Authorization Bypass

openssh is vulnerable to authorization bypass attacks. The vulnerability exists as the x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user with the CAPSYSRAWIO capability inside a guest could use this flaw to crash the host...

Cookie Leak

libcurl.so is vulnerable to cookie leak. A remote attacker is able to set or send arbitrary cookies for certain sites. libcurl.so parses IP addresses similar to domain names, where a site with an IP address of 192.168.0.1 can set or send cookies for another site ending with .168.0.1...

Double Free Vulnerability

PHP is vulnerable to a double free. It is due to a flaw in zendtshashgracefuldestroy function in the PHP ZTS module...

Denial Of Service (DoS)

libkrb5.so is vulnerable to denial of service DoS attacks. The vulnerability exists in the krb5gssprocesscontexttoken function of lib/gssapi/krb5/processcontexttoken.c where a terminated security-context handle could be used by authenticated users to cause a Denial of Service DoS attack...

Directory Traversal

Django is vulnerable to directory traversal attacks. Attacker can perform unauthorized file access using the ssi templating tag which is configured in the ALLOWEDINCLUDEROOTS setting incorrectly. Therefore it is opening up the loophole to use relative path provided in the ALLOWEDINCLUDEROOTS...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the nfs4getacluncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cau...

Information Leakage

libxslt is vulnerable to an information leakage. It happens because generate-id function in libxslt/functions.c exposes sensitive information about heap memory addresses...

Remote Code Execution (RCE)

httpd is vulnerable to remote code execution RCE. The modrewrite.c in the modrewrite module does not sanitize non-printable characters before writing to a log file, allowing a remote attacker to inject escape sequences for a terminal emulator into the log file via an HTTP request, resulting in...

Cross-site Request Forgery (CSRF)

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...

Cross-site Scripting (XSS)

openjdk is vulnerable to an unspecified vulnerability. The vulnerability affects client deployment of Java, and allows remote attackers to affect integrity via vectors related to RMI...

Directory Traversal When Route Globbing Configurations Are Enabled

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

Weak Authentication

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...

Information Disclosure

jboss is vulnerable to information disclosure attacks. The vulnerability exists as twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments...

XML Encryption Backwards Compatibility Attack

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

Man-in-the-Middle (MitM)

OpenSSL is vulnerable to man in the middle MitM attacks. These attacks are possible because an attacker can force OpenSSL to use a zero-length master key. This allows attackers to hijack sessions and obtain sensitive information. This is also known as the "CCS Injection"...

Denial Of Service (DoS)

glibc is vulnerable to denial of service DoS attacks. The vulnerability exists through a buffer overflow issue in the extendbuffers function in the regular expression matcher posix/regexec.c in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service memor...

Remote Code Execution (RCE)

gimp is vulnerable to remote code execution RCE attacks. The vulnerability exists due to multiple stack-based buffer overflows in file-xwd.c in the X Window Dump XWD plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large 1...

Cross-site Scripting (XSS)

Python SimpleHTTPServer is vulnerable to cross-site scripting XSS. The listdirectory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser vi...

Remote Code Execution (RCE)

jackson-databind is susceptible to deserialisation vulnerability. The vulnerability is due to the lack of openjpa class blockage, allowing a remote attacker to leverage this vulnerability to execute arbitrary code...

Replay Attack

tomcat-util is vulnerable to replay attacks. The vulnerability exists due to the improper handling of empty requests to the SSL port, allowing a duplicate copy of a recent request to be replayed...

Denial Of Service (DoS)

libnetsnmp.so is vulnerable to denial of service DoS attacks. A malicious user can pass a GetNext PDU with multiple Varbinds to the application, causing a NULL Pointer Exception that can crash the application...

Directory Traversal

JavaServer Faces is vulnerable to directory traversal. A malicious user can access arbitrary files through loc parameters in the function ResourceManager.java:getLocalePrefix...

Denial Of Service (DoS) Through Use-After-Free (UAF)

libcurl.so is vulnerable to denial of service DoS attacks through a use-after-free UAF bug. The use-after-free vulnerability is caused when libcurl leaves a dangling pointer to a freed connection struct, causing a DoS attack...

Arbitrary File Writing

DotNetZip.Semverd is vulnerable to arbitrary file writing aka zip-slip vulnerability. The vulnerability is possible because it does not check that the relative paths in a zip file don't go outside of the target directory...

Remote Code Execution (RCE) Via Memory Corruption

microsoft.chakracore is vulnerable to remote code execution via memory corruption vulnerability. This happens when an attacker inputs a large numeric or spread array literal to ByteCodeGenerator, leading to an out-of-bounds write. This CVE ID is different from CVE-2017-11886, CVE-2017-11889,...

Cross-site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting XSS attacks. A malicious user can use the database variable to inject and execute arbitrary Javascript when the database variable is called through the designer feature...

