Database Authorization Bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

Arbitrary File Access Using A Symlink Attack

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka 'symlink path...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS attacks. The vulnerability exists as moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in whi...

Remote Code Execution (RCE)

busybox is vulnerable to remote code execution RCE attacks. The vulnerability exists in the decompress function in compress42.c in 1 ncompress 4.2.4 and 2 liblzw allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code, via crafted data that leads to a buffe...

Memory Corruption

Oracle MySQL has a stack-based buffer overflow vulnerability. It does not handle checking of user permission in MySQL, allowing an authenticated user to crash the mysqld daemon and subsequently leading to arbitrary code execution with the privileges of the user running the application...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service through a crafted application...

Directory Traversal

servlets-default is vulnerable to directory traversal attacks. The vulnerability exists due to default configuration of enabling directory traversal, allowing directories to be listed with a ; after a filename with a mapped extension...

Authentication Bypass

catalina is vulnerable to authentication bypass attacks. The vulnerability exists due to the improper handling of failed undeploy where the appBase files can remain after the failed undeploy process...

Out-Of-Bounds Read

libvirt.so is vulnerable to an out-of-bound read. The vulnerability exists in qemuDomainGetBlockIoTune function in qemu/qemudriver.c file because the live definition is used to look up the disk index while the persistant one is indexed which allows an attacker to cause a denial of service conditi...

Denial Of Service (DoS)

Apache poi is vulnerable to denial of service DoS attacks. Attackers can cause infinite loops, when parsing WMF, EMF, MSG and macro files. They can also cause Out-of-Memory OOM exceptions to occur when parsing DOC, PPT and XLS files...

Denial Of Service (DoS)

Undertow is vulnerable to denial of service DoS attacks. The library does not close its streaming websocket properly, leading to an infinite loop. A malicious user can use this behavior to cause multiple infinite loops that lead to the system running out of resources and crashing...

Information Disclosure

Tomcat is vulnerable to information disclosure. The library does not use the appropriate facade object when making calls to certain application listeners. This allows an untrusted application to retain a reference to the object and access or modify the associated information...

Remote Code Execution (RCE)

ffmpeg is vulnerable to remote code execution RCE. Wrong usage of strtoll in the httpreadstream function in http.c passes a negative chunksize in chunk encoding. Therefore, it leads to a buffer overflow allocated next to the AVIOContext structure which eventually causes rip control and then code...

Cross-site Scripting

console-common is vulnerable to cross-site scripting XSS attacks. They are possible because it does not perform HTML escaping properly...

Protection Mechanism Bypass

OpenSSL is vulnerable to protection mechanism bypass. This is because OpenSSL accepts several variations of certificate signature algorithms and signature encodings. It doesn't then enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. This...

Denial Of Service (DoS)

Bouncy Castle is vulnerable to Denial of Service DoS. The vulnerability is due to improper validation of F2m parameters, allowing an attacker to craft a certificate that causes high CPU usage during the evaluation of the curve parameters...

Improper Input Validation

Apache is vulnerable to Improper Input Validation. The vulnerability is caused due to inadequate input validation, which can be exploited by attackers to manipulate HTTP responses...

Remote Code Execution (RCE)

mssql-django is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to improper parameter sanitization, allowing attackers to execute arbitrary SQL statements, which can result in Remote Code Execution RCE...

Denial Of Service

nodejs:sid is vulnerable to Denial Of Service. The vulnerability is due to the HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, this server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

Insufficiently Protected Credentials

Apache Solr is vulnerable to Insufficiently Protected Credentials. The vulnerability is caused due to system property redaction logic inconsistencies. This allows an attacker to access sensitive system properties, including credentials such as passwords or secret keys...

Improper Access Control

libslurm.so is vulnerable to Improper Access Control. The vulnerability exists due to improper restrictions in the user-group list, which allow an attacker to perform unauthorized actions by modifying their extended group list...

Missing Encryption Of Sensitive Data

curl is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

Authentication Bypass

LibreNMS is vulnerable to Authentication Bypass. The vulnerability is due to improper rate limiting checks on login mechanisms using the GET method in the /?username=admin=password= endpoint. This can be exploited by an attacker to perform a brute force attack at the login endpoint, resulting in...

Information Disclosure

wordpress is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by tricking a user into installing a malicious Popup Builder plugin or by uploading a malicious plugin to a vulnerable WordPress installation. The malicious plugin would then inject malicious code into...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the WebAudio component in the library, which allows an attacker to potentially exploit heap corruption via a crafted HTML page...

Improper Authorization

samba is vulnerable to Improper Authorization. This vulnerability allows an attacker to truncate files, even with read-only permissions, when the Samba VFS module aclxattr is configured with aclxattr:ignore system acls = yes...

