38149 matches found
Remote Code Execution (RCE)
system.data.common is vulnerable to remote code execution RCE. The vulnerability exists as it allows unrestricted polymorphic deserialization in DataSet without proper validation...
Deserialization Of Untrusted Data
org.drools:drools-compiler is vulnerable to deserialization of untrusted data. The vulnerability exists due to lack of serialization in multiple functions in CompositeKnowledgeBuilderImpl.java and KnowledgeBuilderImpl.java which allows an attacker to execute arbitrary malicious code on the system...
Cross-Site Scripting (XSS)
moodle/moodle is vulnerable to stored cross-site scripting. The vulnerability exists in renderassignusersummary function in renderer.php because the identity fields in allocate marker form are not properly escaped which allows an attacker to inject and execute arbitrary javascript...
Insecure Randomness
php is vulnerable to insecure randomness. The vulnerability as it was discovered that the PHP lcgvalue function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to genera...
Denial Of Service (DoS)
MySQL is vulnerable to denial of service DoS attacks. The vulnerability exists due to some unknown processing of the component InnoDB in the MySQL Server component of Oracle MySQL. A high privileged attacker with network access via multiple protocols could gain unauthorized creation, deletion or...
XML External Entity (XXE) Injection
magento/community-edition is vulnerabile to XML External Entity XXE Injection. The vulnerability is due to improper handling of XML documents which allows for external entities to be referenced, leading to potential arbitrary code execution. An attacker can exploit this by sending a crafted XML...
Improper Input Validation
jsonwebtoken is vulnerable to improper input validation. A remote attacker is able to write arbitrary files on the host machine via the secretOrPublicKey argument from the readme link of the jwt.verify function due to improper input validation. The vulnerability is only possible if untrusted...
Denial Of Service (DoS)
decode-uri-component is vulnerable to Denial Of Service DoS. A remote attacker is able to cause denial of service conditions via sending a malicious payload through the decode function in index.js due to improper input validation...
Privilege Escalation
git is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization which allows an attacker to gain access and perform unauthenticated actions in the system...
Information Disclosure
python is vulnerable to information disclosure. A regression of CVE-2019-9636 due to a functional fix to allow port numbers in netloc allows an attacker to locate confidential information such as cookies and authentication data and forward the information to a different host. python: regression o...
Potential Remote Code Execution Via Java Object Deserialization
Apache Commons includes a class called InvokerTransformer. An application is vulnerable to a deserialization attack if this class is available on the classpath and the application deserializes untrusted or user-supplied data. It's not necessary to actually use InvokerTransfomer to be vulnerable...
Information Disclosure
jetty-server is vulnerable to Information Disclosure. The vulnerability exists because the cookie parsing of quoted values can exfiltrate values from other cookies because the cookie VALUE that starts with " double quote will continue to read the cookie string until it sees a closing quote even i...
Cross-site Scripting (XSS)
rails is vulnerable to Cross-site Scripting XSS. The library does not properly escape input data passed as hash keys for tag attributes in Action View tag helpers, allowing an attacker to inject and execute malicious javascript...
Prototype Pollution
minimist is vulnerable to Prototype Pollution. An attacker can inject properties into existing construct prototypes via the setKey function in the index.js and modify attributes such as proto, constructor, and prototype...
Prototype Pollution
protobufjs is vulnerable to Prototype Pollution. The vulnerability exists in the setProperty function of util.js, which allows an attacker to inject and modify malicious properties such as proto, resulting in prototype pollution...
Improper Input Validation
jetty-http is vulnerable to improper input validation. The vulnerability exists because the authority function of HttpURI.java does not properly validate the path parameter as a valid authority, allowing an attacker to parse invalid URLs such as http://localhost;/path for the hostname...
Use-After-Free
linux is vulnerable to use-after-free. The vulnerability exists write function which allows a local user to gain unauthorized access to data from the FUSE file system...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of service. A stack overflow in modauthdigest allows an attacker to crash the application...
Remote Code Execution (RCE) Through Deserialization
Jackson-databind is vulnerable to remote code execution RCE attacks. These attacks are possible during bean deserialization. Using this flaw attackers are able to execute code and commands. In order to be vulnerable to this attack, either the use of @JsonTypeInfouse = JsonTypeInfo.Id.CLASS or...
Use-After-Free
curl is vulnerable to Use-After-Free. When getting denied to tunnel the specific protocols such as SMB or TELNET, the library uses a heap-allocated struct after it had been freed, in its transfer shutdown code path resulting in use after free conditions...
Regular Expression Denial Of Service (ReDoS)
jquery-validation is vulnerable to regular expression denial of service. The vulnerability exists in the url parse function in src/core.js, and due to insufficient regular expression complexity checks an attacker can cause a ReDoS when supplying input to the url parse function. This CVE exists du...
SQL Injection
Moodle is vulnerable to SQL injection. An attacker is able to inject malicious SQL script via Badges code relating to configuring criteria as it fails to validate profile criteria when reviewing...
Privilege Escalation
rh-mysql80-mysql is vulnerable to privilege escalation. A high privileged attacker with network access via multiple protocols to compromise MySQL server, resulting in unauthorized update, insert or delete access to some of MySQL server accessible data...