Cache Timing Side-Channel Attack

openssl is vulnerable to cache timing side-channel attacks. The vulnerability exists due to the lack of constant time comparison during the RSA key generation of p and q, resulting in the potential ability to recover the private key...

Arbitrary Code Execution

github.com/golang/go is vulnerable to arbitrary code execution attacks. The library does not properly validate the import path when the -insecure flag is used for the go get command. This allows a malicious user to execute arbitrary commands through the use of a malicious website...

Arbitrary Command Execution

Dulwich is vulnerable to arbitrary command execution. When using the SSH subprocess, an attacker can use an ssh URL with the - dash character in the hostname.This is related to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

Arbitrary Code Execution

spring-data-rest servers are vulnerable to arbitrary code execution attacks. The attacks exist because it does not check the path before processing PATCH requests to the server, allowing the attackers to submit patch requests with malicious JSON data...

Denial Of Service (DoS)

ImageMagick is susceptible to denial of service DoS attacks. The vulnerability is caused due to not properly handling memory allocation in the formatIPTC method in coders/meta.c...

HTTP Smuggling

undertow is vulnerable to HTTP Smuggling attacks. The library does not verify that messages do not contain invalid headers, allowing a malicious user to conduct http smuggling that can lead to cross-site scripting attacks. This is related to an incomplete fix in CVE-2017-2666...

XML External Entity (XXE)

Glassfish web-core is vulnerable to XML External Entity XXE attacks. These allow remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference. This is relate...

Denial Of Service (DoS) Through Memory Consumption

OpenSSL is vulnerable to denial of service DoS through memory consumption. This can be triggered through a DTLS handshake method which forces OpenSSL to process a large amount of data, exhausting the memory...

Denial Of Service (DoS) Through Memory Consumption

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because there is a memory leak in the tlsdecryptticket function which can be triggered through a session ticket...

Information Disclosure

OpenSSL is vulnerable to decryption oracle attacks. A malicious user on the network can use the server as an oracle to determine the SSLv2 master key...

Cache-timing Attack

OpenSSL is vulnerable to a cache-timing attack. The attack exists due to a flaw in signing function of crypto/ecdsa/ecdsaossl.c which sets the BNFLGCONSTTIME flag for nonces instead of taking a secure code path in the BNmodinverse method...

Server-Side Request Forgery (SSRF)

n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...

Information Disclosure

apacheairflow is vulnerable to a Information Disclosure. The vulnerability is due to an insecure umask configuration in numerous Airflow components when running with the --daemon flag, resulting in a race condition that results in setting files within the airflow home directory world writable...

Denial Of Service (DOS)

NodeJS is vulnerable to Denial Of Service DOS. The vulnerability is caused due the fact that the fetch function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed int...

Information Disclosure

Apache Camel is vulnerable to Information Disclosure. The vulnerability is due to improper validation for EventFactory implementations and the handling of ExchangeCreatedEvent instances. This flaw allows attackers to craft malicious EventFactory instances and provide custom ExchangeCreatedEvent...

Reachable Assertion

libbind9.so is vulnerable to an assertion failure during recursive resolution. The vulnerability is due to a bad interaction between DNS64 and serve-stale features when both are enabled. This can potentially leads to Denial of service...

Unrestricted File Upload

Apache Solr is vulnerable to Unrestricted File Upload. The vulnerability is due to the ConfigSets API accepting and uploading jar/class files without proper restriction of file type. When backing up Solr Collections, the configSet files will be saved to disk, but if the backup directory is includ...

Regular Expression Denial Of Service (ReDoS)

fastapi is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the python-multipart dependency which utilized a Regex expression with inefficient complexity. An attacker can inject a malicious Content-Type header, which causes the application to hang while it...

Use After Free

Canvas in Google Chrome is vulnerable to Use after free.The vulnerability is due to referencing memory after it has been freed which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

OS Command Injection

OpenSSH is susceptible to an OS command injection flaw because it fails to adequately validate user names or host names that include shell metacharacters. This flaw enables attackers to exploit these names through an expansion token in certain scenarios, such as when a submodule in an untrusted G...

Stack Overflow

Ion Java is vulnerable to Stack Overflow. The vulnerability is due to improper validation while deserializing Ion text encoded data, or deserializing Ion text or binary encoded data into an IonValue model. This issue can be exploited by an attacker via crafted malicious Ion data, resulting in...

Denial Of Service (DoS)

org.mvel: mvel2 is vulnerable to Denial Of Service DoS. The vulnerability is due to the ParseTools.subCompileExpression method which times or executes for an indefinite time when parsing a crafted MVFLEX Expression MVEL. A malicious user can craft an MVEL expression and pass to the...

SQL Injection And Path Traversal

Cacti is vulnerable to SQL Injection and Path Traversal. The vulnerability is caused due to improper input sanitization within link.php component. This allows an authorized user to execute arbitrary code on the server...