38468 matches found
Timing Attack
github.com/hashicorp/vault is vulnerable to Timing Attacks. The vulnerability exists in mult and div functions of shamir.go because of not implementing a constant time which allows an attacker to observe a large number of unseal operations on the host...
Regular Expression Denial Of Service (ReDoS)
loader-utils is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the resourcePath variable in interpolateName.js, allowing an attacker to crash the application by providing a malicious input...
Authorization Bypass
squirrelmail is vulnerable to authorization bypass. THe vulnerability exists as SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a remote attacker to perform a clickjacking attack against logged in users and possibly gain access to sensitive user data...
Information Disclosure
jetty-server is vulnerable to Information Disclosure. The vulnerability exists because the cookie parsing of quoted values can exfiltrate values from other cookies because the cookie VALUE that starts with " double quote will continue to read the cookie string until it sees a closing quote even i...
Open Redirect
got is vulnerable to open redirect. The vulnerability exists onResponseBase function in index.ts because the redirects are enabled to UNIX sockets which allows an attacker to redirect to malicious URLs...
Denial Of Service (DoS)
dicer is vulnerable to denial of service. The vulnerability exists in parseHeader function in HeaderParser.js due to the use of a variable h which allows an attacker to modify and send the form to server and crash the service...
Remote Code Execution (RCE) Through Deserialization
Jackson-databind is vulnerable to remote code execution RCE attacks. These attacks are possible during bean deserialization. Using this flaw attackers are able to execute code and commands. In order to be vulnerable to this attack, either the use of @JsonTypeInfouse = JsonTypeInfo.Id.CLASS or...
XML External Entity (XXE) Injection
magento/community-edition is vulnerabile to XML External Entity XXE Injection. The vulnerability is due to improper handling of XML documents which allows for external entities to be referenced, leading to potential arbitrary code execution. An attacker can exploit this by sending a crafted XML...
Improper Input Validation
jetty-http is vulnerable to improper input validation. The vulnerability exists because the authority function of HttpURI.java does not properly validate the path parameter as a valid authority, allowing an attacker to parse invalid URLs such as http://localhost;/path for the hostname...
Cross-Site Scripting (XSS)
moodle/moodle is vulnerable to stored cross-site scripting. The vulnerability exists in renderassignusersummary function in renderer.php because the identity fields in allocate marker form are not properly escaped which allows an attacker to inject and execute arbitrary javascript...
Remote Code Execution (RCE)
system.data.common is vulnerable to remote code execution RCE. The vulnerability exists as it allows unrestricted polymorphic deserialization in DataSet without proper validation...
Insecure Randomness
php is vulnerable to insecure randomness. The vulnerability as it was discovered that the PHP lcgvalue function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to genera...
Deserialization Of Untrusted Data
org.drools:drools-compiler is vulnerable to deserialization of untrusted data. The vulnerability exists due to lack of serialization in multiple functions in CompositeKnowledgeBuilderImpl.java and KnowledgeBuilderImpl.java which allows an attacker to execute arbitrary malicious code on the system...
Denial Of Service (DoS)
com.fasterxml.jackson.core:jackson-databind is vulnerable to Denial Of Service DoS. A malicious user is able to cause a StackOverflow exception using a large depth of nested objects resulting in a denial of service conditions...
Remote Code Execution
redis is vulnerable to remote code execution. A persistent key-value database is prone to a Debian-specific Lua sandbox escape due to a packaging issue allows an attacker to upload and execute malicious code on the targeted system...
Information Disclosure
python is vulnerable to information disclosure. A regression of CVE-2019-9636 due to a functional fix to allow port numbers in netloc allows an attacker to locate confidential information such as cookies and authentication data and forward the information to a different host. python: regression o...
Information Disclosure
Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed Snappy and LZ4 compressed input in the Java decompressor implementations, which allows a remote attacker to craft input that causes previously used buffer contents to be included in t...
Improper Input Validation
jsonwebtoken is vulnerable to improper input validation. A remote attacker is able to write arbitrary files on the host machine via the secretOrPublicKey argument from the readme link of the jwt.verify function due to improper input validation. The vulnerability is only possible if untrusted...
Use-After-Free
linux is vulnerable to use-after-free. The vulnerability exists write function which allows a local user to gain unauthorized access to data from the FUSE file system...
Privilege Escalation
freeswitch is vulnerable to privilege escalation. The vulnerability exists due to SIP requests of the type SUBSCRIBE are not authenticated by default...
Denial Of Service (DoS)
MySQL is vulnerable to denial of service DoS attacks. The vulnerability exists due to some unknown processing of the component InnoDB in the MySQL Server component of Oracle MySQL. A high privileged attacker with network access via multiple protocols could gain unauthorized creation, deletion or...
Potential Remote Code Execution Via Java Object Deserialization
Apache Commons includes a class called InvokerTransformer. An application is vulnerable to a deserialization attack if this class is available on the classpath and the application deserializes untrusted or user-supplied data. It's not necessary to actually use InvokerTransfomer to be vulnerable...
Prototype Pollution
protobufjs is vulnerable to Prototype Pollution. The vulnerability exists in the setProperty function of util.js, which allows an attacker to inject and modify malicious properties such as proto, resulting in prototype pollution...
Cross-site Scripting (XSS)
rails is vulnerable to Cross-site Scripting XSS. The library does not properly escape input data passed as hash keys for tag attributes in Action View tag helpers, allowing an attacker to inject and execute malicious javascript...
