Path Traversal

samba is vulnerable to Path Traversal. An attacker could exploit this vulnerability by creating a malicious file with a specially crafted path and then uploading the file to a Samba share. When a user downloads the file, the Samba server will resolve the path to the file on the underlying...

Heap Buffer Overflow

Google Chrome is vulnerable to Heap Buffer Overflow. The vulnerability exists in the vp8 encoding in libvpx in the library, which allows an attacker to cause heap corruption via a maliciously crafted HTML page...

Remote Code Execution

Microsoft .NET 7.0 and .NET 6.0 are vulnerable to Remote Code Execution RCE. The vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to RCE...

Man-in-the-Middle (MitM)

open-vm-tools is vulnerable to Man-in-the-Middle MitM attacks. This vulnerability can be exploited by an attacker with man-in-the-middle MITM network positioning between vCenter and the ESXi host hosting the virtual machine to bypass SAML token signature verification, to perform VMware Tools Gues...

Timing Attack

python3.9 is vulnerable to Improper Access Control. The vulnerability exists due to a flaw in the way the hmac.comparedigest function in the Lib/hmac.py module compares two message digests. An attacker can exploit this vulnerability to distinguish between different message digests, which could be...

Authentication Bypass

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists becuse the library does not properly validate image files, allowing an attacker to inject and execute malicious command through the file parser...

Remote Code Execution (RCE)

suricata is vulnerable to Remote Code Execution RCE. Lack of proper checking user input allows an attacker who controls an external source of Lua rules to upload and execute malicious code on the system...

Directory Traversal

suricata is vulnerable to Directory Traversal. A dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem...

Use After Free

Google Chrome is vulnerable to Use After Free. The vulnerability is due to improper memory management in the media API, which results in heap corruption via crafted HTML page...

Improper Certificate Validation

curl is vulnerable to Improper Certificate Validation. The vulnerability allows matching of wildcard patterns when listed as 'Subject Alternative Name' in TLS server certificates and could result in accepting patterns that otherwise should be mismatched...

Denial Of Service (DoS)

openssl is vulnerable to Denial of Service DoS. The vulnerability causes applications using 'OBJobj2txt' directly, or use any OpenSSL subsystem with no message size limit to experience notable to very long delays when processing those messages, which may lead to a Denial of Service...

Denial Of Service (DoS)

spring-boot-autoconfigure is vulnerable to Denial Of Service DoS. The vulnerability is applicable when the application has Spring MVC auto-configuration enabled and uses the Spring Boot welcome page, which can be either static or templated, and the application is deployed behind a proxy which...

Authentication Bypass

n8n is vulnerable to Authentication Bypass. The vulnerability is due to a lack of authentication in auth.ts when the url contains .svg, resulting in information disclosure...

Denial Of Services (DoS)

openssl is vulnerable to Denial Of Services DoS. The vulnerability exists due to the bug in the AES-XTS cipher decryption implementation for 64 bit ARM platform, which reads the past input buffer, leading to an application crash...

Integer Overflow

chromium is vulnerable to interger overflow. A malicious attacker could perform a sandbox escape via a crafter html page by comprimising the renderer process leading to interger overflow...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...

Remote Code Execution (RCE)

net.sourceforge.htmlunit:htmlunit is vulnerable to Remote Code Execution RCE. The vulnerability exists in the transform function in XSLTProcessor.java, which allows an attacker to upload and execute malicious code on the system...

Denial Of Services (DoS)

graphql-java is vulnerable to Denial Of Services DoS. An attacker can send a maliciously crafted GraphQL query that causes excessive stack consumption, which can lead to an application crash...

Arbitrary Code Execution

webkitgtk is vulnerable to Arbitrary Code Execution. Processing maliciously crafted web content may lead to arbitrary code execution which allows a remote attacker to create a specially crafted web page and trick the victim into opening it, triggering type confusion, and execute arbitrary code on...

Information Disclosure

Linux kernel is vulnerable to Information Disclosure. The vulnerability exists because the internal memory locations could be returned to userspace, allowing an attacker with permission to insert eBPF code into the kernel, which leads to a leak of internal kernel memory details when handling...

Denial Of Service (DoS)

github.com/containerd/containerd is vulnerable to Denial of Service DoS. The vulnerability exists because the onUntarJSON function in importer.go does not properly limit the number of bytes read for specific files when importing an OCI image, allowing an attacker to cause an application crash...

Privilege Escalation

github.com/containerd/containerd is vulnerable to Privilege Escalation. An authenticated attacker is able to use supplementary group access to bypass primary group restrictions in some cases where supplementary groups are not set up properly inside a container, which allows the attackers to acqui...

Information Disclosure

linux is vulnerable to Information Disclosure. An attacker is able to gain access to leaked kernel pointers remotely via l2capparseconfreq function of net/bluetooth/l2capcore.c, resulting in disclosure of sensitive information...

Denial Of Service (DoS)

kernel is vulnerable to Denial of Service DoS attacks. The vulnerability exists in the smb2ioctlqueryinfo function of fs/cifs/smb2ops.c, in Common Internet File System CIFS due to an incorrect return from the memdupuser function. This flaw allows a local, privileged attacker to crash the system...

Command Injection

github.com/rancher/wrangler is vulnerable to Command Injection attacks. An attacker is able to change the library's behavior and cause confusion when a specially crafted command is executed through Git, because it uses the underlying Git binary present on the host OS or container image...

