38332 matches found
Remote Code Execution (RCE)
binwalk is vulnerable to remote code execution. A remote attacker is able to upload and execute malicious code on the system under attack via the affected file src/binwalk/modules/extractor.py of the component Archive Extraction Handler...
Regular Expression Denial Of Service (ReDoS)
moment is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the inefficient regex pattern used in the preprocessRFC2822 function of from-string.js, allowing an attacker to crash the application by providing malicious inputs of more than 10k characters...
SQL Injection
johnpbloch/wordpress-core is vulnerable to sql injection. The vulnerability exists due to the lack of sanitization in the WPQuery in the cleanquery function of class-wp-tax-query.php, allowing an attacker to inject and execute malicious input through the plugins or themes...
Cross-Site Scripting (XSS)
jQuery is susceptible to cross-site scripting XSS attacks. It is vulnerable because it immediately executes the event handlers or scripts passed to parseHTML.js, allowing the malicious user to inject arbitrary HTML or script through it...
Preloading Of Untrusted Windows DLL
github.com/golang/go contains an untrusted search path vulnerability. When used on Windows, it allows local users to gain privileges by using a Trojan Horse DLL. This is related to the use of the LoadLibrary function...
Regular Expression Denial Of Service (ReDoS)
uri is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to inefficient Regex pattern complexity used in rfc2396parser.rb and rfc3986parser.rb., which allows an attacker to crash the application by providing maliciously crafted URI patterns. NOTE: This issue...
Server-Side Request Forgery (SSRF)
undici is vulnerable to Server-Side Request Forgery SSRF. The library assumes that the hostname won't change, when in actuality it can change because the specified path parameter is combined with the base URL, allowing remote attackers to cause SSRF attacks via sending a crafted request through t...
CRLF Injection
jodd-http is vulnerable to CRLF injection attacks. The vulnerability exists because the path function of HttpRequest.java does not properly encode the URLEncoder, allowing an attacker to inject and execute a malicious TCP payload by using \r\n in the query string...
Denial Of Service (DoS)
RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...
Improper Input Validation
openjdk11, edge is vulnerable to improper input validation. The vulnerability exists due to improper input validation within the JAXP component allow attacker to exploit this vulnerability to gain access to sensitive information...
Denial Of Service (DoS)
apache2 is vulnerable to denial of service. The vulnerability exists due to a NULL pointer dereference...
Remote Code Execution
gsoap is vulnerable to remote code execution. The WS-Addressing plugin functionality allows an attacker to execute arbitrary code on the host OS using a malicious SOAP request...
Arbitrary Code Execution
Apache Commons Collections ACC library is vulnerable to Arbitrary Code Execution. The vulnerability is possible because it directly uses ACC, or contains ACC, in the classpath, which allows an attacker to gain read access to unnecessary information in debug messages by sending modified requests...
Denial Of Service (DoS)
QEMU is vulnerable to denial of service. Quick Emulator QEMU built with Network Block Device NBD Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could...
Denial Of Service (DoS)
Xerces2-j aka Apache Xerces-J parser is vulnerable to denial of service DoS. The attack can be triggered when malicious XML data is passed to Apache Xerces-J parser and processed by the JRE...
Open Redirect
express is vulnerable to Open Redirect. The vulnerability is due to improper handling of user-provided URLs during redirection in Express.js, which performs encoding using the encodeurl library before passing it to the 'location' header. It allows bypass of an improperly implemented allow lists a...
Denial Of Service (DoS)
Tensorflow is vulnerable to denial of service. The vulnerability exists due to a segment fault in ndarraytensorbridge because the inputs are not properly validated which allows an attacker to cause an application crash...
Cross-site Scripting (XSS)
moodle is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to a lack of sanitization of user input to a recursive lambda function rendering to the Mustache template helper renderer allowing an attacker to inject maliciously crafted script into the system...
Memory Leak
kernel-rt is vulnerable to denial of service. The vulnerability exists due to the small table perturb size used in the tcp source port generation algorithm in net/ipv4/tcp.c, allowing an attacker to gain sensitive information which will give the attacker the authority to carry out a denial of...
Time Of Check To Time Of Use (TOCTOU)
tomcat-catalina is vulnerable to time of check to time of use. The vulnerability exists in file function of FileStore.java which allows an attacker to perform unauthenticated actions causing a race condition...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists due to a use-after-free condition...
Cross-Site Scripting (XSS)
github.com/grafana/grafana is vulnerable to cross-site scripting XSS. The vulnerability is possible as an attacker can inject a malicious payload that will execute in a user's browser through header column renaming feature in table panel...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a possible kernel memory leak was found in the Linux kernel Simple Internet Transition SIT INET6 implementation...
