Denial Of Service (DoS)

org.codehaus.jettison:jettison is vulnerable to denial of service DoS attacks. A remote attacker is able to cause a stack overflow via injecting crafted JSON data, resulting in denial of service conditions...

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in dummy buffer which ends up in a window allowing a remote attacker to potentially exploit heap corruption via malicious input...

Improper Certification Validation

certifi is vulnerable to improper certificate validation. The vulnerability exists due to an untrustworthy certificate authority TrustCor root certificate, which are now marked as invalid...

HTTP Response Splitting

ruby is vulnerable to http response splitting. The vulnerability exists when applications use untrusted user input either to generate an HTTP response or to create a cgi cookie object...

Remote Code Execution (RCE)

heimdal is vulnerable to remote code execution. The vulnerability exists due to an invalid free in ASN.1 codec which allows an attacker to inject and execute arbitrary codes into the system...

Information Disclosure

Postgresql JDBC Driver is vulnerable to Information Disclosure. The vulnerability exists due to StreamWrapper parameterized constructor in StreamWrapper.java creating a temporary file if the InputStream is larger than 51200 bytes which allows an attacker to read the file due to incorrect file...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting. The vulnerability exists due to a lack of validation in the user-supplied input for field.class.php and helper.php which allows a remote attacker to inject and execute malicious JavaScript into the system...

Type Confusion

chromium is vulnerable to type confusion. The vulnerability exists in V8 in Google Chrome which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists due to an integer underflow found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload messag...

Authentication Bypass

grafana is vulnerable to Authentication Bypass. The vulnerability exists due to the GetUserByLogin function in user.go conflict in the login field; An attacker can register into the system from another user's email address as a username blocking a user's login attempt...

Denial Of Service (DoS)

Linux is vulnerable to denial of service.The vulnerability exists in xfrmexpandpolicies in net/xfrm/xfrmpolicy.c that would cause a refcount to be dropped twice resulting in an application crash...

SQL Injection

CodeIgniter is vulnerable to sql injection. The vulnerability exists due to improper implementation of where function of DBquerybuilder.php which allows an attacker to inject and execute malicious sql queries in the system...

Man In The Middle (MitM)

samba:xenial is vulnerable to man-in-the-middle. A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name principal in the request with any...

Improper Certificate Validation

Apache Pulsar is vulnerable to improper certificate validation. The vulnerability exists due to man in the middle attacks in intra-cluster connections and geo-replication connections which allows an attacker to take control of a machine between the client and the server...

HTTP Request Smuggling

nodejs-current is vulnerable to HTTP request smuggling. The vulnerability exists due to incorrect parsing header fields in the library, allowing an attacker to smuggle HTTP requests by providing a maliciously crafted input...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function in batchkernels.cc because Unbatch Op kernel doesn't properly check if the input argument is a scalar which allows an attacker to send non-scalar input IDs causing an application crash...

Information Disclosure

thunderbird is vulnerable to information disclosure. An attacker can gain sensitive information when composing a response to an HTML email with a META refresh tag...

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service. The vulnerability exists due a heap buffer overflow in TIFFReadRawDataStriped function in tiffinfo.c which allows an attacker to cause an application crash via a crafted TIFF file...

Denial Of Service (DoS)

chrome is vulnerable to denial of service. The vulnerability exists due to a memory corruption in the functionality of the component SwiftShader allowing an attacker to crash the system via manipulation with an unknown input...

Improper Input Validation

chromium is vulnerable to improper input validation. The vulnerability exists due to the library does not properly validate user input in Intents...

Command Injection

moment-timezone is vulnerable to command injection. An attacker can inject and execute the malicious commands using the childprocess exec function as it does not sanitize the input...

Denial Of Service (DoS)

mariadb is vulnerable to denial of service DoS attacks. The vulnerability is in the subselect function where the attacker is able to remotely cause denial of service conditions due to a segmentation fault in the above mentioned function...

Spoofing Attacks

moodle/moodle is vulnerable to spoofing attacks. The vulnerability exists in the getremoteaddr function in moodlelib.php, allowing an attacker to spoof a user's IP through the X-Forwarded-For headers, bypassing the remote address checks...

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to heap based overflow in inscompladd of insexpand.c which allows an attacker to cause an application crash...

Denial Of Service (DoS)

undertow is vulnerable to Denial Of Service DoS. The vulnerability exists in read function in AjpServerRequestConduit.java because the exceptions are not handled properly for large AJP requests which allows an attacker to send a malicious request and trigger server errors causing an application...