Denial Of Service (DoS)

bind is vulnerable to Denial of Service DoS. The vulnerability exists because Bind incorrectly handled a large number of UPDATE messages which allows a remote attacker to use this issue to cause Bind to consume resources, resulting in a denial of service...

Authentication Bypass

github.com/KubeOperator/KubeOperator is vulnerable to Authentication Bypass. The vulnerability exists because the V1 function of v1api.go does not properly handle the online application routing permissions, allowing an attacker to bypass the system's preset permission settings to access some API...

XML External Entity (XXE)

swift is vulnerable to XML External Entity XXE attacks. The vulnerability allows a remote authenticated attacker to access potentially sensitive data in S3 buckets by persuading the S3 API into returning arbitrary file contents from the host server...

Denial Of Service (DoS)

ruby-nokogiri is vulnerable to denial of service DoS attacks. The library fails to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash which may lead to a null pointer exception when invalid markup is being parsed, causing denial of service conditions...

HTTP Response Splitting

netty-codec-http is vulnerable to HTTP response splitting attack. The vulnerability exists in the setObject function of DefaultHeaders.java as it takes the arrays and iterators as arguments, providing a way to bypass value validation allowing an attacker to inject malicious header values into the...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. An attacker can cause heap corruption via a crafted HTML page, leading to an application crash...

Denial Of Service (DoS)

libgpac.so is vulnerable to denial of service. The vulnerability exists due to unlimited length checks and user-controllable content in the smilparsetimelist function of svgattributes.c, resulting in a stack overflow...

Improper Certification Validation

certifi is vulnerable to improper certificate validation. The vulnerability exists due to an untrustworthy certificate authority TrustCor root certificate, which are now marked as invalid...

Cross-site Scripting (XSS)

nextcloud-desktop is vulnerable to cross-site scripting. An attacker can inject and execute malicious HyperText Markup Language into the Desktop Client application...

Information Disclosure

github.com/grafana/synthetic-monitoring-agent is vulnerable to information disclosure.The vulnerability exists in multiple functions due to default installation of synthetic-monitoring-agent which allows an attacker to communicate with the Synthetic Monitoring API via a debugging endpoint...

Remote Code Execution (RCE)

quarkus-vertx-http is vulnerable to remote code execution. The vulnerability exists in multiple functions due to drive-by localhost attacks which allows an attacker to inject and execute malicious query parameters via the Dev UI Config Editor...

Authentication Bypass

github.com/prometheus/exporter-toolkit is vulnerable to authentication bypass. It is possible to bypass the security mechanisms by poisoning the built-in authentication cache when an attacker has access to the web.yml file and user's hashed bcrypted passwords...

Use After Free

linux-azure, linux-aws, linux-gcp, linux-oracle and linux-kvm is vulnerable to Use After Free. The vulnerability exists in mm/mremap.c via a stale tlb because of a rmap lock is not held during a pud move...

Denial Of Service (DoS)

Linux is vulnerable to Denial Of Service DoS. The vulnerability exists in the ismergeableanonvma function of rmap.c due to a use-after-free related to leaf anonvma double reuse which allows an attacker to cause an application crash by providing malicious input...

Privilege Escalation

rh-mysql80-mysql is vulnerable to privilege escalation. A high privileged attacker with network access via multiple protocols to compromise MySQL server, resulting in unauthorized update, insert or delete access to some of MySQL server accessible data...

Arbitrary Code Execution

nodejs is vulnerable to Arbitrary Code Execution. The vulnerability exists because the IP addresses are not properly handled which allows an attacker to perform DNS rebinding and execute arbitrary code...

Authorization Bypass

github.com/cloudflare/cloudflare-warp is vulnerable to authorization bypass. The vulnerability is due to the type WarpRoutingConfig struct parameter in configuration.go not properly validating endpoint configuration parameters which allows to malicious users to bypassing Zero Trust enrolled...

Out-of-bounds Write

libtiff.so is vulnerable to out-of-bound write. The vulnerability exists due to a heap based buffer overflow in uint32t parameter in tifdir.c which allows an attacker to submit a malicious code file into the system and perform out of bound writes...

Improper Verification Of Cryptographic Signature

Passport-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts...

Heap-based Buffer Overflow

tcppreplay is vulnerable to heap-based buffer overflow. The vulnerability exists in the parsempls in get.c which allows an attacker to cause buffer overflows...

Denial Of Service (DoS)

mediawiki is vulnerable to denial of service. The vulberability exists in HTMLUserTextField where the attacker will code a specially crafted code to expose the existence of the hidden users...

Denial Of Service (DoS)

kafka-clients is vulnerable to denial of service. An attacker can crash the application through the OutOfMemoryException in the readArray function of ByteBufferAccessor.java by providing large amounts of memory on brokers...

Authentication Bypass

github.com/kubevela/kubevela is vulnerable to authentication bypass. The vulnerability exists in authentication.go because the users are allowed use the platformID to re-generate the JWT tokens which allows an attacker to bypass the authentication...

Use-after-poison

MariaDB is vulnerable to an use-after-poison. The vulnerability exists due to lack of proper memory handling in sanitizercommoninterceptors.inc which allows an attacker to do a use-after-poison...