Access Restriction Bypass

slf4j-ext is vulnerable to remote code execution RCE through access restriction bypass. Attackers can use data passed to the EventData class in order to bypass intended access restrictions, causing a deserialization vulnerability...

Information Disclosure

openssh is vulnerable to information disclosure attacks. The vulnerability exists as sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users ...

Key Reinstallation Attack (KRACK)

wpasupplicant is vulnerable to key reinstallation attack KRACK. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol...

Use-After-Free

Linux kernel is vulnerable to privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKETV3 ring buffer. A local user able to op...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service heap memory corruption via an...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. Quick emulatorQemu built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS attacks. The vulnerability exists as a race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service L1 guest OS crash via a crafted instruction that triggers an L2 emulation failure repor...

Authorization Bypass

openssh is vulnerable to authorization bypass attacks. The vulnerability exists as the x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to...

Cookie Leak

libcurl.so is vulnerable to cookie leak. A remote attacker is able to set or send arbitrary cookies for certain sites. libcurl.so parses IP addresses similar to domain names, where a site with an IP address of 192.168.0.1 can set or send cookies for another site ending with .168.0.1...

Double Free Vulnerability

PHP is vulnerable to a double free. It is due to a flaw in zendtshashgracefuldestroy function in the PHP ZTS module...

Denial Of Service (DoS)

libkrb5.so is vulnerable to denial of service DoS attacks. The vulnerability exists in the krb5gssprocesscontexttoken function of lib/gssapi/krb5/processcontexttoken.c where a terminated security-context handle could be used by authenticated users to cause a Denial of Service DoS attack...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the nfs4getacluncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cau...

Information Leakage

libxslt is vulnerable to an information leakage. It happens because generate-id function in libxslt/functions.c exposes sensitive information about heap memory addresses...

Remote Code Execution (RCE)

httpd is vulnerable to remote code execution RCE. The modrewrite.c in the modrewrite module does not sanitize non-printable characters before writing to a log file, allowing a remote attacker to inject escape sequences for a terminal emulator into the log file via an HTTP request, resulting in...

Cross-site Request Forgery (CSRF)

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...

Cross-site Scripting (XSS)

openjdk is vulnerable to an unspecified vulnerability. The vulnerability affects client deployment of Java, and allows remote attackers to affect integrity via vectors related to RMI...

Directory Traversal When Route Globbing Configurations Are Enabled

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

Weak Authentication

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...

Information Disclosure

jboss is vulnerable to information disclosure attacks. The vulnerability exists as twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments...

Man-in-the-Middle (MitM)

OpenSSL is vulnerable to man in the middle MitM attacks. These attacks are possible because an attacker can force OpenSSL to use a zero-length master key. This allows attackers to hijack sessions and obtain sensitive information. This is also known as the "CCS Injection"...

Remote Code Execution (RCE)

gimp is vulnerable to remote code execution RCE attacks. The vulnerability exists due to multiple stack-based buffer overflows in file-xwd.c in the X Window Dump XWD plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large 1...

Cross-site Scripting (XSS)

Python SimpleHTTPServer is vulnerable to cross-site scripting XSS. The listdirectory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser vi...

Replay Attack

tomcat-util is vulnerable to replay attacks. The vulnerability exists due to the improper handling of empty requests to the SSL port, allowing a duplicate copy of a recent request to be replayed...

Denial Of Service (DoS)

libnetsnmp.so is vulnerable to denial of service DoS attacks. A malicious user can pass a GetNext PDU with multiple Varbinds to the application, causing a NULL Pointer Exception that can crash the application...

Directory Traversal

JavaServer Faces is vulnerable to directory traversal. A malicious user can access arbitrary files through loc parameters in the function ResourceManager.java:getLocalePrefix...

Cross-site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting XSS attacks. A malicious user can use the database variable to inject and execute arbitrary Javascript when the database variable is called through the designer feature...

Arbitrary Code Execution

github.com/golang/go is vulnerable to arbitrary code execution attacks. The library does not properly validate the import path when the -insecure flag is used for the go get command. This allows a malicious user to execute arbitrary commands through the use of a malicious website...

Vulnerability Through C Libraries

chef uses vulnerable versions of LibXML2, OpenSSL and LibXSLT. These vulnerabilities are included due to the omnibusoverride file using the vulnerable versions. LibXML2 is vulnerable to the following CVEs: CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-8872, and CVE-2016-931...

Remote Code Execution (RCE)

github.com/kubernetes/dns leverages the dnsmasq library which is vulnerable to a heap-based buffer overflow. An attacker could cause a denial of service or execute arbitrary code via crafted DNS response. This issue in dnsmasq has been assigned CVE-2017-14491...