Denial Of Service (DoS)
decode-uri-component is vulnerable to Denial Of Service DoS. A remote attacker is able to cause denial of service conditions via sending a malicious payload through the decode function in index.js due to improper input validation...
SQL Injection
Moodle is vulnerable to SQL injection. An attacker is able to inject malicious SQL script via Badges code relating to configuring criteria as it fails to validate profile criteria when reviewing...
Prototype Pollution
minimist is vulnerable to Prototype Pollution. An attacker can inject properties into existing construct prototypes via the setKey function in the index.js and modify attributes such as proto, constructor, and prototype...
Regular Expression Denial Of Service (ReDoS)
jquery-validation is vulnerable to regular expression denial of service. The vulnerability exists in the url parse function in src/core.js, and due to insufficient regular expression complexity checks an attacker can cause a ReDoS when supplying input to the url parse function. This CVE exists du...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of service. A stack overflow in modauthdigest allows an attacker to crash the application...
Remote Code Execution (RCE)
sqlite-jdbc is vulnerable to Remote Code Execution RCE. The vulnerability exists because the extractResource function of SQLiteConnection.java does not properly validate the user input URL, which allows an attacker to inject and execute malicious code through the JDBC URL...
Use-After-Free
curl is vulnerable to Use-After-Free. When getting denied to tunnel the specific protocols such as SMB or TELNET, the library uses a heap-allocated struct after it had been freed, in its transfer shutdown code path resulting in use after free conditions...
OS Command Injection
openssl is vulnerable to OS command injection. The crehash script does not properly sanitise shell metacharacters to prevent command injection which allows an attacker to execute arbitrary commands with the privileges of the script...
Remote Code Execution (RCE)
cassandra-all is vulnerable to remote code execution. When enableuserdefinedfunctions, enablescripteduserdefinedfunctions, and enablescripteduserdefinedfunctions are set, an attacker can inject and execute malicious code on the host through the scripted UDFs...
Remote Code Execution (RCE)
struts2-core is vulnerable to remote code execution RCE. The vulnerability exists through the possibility of a forced double OGNL expression through the $itemValue expression in simple/radiomap.ftl...
Remote Code Execution (RCE)
jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the deserialization of a JSON payload that uses the br.com.anteros.dbcp.AnterosDBCPConfig gadget...
Privilege Escalation
rh-mysql80-mysql is vulnerable to privilege escalation. A high privileged attacker with network access via multiple protocols to compromise MySQL server, resulting in unauthorized update, insert or delete access to some of MySQL server accessible data...
Privilege Escalation
linux is vulnerable to privilege escalation. The vulnerability exists due to a double free bug in packetsetring in net/packet/afpacket.c...
Open Redirect
follow-redirects is vulnerable to Open Redirect. The vulnerability is due to improper input validation of URL's in the url.parse function. This issue can be exploited by an attacker to redirect users to malicious page leading to information disclosure or phishing attacks...
Remote Code Execution (RCE)
codeigniter4/framework is vulnerable to Remote Code Execution RCE. The vulnerability exists because the Validation.php does not properly validate the validation placeholders, which allows an attacker to inject and execute malicious code...
Path Traversal
cxf-rt-transports-http is vulnerable to Path Traversal. The vulnerability exists in the handleRequest function of AbstractHTTPServlet.java when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes, allowing an attacker to access any path on the syst...
Information Disclosure
rh-mysql80-mysql is vulnerable to information disclosure. The vulnerability exists in the Server: PAM Auth Plugin component, allowing attackers to modify the critical data or all MySQL Server accessible data through the multiple protocols...
Prototype Pollution
xml2js is vulnerable to Prototype Pollution. The vulnerability exists because the library does not properly validate the incoming JSON keys, allowing an attacker to modify the proto. attribute...
Arbitrary Code Injection
Tomcat Catalina is vulnerable to Arbitrary Code Injection. The vulnerability exists in the report function of JsonErrorReportValve.java due to improper escaping of inputs from JsonErrorReportValve which allows an attacker to inject invalid input values...
SQL Injection
JDBCAppender in Log4j is vulnerable to SQL Injection. An attacker is able to execute arbitrary SQL commands via entering crafted strings into input fields and headers where the values to be inserted are converters from PatternLayout...
Regular Expression Denial Of Service (ReDoS)
nth-check is vulnerable to regular expression denial of service. The vulnerability exists due to inefficient regular expression complexity in parse.ts, which may crash the system when parsing a malicious string...
Remote Code Execution (RCE)
xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...
Arbitrary File Deletion
WordPress is vulnerable to Arbitrary File Deletion. The vulnerability can be triggered because the application does not check the filename inside the wpdeleteattachment function in wp-includes/post.php, allowing an attacker to input a malicious filename string via thumb parameter to cause arbitra...
Access Restriction Bypass
org.springframework.boot:spring-boot-actuator-autoconfigure is vulnerable to Access Restriction Bypass. The vulnerability is due to improper wild card matching, which allows a remote attacker to bypass access restrictions and gain access to the system. Please note that the vulnerability is only...
Arbitrary Memory Write
firefox is vulnerable to Arbitrary Memory Write. An attacker is able to construct a PKCS 12 cert bundle in such a way that may allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
Insecure Access Control
Apache HTTP Server has insecure access control. The vulnerability exists due to the system not sending the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism...