38355 matches found
HTTP Request Smuggling
Node is vulnerable to HTTP request smuggling. Failure to validate malformed HTTP requests allows an attacker to smuggle HTTP requests using malicious Transfer-Encoding header...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists due to a use-after-free error in fs/xfs/xfssuper.c...
Cross-Site Request Forgery (CSRF)
spring-web is vulnerable to cross-site request forgery CSRF. The CORS preflight requests does not validate the Origin header and allows for CSRF attacks. Non-authenticated endpoints are vulnerable except for Chrome-based browsers using client certificates authentication...
Reflected File Download
spring-web is vulnerable to reflected file download. The filename attribute that is derived from the user-supplied Content-Disposition header is not validated and sanitized, potentially resulting in the downloaded content of the response to be saved and executed as a file by the user's browser...
Session Fixation
Apache Tomcat Catalina is vulnerable to session fixation attack. The vulnerability exists because there is a flaw in checking whether an authentication information authType and principal are cached for a session and the validity of a session token in request when cache==false, allowing an attacke...
Denial Of Service (DoS)
Mozilla firefox is vulnerable to denial of service DoS. The vulnerability exists due to ,emory safety bugs fixed in Firefox 71 and Firefox ESR 68.3...
Remote Code Execution (RCE)
solr-velocity is vulnerable to remote code execution RCE. The vulnerability can be caused by loading custom Velocity templates containing malicious code since the solr resource loader in VelocityResponseWriter.java was on by default...
Denial Of Service (DoS)
kernel is vulnerable to arbitrary code execution. Lack of size checks from the reading of extra descriptor in the function usbgetextradescriptor in drivers/usb/core/usb.c leads to an application crash, and potentially allows an attacker to exploit the vulnerability to execute arbitrary code in th...
Denial Of Service (DoS)
OpenJDK is vulnerable to denial of service DoS. The vulnerability exists through an unexpected exception thrown by XPath processing crafted XPath expression...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists through a heap overflow in mwifiexupdatebssdescwithie function in marvell/mwifiex/scan.c...
Use-after-Free
Kernel is vulnerable to use-after-free in blkdrainqueue function in block/blk-core.c...
Deserialization Of Untrusted Data
FasterXML jackson-databind is vulnerable to deserialization of untrusted data . The vulnerability exists because there is a polymorphic typing issue because there are more than one association gadget types related to com.zaxxer.hikari.HikariConfig by default which allows an attacker to perform...
Information Disclosure
php is vulnerable to information disclosure. An out-of-bounds read in the function base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c causes PHP to read memory outside of the allocated buffers...
Denial Of Service (Dos)
php is vulnerable to denial of service. An out-of-bounds read due to integer overflow in the function iconvmimedecodeheaders can lead to information disclosure or allow an attacker to crash the application...
Denial Of Service (DoS)
PHP is vulnerable to denial of service DoS. A NULL pointer dereference is possible due to mishandling of ldapgetdn return value, allowing DoS via malicious LDAP server reply...
Denial Of Service (DoS)
PHP is vulnerable to denial of service DoS. An infinite loop is possible in ext/iconv/iconv.c when streaming filter with convert.incov on invalid sequence, leading to an application crash...
Authorization Bypass
httpd is vulnerable to authorization bypass. The vulnerability exists as modauthdigest has an access control bypass issue due to race condition...
Authorization Bypass
glibc is vulnerable to authorization bypass. Successful parsing of strings containing an IPv4 address appended with whitespace and arbitrary characters causes applications using glibc to parse incorrectly validated strings. This can potentially lead to circumvention of validation and authorizatio...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference in drivers/scsi/megaraid/megaraidsasbase.c leading to DoS...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists through a memory leak in drivers/net/wireless/mac80211hwsim.c:hwsimnewradionl can lead to potential denial of service...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The vulnerability exists in alarmtimernsleep function of alarmtimer.c due to an integer overflow which allows an attacker to crash the application via malicious input...
Denial Of Service (DoS)
libpng.so is vulnerable to denial of service. Failure to check the length of chunks against the user limit leads to a buffer overflow vulnerability that allows an attacker to crash the process or potentially execute arbitrary code on the system...
CRLF Injection
Python is vulnerable to CRLF Injection. Remote unauthenticated attacker could exploit the flaw by controling a url parameter, as demonstrated in the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed by an HTTP header or a Redis comman...
Information Disclosure
firefox/thunderbird is vulnerable to information disclosure. Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method...
Denial Of Service (DoS)
PHP is vulnerable to denial of serviceDoS attacks. This occurs in the pharparsepharfile function in ext/phar/phar.c which allows remote attackers to cause a memory consumption or application crash via a truncated manifest entry in a PHAR archive...
Denial Of Service (DoS)
Oracle Java SE is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown functionality of the subcomponent JMX. An unauthenticated attacker with network access via multiple protocols could compromise Java SE, Java SE Embedded, JRockit causing a partial denial of servi...
Privilege Escalation
Linux kernel is vulnerable to privilege escalation vulnerability. The vulnerability exists in the xc2028setconfig function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel. Local users could cause a denial of service via vectors involving omission of the firmware name from a certain dat...
Denial Of Service (DoS)
Apache httpd is vulnerable to denial of serviceDoS attacks. A remote user could send a specially crafted sequence of request headers to trigger a buffer overread error in apfindtoken and cause a segmentation fault which leads application to a crash...
Information Disclosure
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...
Denial Of Service (DoS)
KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet...
Information Disclosure
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or...
Information Disclosure
Oracle Java SE and Java SE Embedded are vulnerable to information disclosure. A remote user can exploit a flaw in the Networking component to access sensitive information...
Sandbox Restrictions Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...
Sensitive Information Leakage
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic acce...
Denial Of Service (DoS)
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic acce...
Arbitrary File Read And Write
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...
Denial Of Service (DoS)
mysql is vulnerable to denial of service DoS. The vulnerability exists similarly to Server : InnoDB...
Denial Of Service (DoS)
file is vulnerable to denial of service. Multiple flaws were found in the way file parsed Executable and Linkable Format ELF files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources...
CRLF Injection
OpenSSH is vulnerable to CRLF injection. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions...
Denial Of Service (DoS)
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. A denial of...
Use-After-Free
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Man-In-The-Middle (MitM)
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Path Traversal
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Sensitive Information Disclosure
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
XML External Entity (XXE)
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Sandbox Restrictions Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...
Denial Of Service (DoS)
jenkins is vulnerable to denial of service. A remotely authenticated user is able to cause a denial of service condition caused by improper plug-in and tool installation via malicious update center data...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...