Remote Code Execution (RCE)

github.com/golang/go is vulnerable to remote code execution RCE. If custom domains are used, a malicious user can set a domain example.com/proj1 to point to a subversion repository and another domain example.com/proj1/proj2 to point to a git repository. When the go get command is run, arbitrary...

Arbitrary Code Execution

spring-data-rest servers are vulnerable to arbitrary code execution attacks. The attacks exist because it does not check the path before processing PATCH requests to the server, allowing the attackers to submit patch requests with malicious JSON data...

Denial Of Service (DoS)

ImageMagick is susceptible to denial of service DoS attacks. The vulnerability is caused due to not properly handling memory allocation in the formatIPTC method in coders/meta.c...

XML External Entity (XXE)

Glassfish web-core is vulnerable to XML External Entity XXE attacks. These allow remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference. This is relate...

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of malformed Bitbucket Server webhook payloads—specifically a non-array repository.links.clone field—which allows an attacker to send a single unauthenticated malicious request that...

Account Takeover

Sentry is vulnerable to Account Takeover. The vulnerability is due to improper handling of SAML Identity Providers, which allows an attacker to craft a malicious SAML response and associate it with a different organization on the same Sentry instance...

Asymmetric Resource Consumption

python is vulnerable to Asymmetric Resource Consumption. This vulnerability is due to an issue in the zip format, allowing for the creation of zip-bombs with a high compression ratio...

Denial Of Service (DOS)

NodeJS is vulnerable to Denial Of Service DOS. The vulnerability is caused due the fact that the fetch function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed int...

Information Disclosure

Apache Camel is vulnerable to Information Disclosure. The vulnerability is due to improper validation for EventFactory implementations and the handling of ExchangeCreatedEvent instances. This flaw allows attackers to craft malicious EventFactory instances and provide custom ExchangeCreatedEvent...

Reachable Assertion

libbind9.so is vulnerable to an assertion failure during recursive resolution. The vulnerability is due to a bad interaction between DNS64 and serve-stale features when both are enabled. This can potentially leads to Denial of service...

Use After Free

Canvas in Google Chrome is vulnerable to Use after free.The vulnerability is due to referencing memory after it has been freed which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

OS Command Injection

OpenSSH is susceptible to an OS command injection flaw because it fails to adequately validate user names or host names that include shell metacharacters. This flaw enables attackers to exploit these names through an expansion token in certain scenarios, such as when a submodule in an untrusted G...

Stack Overflow

Ion Java is vulnerable to Stack Overflow. The vulnerability is due to improper validation while deserializing Ion text encoded data, or deserializing Ion text or binary encoded data into an IonValue model. This issue can be exploited by an attacker via crafted malicious Ion data, resulting in...

Denial Of Service (DoS)

org.mvel: mvel2 is vulnerable to Denial Of Service DoS. The vulnerability is due to the ParseTools.subCompileExpression method which times or executes for an indefinite time when parsing a crafted MVFLEX Expression MVEL. A malicious user can craft an MVEL expression and pass to the...

Buffer Overflow

SQLite is vulnerable to heap-based buffer overflow. The vulnerability is due to the sessionReadRecord function within ext/session/sqlite3session.c, which allows an attacker to manipulate the pIn parameter which results in a buffer overflow...

Denial Of Service (DoS)

libsquid.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to a buffer overread bug in the library. This allows an attacker to cause an application crash during HTTP message processing...

LDAP Injection

keycloak-ldap-federation, keycloak-services is vulnerable to LDAP Injection. The vulnerability is due to the getFilterById function in LDAPOperationManager.java and getUserFromForm function in AbstractUsernameFormAuthenticator.java. This allows an attacker to manipulate the LDAP query in...

Request Smuggling

org.apache.tomcat: tomcat-catalina is vulnerable to Request Smuggling. The vulnerability is due to the realReadBytes function in InputBuffer.java because there is no check or validation for the size of the HTTP request data, specifically the HTTP trailer headers. This allows an attacker to add...

Denial Of Service (DoS)

libde265.so is vulnerable to Denial of Service DoS. The vulnerability is due to the slicesegmentheader function in the slice.cc component. An attacker is able to cause a DoS condition by crafting a specially crafted file and tricking the system into processing it. This could disrupt service on th...

Information Disclosure

urllib3 is vulnerable to Information Disclosure. The vulnerability is due the http body not being removed after a redirect with a 301, 302, or 303 status. to An attacker could exploit this vulnerability by tricking a user into performing a POST request to a vulnerable application. The attacker...

Denial Of Service (DoS)

qemu is vulnerable to Denial of Service DoS. A Division by Zero vulnerability allows local attackers to crash QEMU and the guest operating system by sending a specially crafted SCSI command...