38332 matches found
Arbitrary Code Execution (ACE)
Qiskit is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe deserialization in the qiskit.qpy.load function, which allows a maliciously crafted QPY file to execute embedded Python code without privilege escalation...
Open Redirect
follow-redirects is vulnerable to Open Redirect. The vulnerability is due to improper input validation of URL's in the url.parse function. This issue can be exploited by an attacker to redirect users to malicious page leading to information disclosure or phishing attacks...
Access Restriction Bypass
org.springframework.boot:spring-boot-actuator-autoconfigure is vulnerable to Access Restriction Bypass. The vulnerability is due to improper wild card matching, which allows a remote attacker to bypass access restrictions and gain access to the system. Please note that the vulnerability is only...
Privilege Escalation
grub2 is vulnerable to privilege escalation. A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can...
XML External Entity (XXE)
xmlbeans is vulnerable to XML External Entity attacks. The vulnerability exists due to the lack of sanitization of XML input containing a reference to an external entity which is processed by a weakly configured XML parser allowing an attacker to exhaust the system resource via recursive external...
Prototype Pollution
dojo is vulnerable to prototype pollution. The vulnerability exists in setObject function of lang.js due to lack of object validations which allows an attacker to inject arbitrary object properties which can potentially lead to execution of arbitrary code...
Authorization Bypass
com.ctrip.framework.apollo:apollo is vulnerable to an Authorization Bypass. The vulnerability is due to insufficient permission checks in the synchronization configuration feature, allowing an attacker to modify a namespace without the necessary permissions...
Denial Of Service (DoS)
System.Text.Json is vulnerable to Denial of Service DoS. The vulnerability is due to the JsonSerializer.DeserializeAsyncEnumerable method, which can result in Denial of Service when deserializing crafted input...
Arbitrary Memory Write
firefox is vulnerable to Arbitrary Memory Write. An attacker is able to construct a PKCS 12 cert bundle in such a way that may allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
Binding Rules Bypass
spring-context is vulnerable to binding rules bypass. The vulnerability exists due to lack of sanitization of HTTP request parameters which allows an attacker to bypass the disallowedFields and bind malicious HTTP request parameters...
Denial Of Service (DoS)
firefox-esr:edge is vulnerable to denial of service. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights...
Remote Code Execution (RCE)
xstream is vulnerable to remote code execution RCE. The vulnerability exists through server-side request forgery when unmarshalling XStream objects with the java.beans.EventHandler, java.lang.ProcessBuilder, javax.imageio.ImageIO$ContainsFilter, and jdk.nashorn.internal.objects.NativeString class...
Authentication Bypass
tomcat-coyote is vulnerable to authentication bypass. The vulnerability exists as it does not disable AjpProtocol by default, and allows any unauthenticated client to read or write application files on the server...
Remote Code Execution (RCE)
PHPMailer is vulnerable to remote code execution RCE attacks. It is possible because it uses escapeshellcmd which does not properly escape the injected extra parameters through the sendmailSend function. Using this flaw, attackers can inject parameters and launch the execution of arbitrary code...
Privilege Escalation
hibernate-validator is vulnerable to privilege escalation attacks. When the security manager is used, its reflective permissions allow the access to private members...
Credential Exposure
Microsoft.Data.SqlClient is vulnerable to Credential Exposure. The vulnerability is due to improper handling of TLS connections, allowing an attacker to read or modify traffic between the server and client. The attacker would have to position themself between the client and server, resulting in...
Privilege Escalation
github.com/minio/minio is vulnerable to Privilege Escalation. An attacker is able to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To achieve this, the attacker needs credentials with arn:aws:s3::: permission and...
Authorization Bypass
werkzeug is vulnerable to Authorization Bypass. A vulnerable browser may allow a compromised application on an adjacent subdomain to set a cookie like =Host-test=bad for another subdomain, when the browser accepts nameless cookies such as =value instead of key=value, resulting in application seei...
Use After Free
A vulnerability was found in the vmwgfx driver that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and ...
Denial Of Service
python3.9 is vulnerable to denial of service. The vulnerability exists due to an out-of-bounds write vulnerability which allows an attacker to request authentication with a specially crafted payload causing an application crash...
Privilege Escalation
tar node-tar is vulnerable to Privilege Escalation. The vulnerability exists due to insufficient absolute path sanitization...
Remote Code Execution (RCE)
spring-web is vulnerable to remote code execution RCE. When it is used with external endpoints regardless of endpoints being authenticated or not, the function HttpInvokerServiceExporter: readRemoteInvocation allows deserialization of untrusted object if the endpoints are exposed to untrusted...
Authorization Bypass
tomcat-catalina is vulnerable to authorization bypass. URL patterns of empty strings were not handled correctly and caused the server to ignore such security constraints when the urlPattern for a servlet is mapped to " ". This allows an attacker to bypass said security constraints and gain...
Out-Of-Bounds Write Vulnerability
MuPDF is vulnerable to an out-of-bounds write vulnerability. A flaw in the glyph scaling code leads to an overwrite of heap metadata and sensitive process memory when an attacker opens a malicious file in a vulnerable reader. This vulnerability also potentially results in code execution...
OS Command Injection
Apache Spark is vulnerable to OS command injection. The vulnerability exists it is possible to impersonate using an arbitrary user name if ACL is enabled, allowing an attacker to provide malicious input to build and execute a Unix shell command arbitrarily...