Out-of-bounds Write

unzip:sid is vulnerable to out-of-bounds write. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution...

Out-Of-Bounds Read

vim:sid is vulnerable to out of bounds read. A remote attacker is able to perform out of bound reads...

Denial Of Service (DoS)

vim is vulnerable to denial of service. An attacker can crash the application through the use after free...

Privilege Escalation

gafana is vulnerable to privilege escalation. An attacker can take over another user's account in the grafana instance by supplying a login name through the specified OAuth IdP when the attacker's external user id is linked to a grafana account, and the attacker knows the grafana user name of the...

Remote Code Execution

getgrav/grav is vulnerable to remote code execution. An authenticated remote attacker is able to cause server side template injection via Twig which renders risky functions by default, such as system...

Remote Code Execution Backdoor

cloudlabeling is vulnerable to remote code execution. The use of the request package opens up a code execution backdoor, allowing an attacker to perform unauthorized actions and accesses to sensitive information and digital currency keys...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists due to a userland application can read the contents of the sigpage, which leaks kernel memory contents allowing an attacker to read a process’s memory at a specific offset...

Regular Expression Denial Of Service (ReDoS)

org.apache.tika:tika is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler, due to a insecure regular expression usage in StandardsText class by backtracking...

Denial Of Service (DoS)

gopkg.in/yaml.v3 is vulnerable to denial of service. The vulnerability exists when the deserializing input data through the unmarshal function of yaml.go, allowing an attacker to crash the application by providing invalid YAML data...

Privilege Escalation

njs is vulnerable to privilege escalation. The vulnerability exists in njspromiseperformthen function due to a type confusion which allows an attacker to gain access to the system and perform unauthorized actions...

Insecure IPv6 Connection

curl has insecure IPv6 connection. The vulnerability exists due to an errors in the logic where the config matching function did not take the IPv6 address zone id into account allowing the system to use the wrong connection when one transfer uses a zone id, and when subsequent transfer uses anoth...

Denial Of Service (DoS)

linux-gkeop is vulnerable to denial of service. A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udffilewriteiter function for the malicious UDF image. A local user could use this flaw to crash the system...

Denial Of Service (DoS)

Linux is vulnerable to denial of service. The vulnerability exists due to a memory leak in yamsiocdevprivate in drivers/net/hamradio/yam.c...

Access Control Bypass

ceph is vulnerable to access control bypass. The vulnerability exists due to a flaw which allows key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

Denial Of Service (DoS)

Spring Security OAuth is vulnerable to denial of service. The vulnerability exists due to a lack of restriction of the number of request initiating the Authorization Request for the Authorization Code Grant allowing an attacker to exhaust the system resources sending multiple requests with a sing...

Privilege Escalation

jenkins-2-plugins is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of the path allowing an attacker to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

Denial Of Service (DoS)

github.com/golang/text is vulnerable to Denial Of Service DoS. The vulnerability exists because an incorrectly formatted language tag may cause the parse to panic due to an out of bounds read, resulting in an application crash...

Type Confusion

Google Chrome is vulnerable to type confusion. A remote attacker is able to exploit a heap memory corruption issue via a crafted HTML page, which leads to a use-after-free state in V8 Turbofan engine...

Remote Code Execution (RCE)

ghost is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the upload and update function allowing an attacker inject maliciously crafted script via an SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is...

Directory Traversal

com.caucho:resin is vulnerable to directory traversal attacks. A remote attackers are able to traverse arbitrary directories and read confidential files via a pathname within an HTTP request...

Buffer Overflow

jhead is vulnerable to buffer overflow. The vulnerability exists due to a Heap-based Buffer Overflow vulnerability exists in jhead via the RemoveSectionType function in jpgfile.c...

Buffer Overflow

vim is vulnerable to buffer overflow. The vulnerability exists due to a lack of validation of the pointer accessing the Heap which allows an attacker to cause an application crash...

Authentication Bypass

github.com/moby/moby is vulnerable to authentication bypass. The vulnerability exists because the default inheritable capabilities for linux container is not empty which allows an unauthorized user to bypass access restrictions...

Use-After-Free

A use-after-free flaw was found in ncirequest in net/nfc/nci/core.c in NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem...

Denial Of Service (DoS)

webkit2gtk edge is vulnerable to denial of service. This allows an attacker to process maliciously crafted web content and arbitrarily execute codes in the system...