38153 matches found
Server-side Request Forgery (SSRF)
cxf-core is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the lack of URL encode in MTOM content-id, which allows an attacker to perform SSRF-style attacks on web services that take at least one parameter of any type through the href attribute of XOP:Include...
Denial Of Service (DoS)
protobuf-java is vulnerable to Denial Of Service DoS. A remote attacker can cause objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses, when the inputs contain multiple instances of non-repeated embedded messages with...
Type Confusion
qt5-qtwebengine is vulnerable to type confusion. A remote attacker is able to potentially exploit heap corruption via a crafted HTML page resulting in type confusion vulnerability...
Denial Of Service (DoS)
Linux Kernel is vulnerable to denial of service. The vulnerability exists due to the memory leaks in the ipv6renewoptions function of the IPv6 Handler component, allowing an attacker to cause an application crash...
Authorization Bypass
Spring Security Web is vulnerable to Authorization Bypass. The vulnerability exists in AuthorizationFilter because it incorrectly extends OncePerRequestFilter which allows an attacker to bypass authorization rules via forward or include dispatcher types...
Arbitrary Code Execution
php8 is vulnerable to code executions. The vulnerability exists in imageloadfont function due to insufficient input validation which allows a remote attacker to execute arbitrary code via the Hardware Layer Code Box component on the /hardware page of the application...
Improper Access Control
openjdk is vulnerable to improper access control. The vulnerability allows an attacker to perform unauthorized updates, insertions or deletions of some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...
Information Disclosure
git is vulnerable to information disclosure. A local attacker is able to convinces a victim to clone a repository with a symbolic link pointing at a restricted component on the victim's machine, which allows the attacker to gain access to confidential information...
Regular Expression Denial Of Service (ReDoS)
loader-utils is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to insecure regular expression in the url variable of the interpolateName function in interpolateName.js. A remote attacker can cause denial of service via malicious regex...
Remote Code Execution (RCE)
chromium is vulnerable to remote code execution. The vulnerability exists due to insufficient validation of untrusted input in VPN, allowing an attacker to crash the application by providing a malicious input...
Privilege Escalation
rpm is vulnerable to Privilege Escalation. The vulnerability exists because of sets the desired permissions and credentials after installing a files in the system which allows a remote attacker to elevate privileges...
Restriction Bypass
chromium is vulnerable to use after free. The vulnerability exists because an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page...
Cross-site Scripting (XSS)
grapesjs is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the class name in ClassTagView.ts when it adds to the selector manager, allowing an attacker to inject and execute malicious javascript...
Stored Cross-Site Scripting (XSS)
github.com/grafana/grafana is vulnerable to stored cross-site scripting attacks. The attack is possible because the library does not sanitize the runbookURL parameter of RuleDetailsActionButtons.tsx file, which allows remote authenticated attackers to inject and execute malicious javascript on th...
Heap-based Buffer Overflow
vim is vulnerable to heap-based buffer overflow. The vulnerability exists because the lisp indenting does not check for NULL earlier which causes an overflow...
Authorization Bypass
shiro-core is vulnerable to authorization bypass. The vulnerability exists due to the case-insensitive regex pattern matching used in the matches function of RegExPatternMatcher.java, allowing an attacker to bypass the servlet container when RegExPatternMatcher with . in the regular expression...
Information Disclosure
vim is vulnerable to information disclosure. A buffer over-read in function grabfilename is capable of crashing the software, memory modification, and possible remote execution...
Use After Free
kernel is vulnerable to use after free. The vulnerability exists due to a memory corruption in the hsofreenetdevice function of drivers/net/usb/hso.c which allows an attacker to escalate their privileges on the system...
Denial Of Service (DoS)
MariaDB is vulnerable to denail of service. The vulnerability exists due to a deadlock when executing the plugin/serveraudit/serveraudit.c method logstatementex...
Denial Of Service (DoS)
Envoy is vulnerable to denial of service. The vulnerability exists due to a segmentation fault in the GrpcHealthCheckerImpl allowing an attacker to crash the system by controlling an upstream host and also controlling the service discovery of that host via DNS, the EDS API, etc. and forcing the...
Remote Code Execution (RCE)
grub2 is vulnerable to remote code execution. The vulnerability exists due to a use-after-free vulnerability in grubcmdchainloader function which allows an attacker to gain access to restricted data...
Privilege Escalation
Linux kernel is vulnerable to privilege escalation. The vulnerability exists due to an out of bounds read due to a use after free allowing an attacker to escalate privilege within the system...
Denial Of Service (DoS)
firefox is vulnerable to denial of service. The vulnerability exists due to incorrect assembly generation on arm64 leading to a register allocation problem which causes an application crash...