Integer Overflows
python3.2 is vulnerable to Integer overflow in the getdata function in zipimport.c in CPython. It allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...
Buffer Overread
OpenSSL is vulnerable to buffer overreads. A malicious user can pass malicious ASN.1 data to the server, causing a buffer overread which can lead to disclosure of sensitive information or denial of service...
Privilege Escalation
openssh is vulnerable to Privilege Escalation. The vulnerability arises from the library adding smartcard keys to ssh-agent without enforcing the intended per-hop destination constraints. This can result in unauthorized access to the system and the potential disclosure of sensitive information...
Sensitive Information Disclosure
angular-server-side-configuration is vulnerable to Sensitive Information Disclosure. The vulnerability is due to leaking of environment variables because the library detects used environment variables in TypeScript files and writes them to a ngssc.json file in the output directory, which is then...
SQL Injection
sequelize is vulnerable to SQL Injection attacks. A specifically crafted attack statement through query-generator.js allows a malicious user to inject and execute arbitrary SQL queries on the target system due to improper attribute filtering...
Cross-site Scripting (XSS)
rails-html-sanitizer is vulnerable to cross-site scripting attacks. An attacker is able to inject and execute malicious javascript through the sanitizecss function when the library is configured to override the style tags to allow both select and style elements...
XML External Entity (XXE)
jena-core is vulnerable to XML external entity attacks. The RDFXMLParser function of RDFXMLParser.java does not properly disable the access to external entities, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server...
Remote Code Execution (RCE)
worldpress/worldpress is vulnerable to Remote Code Execution RCE. Lack of support for the update URI plugin header allows an attacker to execute arbitrary code via a supply-chain attack against the WordPress installations, when the slug satisfies the naming constraints of the WordPress.org plugin...
Remote Code Execution (RCE)
PHP is vulnerable to remote code execution RCE. While using mbstrtolower function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution...
Remote Code Execution (RCE)
JBoss Enterprise Application Platform is vulnerable to remtoe code execution RCE. Due to an incomplete fix for CVE-2011-1484, JBoss Seam 2 did not block access to all malicious JBoss Expression Language EL constructs in page exception handling, allowing arbitrary Java methods to be executed. A...
Remote Code Execution (RCE)
chakracore is vulnerable to remote code execution. The vulnerability exists through a parsing issue of functions declared in parameter scope, caused in lib/Parser/Parse.cpp. This CVE ID is different from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767...
Denial Of Service (DoS)
Apache httpd is vulnerable to denial of serviceDoS attacks. This occurs in modmime when sending a specially crafted Content-Type response header which leads to buffer overread , resulting in a potentially exploitable crash...
Privilege Escalation
Oracle Java SE is vulnerable to privilege escalation attacks. An unspecified vulnerability allows an local users to affect confidentiality, integrity, and availability via vectors related to Hotspot which leads to a denial of service attacks and an information disclosure...
Open Redirect And Cross-site Scripting (XSS)
django is vulnerable to open redirect and cross-site scripting XSS attacks.The library's security check for redirects considers certain numeric URLs as safe, allowing a malicious user to cause an open redirect or cross-site scripting attack via URL linking...
Denial Of Service (DoS)
Temporal Server is vulnerable to Denial of Service DoS. The vulnerability is caused by an authenticated user with permissions to interact with workflows submitting an invalid UTF-8 string which causes an application crash. This can lead to stuck tasks in the queue, increased queue lag, resource...
Remote Code Execution
Craft CMS is vulnerable to Remote Code Execution. The vulnerability is due to the beforeAction not properly validating the parameter leading to malicious code execution...
Regular Expression Denial Of Service (ReDoS)
setuptools is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the REL attribute in the findexternallinks function of packageindex.py, allowing an attacker to crash the application by passing a malicious HTML...
Deserialization Of Untrusted Data
scala-library is vulnerable to deserialization of untrusted data. The vulnerability exists because the readObject function in the LazyList.scala allows an attacker to erase the contents of arbitrary files, make network connections, or possibly run arbitrary code on Function0 via a gadget chain...
Deserialisation Of Untrusted Object
JMSAppender in log4j is vulnerable to deserialization of untrusted object. When an application is configured to use JMSAppender with the setting TopicBindingName or TopicConnectionFactoryBindingName to something that JNDI can handle - for example "ldap://host:port/a", an attacker is able to execu...
Same-Origin Policy Bypass
firefox is vulnerable to Same-Origin policy bypass. A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy...
Arbitrary Code Execution
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...
Remote Code Execution (RCE)
pyyaml is vulnerable to remote code execution RCE attacks. The application uses the unsafe function yaml.load, allowing a malicious user to inject and execute arbitrary code by passing a yaml file...
Username Enumeration
umbraco.cms is vulnerable to User Enumeration. The vulnerability is due to improper user authentication checks, which allows an attacker to enumerate valid usernames by exploiting access to the native login screen...
Regular Expression Denial Of Service (ReDoS)
semver is vulnerable to Regular Expression Denial Of Service ReDoS attacks. A malicious user is able to cause parsing slowdowns when untrusted user data is provided as a range via the function parseRange due to the usage of regex expression with inefficient time complexity...
Denial Of Service (DoS)
Apache Commons FileUpload is vulnerable to Denial Of Service DoS. The vulnerability exists because the default configuration doesn't limit the number of request parts to be processed which allows an attacker to submit an upload with unlimited file parts, resulting in Denial of Service...