Remote Code Execution (RCE)

PHPMailer is vulnerable to remote code execution RCE attacks. It is possible because it uses escapeshellcmd which does not properly escape the injected extra parameters through the sendmailSend function. Using this flaw, attackers can inject parameters and launch the execution of arbitrary code...

Denial Of Service (DoS)

System.Text.Json is vulnerable to Denial of Service DoS. The vulnerability is due to the JsonSerializer.DeserializeAsyncEnumerable method, which can result in Denial of Service when deserializing crafted input...

XML External Entity (XXE)

xmlbeans is vulnerable to XML External Entity attacks. The vulnerability exists due to the lack of sanitization of XML input containing a reference to an external entity which is processed by a weakly configured XML parser allowing an attacker to exhaust the system resource via recursive external...

Binding Rules Bypass

spring-context is vulnerable to binding rules bypass. The vulnerability exists due to lack of sanitization of HTTP request parameters which allows an attacker to bypass the disallowedFields and bind malicious HTTP request parameters...

Use After Free

A vulnerability was found in the vmwgfx driver that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and ...

SQL Injection

JDBCAppender in Log4j is vulnerable to SQL Injection. An attacker is able to execute arbitrary SQL commands via entering crafted strings into input fields and headers where the values to be inserted are converters from PatternLayout...

Denial Of Service

python3.9 is vulnerable to denial of service. The vulnerability exists due to an out-of-bounds write vulnerability which allows an attacker to request authentication with a specially crafted payload causing an application crash...

Privilege Escalation

tar node-tar is vulnerable to Privilege Escalation. The vulnerability exists due to insufficient absolute path sanitization...

Out-Of-Bounds Write Vulnerability

MuPDF is vulnerable to an out-of-bounds write vulnerability. A flaw in the glyph scaling code leads to an overwrite of heap metadata and sensitive process memory when an attacker opens a malicious file in a vulnerable reader. This vulnerability also potentially results in code execution...

Open Redirect

follow-redirects is vulnerable to Open Redirect. The vulnerability is due to improper input validation of URL's in the url.parse function. This issue can be exploited by an attacker to redirect users to malicious page leading to information disclosure or phishing attacks...

Authorization Bypass

werkzeug is vulnerable to Authorization Bypass. A vulnerable browser may allow a compromised application on an adjacent subdomain to set a cookie like =Host-test=bad for another subdomain, when the browser accepts nameless cookies such as =value instead of key=value, resulting in application seei...

XML External Entity (XXE)

jena-core is vulnerable to XML external entity attacks. The RDFXMLParser function of RDFXMLParser.java does not properly disable the access to external entities, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server...

Integer Overflows

python3.2 is vulnerable to Integer overflow in the getdata function in zipimport.c in CPython. It allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...

Authentication Bypass

tomcat-coyote is vulnerable to authentication bypass. The vulnerability exists as it does not disable AjpProtocol by default, and allows any unauthenticated client to read or write application files on the server...

Remote Code Execution (RCE)

spring-web is vulnerable to remote code execution RCE. When it is used with external endpoints regardless of endpoints being authenticated or not, the function HttpInvokerServiceExporter: readRemoteInvocation allows deserialization of untrusted object if the endpoints are exposed to untrusted...

Privilege Escalation

hibernate-validator is vulnerable to privilege escalation attacks. When the security manager is used, its reflective permissions allow the access to private members...

Buffer Overread

OpenSSL is vulnerable to buffer overreads. A malicious user can pass malicious ASN.1 data to the server, causing a buffer overread which can lead to disclosure of sensitive information or denial of service...

Sensitive Information Disclosure

angular-server-side-configuration is vulnerable to Sensitive Information Disclosure. The vulnerability is due to leaking of environment variables because the library detects used environment variables in TypeScript files and writes them to a ngssc.json file in the output directory, which is then...

Privilege Escalation

github.com/minio/minio is vulnerable to Privilege Escalation. An attacker is able to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To achieve this, the attacker needs credentials with arn:aws:s3::: permission and...

SQL Injection

sequelize is vulnerable to SQL Injection attacks. A specifically crafted attack statement through query-generator.js allows a malicious user to inject and execute arbitrary SQL queries on the target system due to improper attribute filtering...

OS Command Injection

Apache Spark is vulnerable to OS command injection. The vulnerability exists it is possible to impersonate using an arbitrary user name if ACL is enabled, allowing an attacker to provide malicious input to build and execute a Unix shell command arbitrarily...

Remote Code Execution (RCE)

worldpress/worldpress is vulnerable to Remote Code Execution RCE. Lack of support for the update URI plugin header allows an attacker to execute arbitrary code via a supply-chain attack against the WordPress installations, when the slug satisfies the naming constraints of the WordPress.org plugin...

Denial Of Service (DoS)

Apache httpd is vulnerable to denial of serviceDoS attacks. This occurs in modmime when sending a specially crafted Content-Type response header which leads to buffer overread , resulting in a potentially exploitable crash...

Authorization Bypass

tomcat-catalina is vulnerable to authorization bypass. URL patterns of empty strings were not handled correctly and caused the server to ignore such security constraints when the urlPattern for a servlet is mapped to " ". This allows an attacker to bypass said security constraints and gain...

