Remote Code Execution

Microsoft .NET is vulnerable to Remote Code Execution. The vulnerability exists because DLL's can be loaded from an unexpected location which allows an attacker to inject and execute malicious code into the system, resulting in DLL Hijacking...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...

Denial Of Service (DoS)

net.minidev, json-smart is vulnerable to Denial Of Service DoS. The vulnerability exists because there is no nested depth checks for deeply nested JSON arrays or objects, which allows an attacker to crash the application via a malicious array with deeply nested elements...

Remote Code Execution (RCE)

SPIP is vulnerable to Remote Code Execution RCE. The vulnerability exists because of the improper sanitization of form values in the public area, allowing an attacker to inject and execute malicious code...

Information Disclosure

redmine is vulnerable to Information Disclosure. The library allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...

Denial Of Service (DoS)

Linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists due to the out-of-bounds read in the vtkioctl function of vtioctl.c because it does not properly protect by lock-in vtioctl KDSETMDE, allowing an attacker to cause an application crash...

Information Disclosure

Linux kernel is vulnerable to Information Disclosure. The vulnerability exists because the internal memory locations could be returned to userspace, allowing an attacker with permission to insert eBPF code into the kernel, which leads to a leak of internal kernel memory details when handling...

Denial Of Service (DoS)

github.com/containerd/containerd is vulnerable to Denial of Service DoS. The vulnerability exists because the onUntarJSON function in importer.go does not properly limit the number of bytes read for specific files when importing an OCI image, allowing an attacker to cause an application crash...

Use-After-Free

openssl is vulnerable to Use-After-Free. The vulnerability exists because there is a missing check for the return value from the initialization function which allows an attacker to cause an application crash...

Denial Of Service (DoS)

kernel is vulnerable to Denial of Service DoS attacks. The vulnerability exists in the smb2ioctlqueryinfo function of fs/cifs/smb2ops.c, in Common Internet File System CIFS due to an incorrect return from the memdupuser function. This flaw allows a local, privileged attacker to crash the system...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to Denial of Service DoS attacks. Successful attacks of this vulnerability allows an authenticated attacker to cause a hang or frequently repeatable crash...

Command Injection

github.com/rancher/wrangler is vulnerable to Command Injection attacks. An attacker is able to change the library's behavior and cause confusion when a specially crafted command is executed through Git, because it uses the underlying Git binary present on the host OS or container image...

Denial Of Service (DoS)

bind is vulnerable to Denial of Service DoS. The vulnerability exists because Bind incorrectly handled a large number of UPDATE messages which allows a remote attacker to use this issue to cause Bind to consume resources, resulting in a denial of service...

XML External Entity (XXE)

swift is vulnerable to XML External Entity XXE attacks. The vulnerability allows a remote authenticated attacker to access potentially sensitive data in S3 buckets by persuading the S3 API into returning arbitrary file contents from the host server...

Remote Code Execution (RCE)

org.apache.karaf.jaas.modules is vulnerable to remote code execution. The vulnerability exists because the doCreateDatasource function in JDBCUtils.java does not properly validate the jndiName parameter in the JNDI scheme when a configuration uses a JNDI LDAP data source URI, allowing an attacker...

Denial Of Service (DoS)

ruby-nokogiri is vulnerable to denial of service DoS attacks. The library fails to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash which may lead to a null pointer exception when invalid markup is being parsed, causing denial of service conditions...

Information Disclosure

kernel is vulnerable to Information Disclosure. This vulnerability occurs in some IntelR processors due to return predictor targets being shared non-transparently between contexts. This allows a potential attacker to view and disclose sensitive information through local access...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to the heap buffer overflow in GPU in the library, allowing an attacker to perform a sandbox escape via a crafted HTML page, leading to an application crash...

Cross-site Scripting (XSS)

nextcloud-desktop is vulnerable to cross-site scripting. An attacker can inject and execute malicious HyperText Markup Language into the Desktop Client application...

Information Disclosure

github.com/grafana/synthetic-monitoring-agent is vulnerable to information disclosure.The vulnerability exists in multiple functions due to default installation of synthetic-monitoring-agent which allows an attacker to communicate with the Synthetic Monitoring API via a debugging endpoint...

Authentication Bypass

github.com/prometheus/exporter-toolkit is vulnerable to authentication bypass. It is possible to bypass the security mechanisms by poisoning the built-in authentication cache when an attacker has access to the web.yml file and user's hashed bcrypted passwords...

Denial Of Service (DoS)

samba is vulnerable to denial of service DoS attacks. The library fails to guard against integer overflows when parsing a PAC on a 32-bit system, which allows an attacker with a forged PAC to corrupt the heap...

Privilege Escalation

rh-mysql80-mysql is vulnerable to privilege escalation. A high privileged attacker with network access via multiple protocols to compromise MySQL server, resulting in unauthorized update, insert or delete access to some of MySQL server accessible data...

Out-of-bound Write

Apache Commons BCEL is vulnerable to Out-of-bound Write. The vulnerability is due to ConstantPool.java and ConstantPoolGen.java improperly handing MAXCPENTRIES which allows an attacker to pass data to specific APIs and control the resulting bytecode causing out-of-bound writes...

