Denial Of Service

libtiff.so is vulnerable to Denial Of Service attack. The vulnerability is due to a lack of codec validation in the tiffcp utility. A heap based buffer overflow is caused while processing a crafted TIFF file, leading to Denial of Service DoS...

Denial Of Service (DoS)

libtiff.so is vulnerable to Denial of Service. The vulnerability is caused by the TIFFReadDirEntryArrayWithLimit and EstimateStripByteCounts functions in tifdirread.c failing to verify if the requested memory size was greater than the actual file size due to allocating memory based on the size of...

Arbitrary Code Injection

quartz-jobs is vulnerable to Arbitrary code injection. The vulnerability is due to lack of message validation in the SendQueueMessageJob.execute method, which can lead to remote code execution...

XML External Entity (XXE)

python3.9 is vulnerable to XML External Entity XXE. This vulnerability exists due to a flaw in the way the plistlib module parses certain XML plist files. An attacker can exploit this vulnerability by sending a specially crafted plist file that references an external entity, which could allow the...

Improper Access Control

nodejs is vulnerable to Improper Access Control. This vulnerability exists due to a flaw in the way the module.constructor.createRequire API can be used to bypass the policy mechanism. An attacker can exploit this vulnerability to load modules outside of the policy...

Out-of-bounds Write

qemu is vulnerable to Out-of-bounds Write. This vulnerability occurs since there is no check for the value of 'srclen' and 'dstlen' in 'virtiocryptosymophelper' resulting in a heap-based buffer overflow...

Directory Traversal

suricata is vulnerable to Directory Traversal. A dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem...

Sandbox Escape

vm2 is vulnerable to Sandbox Escape. The vulnerability exists because the library does not properly sanitize a Promise return, allowing an attacker to escape the sandbox and inject and execute malicious code...

Heap-based Buffer Overflow

libtiff.so is vulnerable to Heap-based Buffer Overflow. The vulnerability exists in the processCropSelections at tiffcrop.c due to not correctly updating the buffer size after rotateImage is called which causes an application crash...

Regular Expression Denial Of Service (ReDoS)

fast-xml-parser is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in the readDocType function at DocTypeReader.js which allows an attacker to cause an application crash by submitting an entity name with bad preforming regex because entity names are not sanitize...

Denial Of Service (DoS)

spring-boot-autoconfigure is vulnerable to Denial Of Service DoS. The vulnerability is applicable when the application has Spring MVC auto-configuration enabled and uses the Spring Boot welcome page, which can be either static or templated, and the application is deployed behind a proxy which...

File Upload Validation Bypass

Django is vulnerable to File Upload Validation Bypass. The vulnerability exists due to the FileInput class in widgets.py because uploading multiple files using one form field has never been officially supported by forms.FileField or forms.ImageField as only the last uploaded file was validated,...

Use After Free

chromium is vulnerable to Use After Free. Vulnerability is available within 'WebProtect' in 'Google Chrome' which allows an attacker to commit heap corruption via a crafter HTML page...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...

Stored Cross-Site Scripting (XSS)

andrewhaine/silverstripe-form-capture is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in form submissions, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Remote Code Execution

Microsoft .NET is vulnerable to Remote Code Execution. The vulnerability exists because DLL's can be loaded from an unexpected location which allows an attacker to inject and execute malicious code into the system, resulting in DLL Hijacking...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...

Denial Of Service (DoS)

net.minidev, json-smart is vulnerable to Denial Of Service DoS. The vulnerability exists because there is no nested depth checks for deeply nested JSON arrays or objects, which allows an attacker to crash the application via a malicious array with deeply nested elements...

Remote Code Execution (RCE)

SPIP is vulnerable to Remote Code Execution RCE. The vulnerability exists because of the improper sanitization of form values in the public area, allowing an attacker to inject and execute malicious code...

Information Disclosure

redmine is vulnerable to Information Disclosure. The library allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...

Privilege Escalation

Linux kernel is vulnerable to Privilege Escalation. The vulnerability exists in the ALSA PCM package because of the missing locks in the SNDRVCTLIOCTLELEMREAD|WRITE32, which leads to use-after-free, resulting in gaining access to ring0 from the system user...

Denial Of Service (DoS)

Linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists due to the out-of-bounds read in the vtkioctl function of vtioctl.c because it does not properly protect by lock-in vtioctl KDSETMDE, allowing an attacker to cause an application crash...

Integer Overflow

apr-util and apr is vulnerable to Integer Overflow.The vulnerability exists in aprbase64 function because it allows an attacker to write beyond bounds of a buffer which affects the apache portable runtime...

Heap-based Buffer Overflow

linux is vulnerable to Heap-based Buffer Overflow. A local attacker is able to cause heap-based buffer overflows when a user connects to a malicious USB device which allows the attacker to crash the system or escalate their privileges...

Timing Attack

openssl is vulnerable to Timing Attack. The vulnerability exists in rsa/rsaossl.c because an attacker can recover ciphertext with a Bleichenbacher style attack by sending a large number of trial messages...