Credential Exposure

Microsoft.Data.SqlClient is vulnerable to Credential Exposure. The vulnerability is due to improper handling of TLS connections, allowing an attacker to read or modify traffic between the server and client. The attacker would have to position themself between the client and server, resulting in...

Cross-site Scripting (XSS)

rails-html-sanitizer is vulnerable to cross-site scripting attacks. An attacker is able to inject and execute malicious javascript through the sanitizecss function when the library is configured to override the style tags to allow both select and style elements...

Same-Origin Policy Bypass

firefox is vulnerable to Same-Origin policy bypass. A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy...

Arbitrary Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Privilege Escalation

Oracle Java SE is vulnerable to privilege escalation attacks. An unspecified vulnerability allows an local users to affect confidentiality, integrity, and availability via vectors related to Hotspot which leads to a denial of service attacks and an information disclosure...

Remote Code Execution (RCE)

pyyaml is vulnerable to remote code execution RCE attacks. The application uses the unsafe function yaml.load, allowing a malicious user to inject and execute arbitrary code by passing a yaml file...

Preloading Of Untrusted Windows DLL

github.com/golang/go contains an untrusted search path vulnerability. When used on Windows, it allows local users to gain privileges by using a Trojan Horse DLL. This is related to the use of the LoadLibrary function...

Open Redirect And Cross-site Scripting (XSS)

django is vulnerable to open redirect and cross-site scripting XSS attacks.The library's security check for redirects considers certain numeric URLs as safe, allowing a malicious user to cause an open redirect or cross-site scripting attack via URL linking...

Username Enumeration

umbraco.cms is vulnerable to User Enumeration. The vulnerability is due to improper user authentication checks, which allows an attacker to enumerate valid usernames by exploiting access to the native login screen...

Remote Code Execution

Craft CMS is vulnerable to Remote Code Execution. The vulnerability is due to the beforeAction not properly validating the parameter leading to malicious code execution...

Privilege Escalation

openssh is vulnerable to Privilege Escalation. The vulnerability arises from the library adding smartcard keys to ssh-agent without enforcing the intended per-hop destination constraints. This can result in unauthorized access to the system and the potential disclosure of sensitive information...

Remote Code Execution (RCE)

binwalk is vulnerable to remote code execution. A remote attacker is able to upload and execute malicious code on the system under attack via the affected file src/binwalk/modules/extractor.py of the component Archive Extraction Handler...

Regular Expression Denial Of Service (ReDoS)

setuptools is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the REL attribute in the findexternallinks function of packageindex.py, allowing an attacker to crash the application by passing a malicious HTML...

SQL Injection

johnpbloch/wordpress-core is vulnerable to sql injection. The vulnerability exists due to the lack of sanitization in the WPQuery in the cleanquery function of class-wp-tax-query.php, allowing an attacker to inject and execute malicious input through the plugins or themes...

Deserialisation Of Untrusted Object

JMSAppender in log4j is vulnerable to deserialization of untrusted object. When an application is configured to use JMSAppender with the setting TopicBindingName or TopicConnectionFactoryBindingName to something that JNDI can handle - for example "ldap://host:port/a", an attacker is able to execu...

Remote Code Execution (RCE)

PHP is vulnerable to remote code execution RCE. While using mbstrtolower function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution...

Remote Code Execution (RCE)

chakracore is vulnerable to remote code execution. The vulnerability exists through a parsing issue of functions declared in parameter scope, caused in lib/Parser/Parse.cpp. This CVE ID is different from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767...

Cross-Site Scripting (XSS)

jQuery is susceptible to cross-site scripting XSS attacks. It is vulnerable because it immediately executes the event handlers or scripts passed to parseHTML.js, allowing the malicious user to inject arbitrary HTML or script through it...

Regular Expression Denial Of Service (ReDoS)

semver is vulnerable to Regular Expression Denial Of Service ReDoS attacks. A malicious user is able to cause parsing slowdowns when untrusted user data is provided as a range via the function parseRange due to the usage of regex expression with inefficient time complexity...

Denial Of Service (DoS)

Apache Commons FileUpload is vulnerable to Denial Of Service DoS. The vulnerability exists because the default configuration doesn't limit the number of request parts to be processed which allows an attacker to submit an upload with unlimited file parts, resulting in Denial of Service...

Regular Expression Denial Of Service (ReDoS)

moment is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the inefficient regex pattern used in the preprocessRFC2822 function of from-string.js, allowing an attacker to crash the application by providing malicious inputs of more than 10k characters...

CRLF Injection

jodd-http is vulnerable to CRLF injection attacks. The vulnerability exists because the path function of HttpRequest.java does not properly encode the URLEncoder, allowing an attacker to inject and execute a malicious TCP payload by using \r\n in the query string...

Improper Input Validation

openjdk11, edge is vulnerable to improper input validation. The vulnerability exists due to improper input validation within the JAXP component allow attacker to exploit this vulnerability to gain access to sensitive information...

Denial Of Service (DoS)

apache2 is vulnerable to denial of service. The vulnerability exists due to a NULL pointer dereference...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. Quick Emulator QEMU built with Network Block Device NBD Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could...

Information Disclosure

Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed Snappy and LZ4 compressed input in the Java decompressor implementations, which allows a remote attacker to craft input that causes previously used buffer contents to be included in t...