Arbitrary Code Execution

nodejs is vulnerable to Arbitrary Code Execution. The vulnerability exists because the IP addresses are not properly handled which allows an attacker to perform DNS rebinding and execute arbitrary code...

Authorization Bypass

github.com/cloudflare/cloudflare-warp is vulnerable to authorization bypass. The vulnerability is due to the type WarpRoutingConfig struct parameter in configuration.go not properly validating endpoint configuration parameters which allows to malicious users to bypassing Zero Trust enrolled...

Out-of-bounds Write

libtiff.so is vulnerable to out-of-bound write. The vulnerability exists due to a heap based buffer overflow in uint32t parameter in tifdir.c which allows an attacker to submit a malicious code file into the system and perform out of bound writes...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS attacks. A malicious user is able to cause an integer overflow leading to a segmentation fault through a multi-gigabyte XML document when the XMLPARSEHUGE parser option enabled, causing the application to crash...

Improper Verification Of Cryptographic Signature

Passport-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts...

Heap-based Buffer Overflow

tcppreplay is vulnerable to heap-based buffer overflow. The vulnerability exists in the parsempls in get.c which allows an attacker to cause buffer overflows...

Arbitrary Code Execution

webkitgtk is vulnerable to Arbitrary Code Execution. The vulnerability exists due to a out-of-bounds write issue which allows an attacker to send maliciously crafted web content that may lead to arbitrary code execution...

Remote Code Execution

moodle/moodle is vulnerable to remote code execution. The vulnerability exists in convertconfigdata function of lib.php when restoring backup files which allows an attacker to execute remote codes in the system...

Improper Input Validation

chromium is vulnerable to improper input validation. The vulnerability exists due to improper input validation in Mojo extension, which allows a remote attacker to perform a sandbox escape via a crafted HTML page...

Cookie Injection

react/http is vulnerable to cookie injection. The vulnerability exists due to a lack of sanitization in the decode function in urldecode in Message/ServerRequest.php allowing an attacker to counterfeit cookies...

Insecure Token

An issue was found in fts5UnicodeTokenize in ext/fts5/fts5tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" class Cc, was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later...

Use-after-poison

MariaDB is vulnerable to an use-after-poison. The vulnerability exists due to lack of proper memory handling in sanitizercommoninterceptors.inc which allows an attacker to do a use-after-poison...

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to the use after free in the library, allowing an attacker to crash the application by providing a malicious input...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a use after free in Extensions API allowing an attacker to inject maliciously crafted code into the system...

Timing Attack

@fastify/bearer-auth is vulnerable to timing attacks. The vulnerability exists because the timingSafeEqual functionality in the compare function of plugin.js does not securely perform a constant-time comparison against the length of the bearer token, allowing an attacker to guess the length of th...

Use-After-Free

qemu is vulnerable to use-after-free. The vulnerability exists in USB EHCI controller emulation because EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets which allows an attacker to cause an application crash...

Command Injection

git-clone is vulnerable to command injection. The vulnerability exists due to the insecure usage of the --upload-pack feature of git. An attacker with the ability to control the options object provided to the clone function through the options.args array, is able to inject arbitrary commands to r...

Remote Code Execution

ldap-account-manager is vulnerable to remote code execution. An attacker is able to inject the first constructor argument leading to code execution if non-LAM classes are instantiated during object creation...

Insecure Cryptography

ujson is vulnerable to insecure cryptography. The vulnerability exists in a JSON string contains escaped surrogate characters which are not part of a proper surrogate pair, the library may decode those characters incorrectly which allows remote attackers to cause unintended behavior in the...

Remote Code Execution (RCE)

openssl is vulnerable to remote code execution. The vulnerability exists due to the improper RSA implementation of AVX512IFMA instructions in X8664 CPUs, allowing an attacker to crash the application by providing a malicious input...

Session Fixation

silverstripe/hybridsessions is vulnerable to session fixation. The vulnerability exists because the destroy function of DatabaseStore.php does not properly reset the user session after logging out, allowing an attacker to gain privileges via the client-side cookie...

Log Injection

org.apache.sling:org.apache.sling.api and org.apache.sling:org.apache.sling.commons.log is vulnerable to log injection. A remote attacker with privileges to forge logs, is able to inject fake logs and potentially corrupt log files, causing unintended behavior in the the system...

Path Traversal

github.com/golang/go is vulnerable to Path Traversal. The vulnerability exists because the Clean function of path.go does not properly remove the . prefix when the file path contains :, allowing an attacker to access files outside the expected directory on windows...

Out-of-Bounds Read

Apache HTTP Server is vulnerable to out of bounds read. The vulnerability exists due to a memory corruption when configured to process requests with the modisapi module...

Denial Of Service (DoS)

libtiff is vulnerable to denial of service. The vulnerability exists due to a buffer overflow in the "invertImage" function in the component "tiffcrop" allowing an attacker to crash the system via the "invertImage"...

Denial Of Service (DoS)

mariadb is vulnerable to denial of service. getsortbytable in MariaDB allows an application crash via certain subquery uses of ORDER BY...