Privilege Escalation
Slurm is vulnerable to Privilege Escalation. The vulnerability exists due to an Incorrect Access Control allowing an attacker to bypass the authorization to gain higher access...
Cross-Site Request Forgery (CSRF)
MCMS is vulnerable to cross site request forgery. The vulnerability exists due to lack of handling of parameters, allowing an attacker to bypass authentication and submit request on the behalf of the server and gain access to internal resources via the file or endpoint /role/saveOrUpdateRole.do...
SQL Injection
asterisk is vulnerable to SQL injection. The vulnerability exists due to a lack of sanitization of input for backslash characters in SQL queries allowing an attacker to make maliciously crafted queries...
Authentication Bypass
ngxhttpluamodule is vulnerable to authentication bypass. The vulnerability exists because it doesn't properly restrict the user inputs which allows an attacker to insert unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
Cross-site Scripting (XSS)
privatebin is vulnerable to cross-site scripting. No sanitization in handling Attachment before sending for preview in SVG in AttachmentViewer allows malicious script execution in instance context...
Remote Code Execution
Gzip is vulnerable to remote code execution. Insufficient validations when processing filenames with two or more newlines allow remote attackers to force zgrep or xzgrep to write arbitrary files on the system...
HTTP Request Smuggling (HRS)
twisted is vulnerable to http request smuggling. The vulnerability exists in twisted.web due to inconsistent interpretation of http requests which allows a remote attacker to conduct HTTP request smuggling attacks via a crafted request...
Denial Of Service (DoS)
linux is vulnerable to denial of service. An attacker is able to crash the system by connected a maliciously crafted USB device via the drivers/net/wireless/marvell/mwifiex/usb.c...
Denial Of Service (DoS)
.NET and Visual Studio are vulnerable to denial of service. The vulnerability exists due to a lack of sanitization allowing an attacker to crash the system...
Cross-site Scripting (XSS)
com.liferay:com.liferay.layout.admin.web is vulnerable to cross-site scripting. The library does not properly escape the COLLECTIONNAME parameter before it output to the front end, allowing an attacker to inject and execute malicious javascript...
Privilege Escalation
github.com/snapcore/snapd is vulnerable to privilege escalation. The scopensnapdtool function of tool.c does not properly validate the location of the snap-confine binary, allowing an attacker to hardlink setuid binaries to another location when fs.protectedhardlinks is 0...
Information Disclosure
hashicorp-vault-plugin is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access to sensitive information by controlling agent processes to obtain Vault secrets via an attacker-specified path and key...
Denial Of Service (DoS)
vim is vulnerable to denial of service. The vulnerability exists due to a heap-based buffer overflow which allows an attacker to cause an application crash...
Denial Of Service (DoS)
openjdk17 is vulnerable to denial of service. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle...
Use After Free
chrome is vulnerable to use-after free. The vulnerability exists in v8 allowed a remote attacker to potentially crash via a crafted HTML page...
Symlink Attack
glib2 is vulnerable to symlink attack. The vulnerability exists due to a dangling symlink which incorrectly creates the target of the symlink as an empty file, which have security relevance if the symlink is attacker-controlled...
CVE-2020-25722
samba is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of access and conformance of data stored allowing total domain compromise...
Improper Input Validation
Java SE is vulnerable to improper input validation. an attacker can perform service disruption through the swing component in the oracle GraalVM enterprise edition...
Privilege Escalation
linux is vulnerable to privilege escalation. The vulnerability exists due to a type confusion in kernel/bpf/verifier.c...
Information Disclosure
Linux is vulnerable to information disclosure. The vulnerability exists due to the system incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault...
Privilege Escalation
linux-gkeop is vulnerable to privilege escalation. The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a...
Denial Of Service (DoS)
firefox is vulnerable to denial of service. An exploitable crash is possible from incorrect instruction reordering during JIT optimization...
Information Disclosure
jetty-servlets is vulnerable to information disclosure. Lack of proper handling of requests to the ConcatServlet with a doubly encoded path allows an attacker to access protected resources within the WEB-INF directory. For example, sending /concat?/%2557EB-INF/web.xml can retrieve the web.xml fil...
Arbitrary Values
go has arbitrary values. The vulnerability exists due to arbitrary values retrieved from DNS which is not sanitized before including in HTML...
Denial Of Service (DoS)
linux-oracle:groovy is vulnerable to denial of service. The vulnerability exists in drivers/net/ethernet/freescale/gianfar.c due to a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets which allows an attacker to crash the application via malicious...
Remote Code Execution (RCE)
gsoap is vulnerable to remote code execution. An attacker can send a malicious SOAP HTTP that can lead to a remote code execution...
Remote Code Execution (RCE)
chromium is vulnerable to remote code execution. The vulnerability exists due to an Out of bounds read in IPC. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page...