Path Traversal

samba is vulnerable to Path Traversal. An attacker could exploit this vulnerability by creating a malicious file with a specially crafted path and then uploading the file to a Samba share. When a user downloads the file, the Samba server will resolve the path to the file on the underlying...

Heap Buffer Overflow

Google Chrome is vulnerable to Heap Buffer Overflow. The vulnerability exists in the vp8 encoding in libvpx in the library, which allows an attacker to cause heap corruption via a maliciously crafted HTML page...

SQL Injection

cacti is vulnerable to SQL Injection attacks. An attacker could exploit this vulnerability by sending a specially crafted SQL injection payload to a vulnerable Cacti server. This payload could allow the attacker to escalate their privileges to the root user or execute arbitrary code on the server...

Timing Attack

python3.9 is vulnerable to Improper Access Control. The vulnerability exists due to a flaw in the way the hmac.comparedigest function in the Lib/hmac.py module compares two message digests. An attacker can exploit this vulnerability to distinguish between different message digests, which could be...

Improper Access Control

nodejs is vulnerable to Improper Access Control. This vulnerability exists due to a flaw in the way the module.constructor.createRequire API can be used to bypass the policy mechanism. An attacker can exploit this vulnerability to load modules outside of the policy...

Authentication Bypass

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists becuse the library does not properly validate image files, allowing an attacker to inject and execute malicious command through the file parser...

Remote Code Execution (RCE)

suricata is vulnerable to Remote Code Execution RCE. Lack of proper checking user input allows an attacker who controls an external source of Lua rules to upload and execute malicious code on the system...

Directory Traversal

suricata is vulnerable to Directory Traversal. A dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem...

Regular Expression Denial Of Service (ReDoS)

fast-xml-parser is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in the readDocType function at DocTypeReader.js which allows an attacker to cause an application crash by submitting an entity name with bad preforming regex because entity names are not sanitize...

Improper Certificate Validation

curl is vulnerable to Improper Certificate Validation. The vulnerability allows matching of wildcard patterns when listed as 'Subject Alternative Name' in TLS server certificates and could result in accepting patterns that otherwise should be mismatched...

Denial Of Service (DoS)

spring-boot-autoconfigure is vulnerable to Denial Of Service DoS. The vulnerability is applicable when the application has Spring MVC auto-configuration enabled and uses the Spring Boot welcome page, which can be either static or templated, and the application is deployed behind a proxy which...

Authentication Bypass

n8n is vulnerable to Authentication Bypass. The vulnerability is due to a lack of authentication in auth.ts when the url contains .svg, resulting in information disclosure...

File Upload Validation Bypass

Django is vulnerable to File Upload Validation Bypass. The vulnerability exists due to the FileInput class in widgets.py because uploading multiple files using one form field has never been officially supported by forms.FileField or forms.ImageField as only the last uploaded file was validated,...

Integer Overflow

chromium is vulnerable to interger overflow. A malicious attacker could perform a sandbox escape via a crafter html page by comprimising the renderer process leading to interger overflow...

Use After Free

chromium is vulnerable to Use After Free. Vulnerability is available within 'WebProtect' in 'Google Chrome' which allows an attacker to commit heap corruption via a crafter HTML page...

Stored Cross-Site Scripting (XSS)

andrewhaine/silverstripe-form-capture is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in form submissions, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Remote Code Execution

Microsoft .NET is vulnerable to Remote Code Execution. The vulnerability exists because DLL's can be loaded from an unexpected location which allows an attacker to inject and execute malicious code into the system, resulting in DLL Hijacking...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...

Denial Of Service (DoS)

net.minidev, json-smart is vulnerable to Denial Of Service DoS. The vulnerability exists because there is no nested depth checks for deeply nested JSON arrays or objects, which allows an attacker to crash the application via a malicious array with deeply nested elements...

Remote Code Execution (RCE)

SPIP is vulnerable to Remote Code Execution RCE. The vulnerability exists because of the improper sanitization of form values in the public area, allowing an attacker to inject and execute malicious code...

Information Disclosure

redmine is vulnerable to Information Disclosure. The library allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...

Arbitrary Code Execution

webkitgtk is vulnerable to Arbitrary Code Execution. Processing maliciously crafted web content may lead to arbitrary code execution which allows a remote attacker to create a specially crafted web page and trick the victim into opening it, triggering type confusion, and execute arbitrary code on...

Denial Of Service (DoS)

Linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists due to the out-of-bounds read in the vtkioctl function of vtioctl.c because it does not properly protect by lock-in vtioctl KDSETMDE, allowing an attacker to cause an application crash...