Remote Code Execution (RCE)
Kafka clients is vulnerable to Remote Code Execution. The vulnerability is due to a lack of restrictions on the sasl.jaas.config authentication property, which allows an authenticated attacker to submit arbitrary SASL configurations. An attacker can inject a deserialization gadget chain into the...
SpEL Injection Attacks
spring-data-mongodb is vulnerable to Spring Expression Language SpEL injection. The vulnerability exists due to the non-sanitized input in the repository query method, allowing an attacker to inject and execute malicious SpEL to the repository query method when it is annotated with @Query or...
Authentication Bypass
firefox is vulnerable to authentication bypass. An attacker with the document in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
Incorrect Content-type Handling
github.com/opencontainers/distribution-spec is handling content-type incorrectly. Type of the manifest during the push and pull operations was wrongly determined as it uses only Content-Type header, causing a client to interpret the resulting content differently...
Denial Of Service (DoS)
unboubnd is vulnerable to denial of service. According to the original report there are checks happening before the affected function that make this not exploitable. For these reasons its Impact is Moderate. Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdatacopy. A...
Insecure Defaults
tomcat-websocket is vulnerable to missing hostname verification. The application does not verify the hostname with a client when establishing a TLS connection through the websocket, allowing a malicious user to impersonate a different host machine...
Authentication Bypass
pyjwt is vulnerable to authentication bypass. The vulnerability exists because the library permits an attacker submitting a JWT token to choose which algorithms are used when signing in, enabling non-blocklisted, but weak public key formats to be supported in the authentication process allowing a...
Privilege Escalation
openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...
Denial Of Service (DoS)
log4j is vulnerable to denial of service. An attacker with control over Thread Context Map MDC input data is able to cause a denial of service by causing a StackOverflowError that will terminate the process. This is due to uncontrolled recursion from self-referential lookups when the logging...
Authorization Bypass
microsoft.aspnetcore.http and microsoft.owin are vulnerable to authorization bypass. Cookie values are not properly decoded when it contain certain characters. A remote attacker is able to bypass the "Cookie Prefixes" security mechanism by sending malicious cookies to the application...
Remote Code Execution (RCE)
cups is vulnerable to remote code execution RCE. The attack exists because of LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS...
Cross-site Scripting (XSS)
PHP is vulnerable to reflected XSS vulnerability. An attack can inject a malicious script on PHAR 403 and 404 error pages through request data of a request for a .phar file. It is possible due to an incomplete fix of CVE-2018-5712...
Information Disclosure
Dnn.Platform is vulnerable to information disclosure. The attack is due to the use of weak encryption algorithm to encrypt input parameters...
XML External Entity (XXE)
libxml2.so is vulnerable to XML external entity attacks XXE. The XML parser allows parsing of external entities by default, enabling remote attackers to conduct XXE attacks through a crafted document...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service DoS attacks. The library mishandles invalid ASN.1 encoding and causes large amounts of memory being consumed. A malicious user can take advantage of this to cause a denial of service via resource consumption...
Rogue Session Attack (Terrapin)
ssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol BPP with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and...
Timing Attack
laravel/framework is vulnerable to Timing Attacks. The vulnerability exists in the hasValidCredentials function of SessionGuard.php due to the fact that a successful login request takes more time then a unsuccessful request due to HTTP/2 multiplexing, which allows an attacker to enumerate users v...
Regular Expression Denial Of Service (ReDoS)
isjs is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for url matching in is.js allowing an attacker to crash the application by providing malicious urls...
Denial Of Service (DoS)
Newtonsoft.Json is vulnerable to denial of service. The use of insecure defaults cause an StackOverFlow exception SOE whenever nested expressions are being processed when an attacker sends 5 requests that cause SOE in time frame of 5 minutes...
Cross-site Scripting (XSS)
jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Text' option of the 'datepicker.js' widget is not properly handled allowing a malicious attacker to send and execute arbitrary Javascript...
HTTP Request Smuggling
nodejs:sid is vulnerable to HTTP Request Smuggling. The vulnerability is possible when parsing the body...
Source Port UDP Randomization Bypass
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
Information Disclosure
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...
Remote Code Execution (RCE)
libxml2.so is vulnerable to remote code execution RCE attacks. The application does not forbid namespace nodes in XPointer ranges, allowing a malicious user to inject and execute arbitrary code...
Denial Of Service (DoS)
getgrav/grav is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient sanitization of the scheduledat parameter, which allows an attacker to inject malicious cron expressions e.g., a single quote and disrupt the admin panel functionality, leading to a denial of service...
Stored Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the dataheadertemplate parameter at the /admin/pages/page endpoint, which allows an attacker to inject and store malicious scripts that execute when the content is rendere...
Privilege Escalation
github.com/etcd-io/etcd is vulnerable to Privilege Escalation. The vulnerability exists due to improper authentication in v3server.go which allows an attacker to gain escalated privilege when the log level is set to debug...