Remote Code Execution (RCE)
cassandra-all is vulnerable to remote code execution. When enableuserdefinedfunctions, enablescripteduserdefinedfunctions, and enablescripteduserdefinedfunctions are set, an attacker can inject and execute malicious code on the host through the scripted UDFs...
Privilege Escalation
linux is vulnerable to privilege escalation. The vulnerability exists due to a double free bug in packetsetring in net/packet/afpacket.c...
Privilege Escalation
freeswitch is vulnerable to privilege escalation. The vulnerability exists due to SIP requests of the type SUBSCRIBE are not authenticated by default...
Remote Code Execution (RCE)
sqlite-jdbc is vulnerable to Remote Code Execution RCE. The vulnerability exists because the extractResource function of SQLiteConnection.java does not properly validate the user input URL, which allows an attacker to inject and execute malicious code through the JDBC URL...
Path Traversal
cxf-rt-transports-http is vulnerable to Path Traversal. The vulnerability exists in the handleRequest function of AbstractHTTPServlet.java when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes, allowing an attacker to access any path on the syst...
OS Command Injection
openssl is vulnerable to OS command injection. The crehash script does not properly sanitise shell metacharacters to prevent command injection which allows an attacker to execute arbitrary commands with the privileges of the script...
Remote Code Execution (RCE)
jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the deserialization of a JSON payload that uses the br.com.anteros.dbcp.AnterosDBCPConfig gadget...
Arbitrary Code Injection
Tomcat Catalina is vulnerable to Arbitrary Code Injection. The vulnerability exists in the report function of JsonErrorReportValve.java due to improper escaping of inputs from JsonErrorReportValve which allows an attacker to inject invalid input values...
Remote Code Execution (RCE)
xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...
Remote Code Execution (RCE)
codeigniter4/framework is vulnerable to Remote Code Execution RCE. The vulnerability exists because the Validation.php does not properly validate the validation placeholders, which allows an attacker to inject and execute malicious code...
Information Disclosure
rh-mysql80-mysql is vulnerable to information disclosure. The vulnerability exists in the Server: PAM Auth Plugin component, allowing attackers to modify the critical data or all MySQL Server accessible data through the multiple protocols...
Arbitrary File Deletion
WordPress is vulnerable to Arbitrary File Deletion. The vulnerability can be triggered because the application does not check the filename inside the wpdeleteattachment function in wp-includes/post.php, allowing an attacker to input a malicious filename string via thumb parameter to cause arbitra...
Code Injection
dolibarr/dolibarr is vulnerable to Code Injection. The vulnerability exists when the CMS Website plugin is enabled due to not properly check for different uppercase manipulations of ?php, which allows an attacker to inject and execute arbitrary code into the system...
Prototype Pollution
xml2js is vulnerable to Prototype Pollution. The vulnerability exists because the library does not properly validate the incoming JSON keys, allowing an attacker to modify the proto. attribute...
Privilege Escalation
grub2 is vulnerable to privilege escalation. A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can...
Remote Code Execution
redis is vulnerable to remote code execution. A persistent key-value database is prone to a Debian-specific Lua sandbox escape due to a packaging issue allows an attacker to upload and execute malicious code on the targeted system...
Authentication Bypass
salt is vulnerable to authentication bypass. The vulnerability exists as the salt-master process fails to properly validate method calls, allowing an attacker to retrieve user tokens and run arbitrary commands on salt minions...
Access Restriction Bypass
org.springframework.boot:spring-boot-actuator-autoconfigure is vulnerable to Access Restriction Bypass. The vulnerability is due to improper wild card matching, which allows a remote attacker to bypass access restrictions and gain access to the system. Please note that the vulnerability is only...
Arbitrary Memory Write
firefox is vulnerable to Arbitrary Memory Write. An attacker is able to construct a PKCS 12 cert bundle in such a way that may allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
Insecure Access Control
Apache HTTP Server has insecure access control. The vulnerability exists due to the system not sending the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism...
Cross Site Request Forgery (CSRF)
Grafana is vulnerable to cross site request forgery. An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible...
Prototype Pollution
dojo is vulnerable to prototype pollution. The vulnerability exists in setObject function of lang.js due to lack of object validations which allows an attacker to inject arbitrary object properties which can potentially lead to execution of arbitrary code...
Regular Expression Denial Of Service (ReDoS)
nth-check is vulnerable to regular expression denial of service. The vulnerability exists due to inefficient regular expression complexity in parse.ts, which may crash the system when parsing a malicious string...
Arbitrary Code Execution (ACE)
Qiskit is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe deserialization in the qiskit.qpy.load function, which allows a maliciously crafted QPY file to execute embedded Python code without privilege escalation...
XML External Entity (XXE)
xmlbeans is vulnerable to XML External Entity attacks. The vulnerability exists due to the lack of sanitization of XML input containing a reference to an external entity which is processed by a weakly configured XML parser allowing an attacker to exhaust the system resource via recursive external...
Use After Free
A vulnerability was found in the vmwgfx driver that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and ...
SQL Injection
JDBCAppender in Log4j is vulnerable to SQL Injection. An attacker is able to execute arbitrary SQL commands via entering crafted strings into input fields and headers where the values to be inserted are converters from PatternLayout...