attackers to exploit this vulnerability to access sensitive information at system runtime...

Denial Of Service (DoS)

kernal is vulnerable to denial of service.The vulnerability exists due to memory leak and application crash in pfkeyregister function in afkey.c, which allows an attacker to crash the application by providing a malicious input...

Denial Of Service (DoS)

snakeyaml is vulnerable to denial of service. The vulnerability exists in the Composer function of Composer.java as it does not properly restrict the nested depth limitation for collections which allows an attacker to crash the application through the stack overflow by providing malicious yaml...

Denial Of Service (DoS)

snakeyaml is vulnerable to Denial Of Service DoS. The vulnerability exists in the Composer function of Composer.java as it does not properly restrict the nested depth limitation for collections, allowing an attacker to crash the application through the stack overflow by providing malicious yaml...

Out-of-Bounds Read

vim is vulnerable to out-of-bound reads. Vulnerability exists in the msgouttransspecial function in message.c to cause an out-of-bounds read that can crash the application...

Cross-site Scripting (XSS)

keycloak-core is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the SAML protocol mapper when the UPLOADSCRIPTS feature is disabled...

Stored Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to stored cross-site scripting attacks. The attack is possible because the library does not sanitize the runbookURL parameter of RuleDetailsActionButtons.tsx file, which allows remote authenticated attackers to inject and execute malicious javascript on th...

Remote Code Execution (RCE)

activerecord is vulnerable to Remote Code Execution RCE. Active Record uses YAML.unsafeload to convert the YAML data in to Ruby objects allowing an attacker who can manipulate data in the database to execute malicious code remotely...

HTTP Request Smuggling

llhttp is vulnerable to HTTP request smuggling. The vulnerability exists because the http.js does not properly handle the CRLF sequence, allowing an attacker to smuggle HTTP requests by submitting LF characters without CR...

Heap-based Buffer Overflow

vim is vulnerable to heap-based buffer overflow. The vulnerability exists because the lisp indenting does not check for NULL earlier which causes an overflow...

Privilege Escalation

Linux kernel is vulnerable to privilege escalation. The vulnerability exists due to an out of bounds read due to a use after free allowing an attacker to escalate privilege within the system...