Use-After-Free

openssl is vulnerable to Use-After-Free. The vulnerability exists because there is a missing check for the return value from the initialization function which allows an attacker to cause an application crash...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to Denial of Service DoS attacks. Successful attacks of this vulnerability allows an authenticated attacker to cause a hang or frequently repeatable crash...

Out Of Bound Read

xrdp is vulnerable to Out of Bound Reads. The vulnerability exists due to the out of bound read in the xrdpcapsprocessconfirmactive function of the library, allowing an attacker to cause an application crash or access sensitive information...

Remote Code Execution (RCE)

org.apache.karaf.jaas.modules is vulnerable to remote code execution. The vulnerability exists because the doCreateDatasource function in JDBCUtils.java does not properly validate the jndiName parameter in the JNDI scheme when a configuration uses a JNDI LDAP data source URI, allowing an attacker...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to the heap buffer overflow in GPU in the library, allowing an attacker to perform a sandbox escape via a crafted HTML page, leading to an application crash...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. An attacker can cause heap corruption via a crafted HTML page, leading to an application crash...

Cross-Origin Resource Sharing (CORS)

quarkus-vertx-http is vulnerable to an insecure cross-origin resource sharing CORS policy. The vulnerability exists because the XMLHttpRequest has no event listeners registered on the object returned by the XMLHttpRequest upload property, allowing an attacker to send malicious GET and POST reques...

Information Disclosure

github.com/grafana/synthetic-monitoring-agent is vulnerable to information disclosure.The vulnerability exists in multiple functions due to default installation of synthetic-monitoring-agent which allows an attacker to communicate with the Synthetic Monitoring API via a debugging endpoint...

Denial Of Service (DoS)

samba is vulnerable to denial of service DoS attacks. The library fails to guard against integer overflows when parsing a PAC on a 32-bit system, which allows an attacker with a forged PAC to corrupt the heap...

Denial Of Service (DoS)

Linux is vulnerable to Denial Of Service DoS. The vulnerability exists in the ismergeableanonvma function of rmap.c due to a use-after-free related to leaf anonvma double reuse which allows an attacker to cause an application crash by providing malicious input...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Optimizer component, allowing an attacker to cause an application crash and modify some MySQL Server accessible data through the multiple protocols...

Out-of-bound Write

Apache Commons BCEL is vulnerable to Out-of-bound Write. The vulnerability is due to ConstantPool.java and ConstantPoolGen.java improperly handing MAXCPENTRIES which allows an attacker to pass data to specific APIs and control the resulting bytecode causing out-of-bound writes...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS attacks. The locked virStoragePoolObj object in the storagePoolLookupByTargetPath function is not properly released on ACL permission failures which allows clients connected to the read-write socket with limited ACL permissions to acquire the lock...

Authorization Bypass

github.com/cloudflare/cloudflare-warp is vulnerable to authorization bypass. The vulnerability is due to the type WarpRoutingConfig struct parameter in configuration.go not properly validating endpoint configuration parameters which allows to malicious users to bypassing Zero Trust enrolled...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS attacks. A malicious user is able to cause an integer overflow leading to a segmentation fault through a multi-gigabyte XML document when the XMLPARSEHUGE parser option enabled, causing the application to crash...

Improper Verification Of Cryptographic Signature

Passport-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts...

Remote Code Execution

moodle/moodle is vulnerable to remote code execution. The vulnerability exists in convertconfigdata function of lib.php when restoring backup files which allows an attacker to execute remote codes in the system...

Privilege Escalation

github.com/grafana/grafana is vulnerable to privilege escalation. A remote admin is able to take over the server admin account and gain full control of the particular grafana instance when auth proxy is used, via calling a fake datasource publicly through this proxying feature...

Remote Code Execution (RCE)

vm2 is vulnerable to remote code execution. The vulnerability exists in the Object.defineProperties function of setup-sandbox.js, allowing an attacker to bypass the sandbox protections by injecting and executing malicious code on the sandbox host...

Insecure Token

An issue was found in fts5UnicodeTokenize in ext/fts5/fts5tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" class Cc, was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a use after free in Extensions API allowing an attacker to inject maliciously crafted code into the system...

Timing Attack

@fastify/bearer-auth is vulnerable to timing attacks. The vulnerability exists because the timingSafeEqual functionality in the compare function of plugin.js does not securely perform a constant-time comparison against the length of the bearer token, allowing an attacker to guess the length of th...

Remote Code Execution

ldap-account-manager is vulnerable to remote code execution. An attacker is able to inject the first constructor argument leading to code execution if non-LAM classes are instantiated during object creation...

Session Fixation

silverstripe/hybridsessions is vulnerable to session fixation. The vulnerability exists because the destroy function of DatabaseStore.php does not properly reset the user session after logging out, allowing an attacker to gain privileges via the client-side cookie...

Denial Of Service (DoS)

curl is vulnerable to denial of service. The vulnerability exists because the amount of accepted "chained" algorithms is very high which allows an attacker to cause an application crash...