Information Disclosure

Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed Snappy and LZ4 compressed input in the Java decompressor implementations, which allows a remote attacker to craft input that causes previously used buffer contents to be included in t...

Regular Expression Denial Of Service (ReDoS)

uri is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to inefficient Regex pattern complexity used in rfc2396parser.rb and rfc3986parser.rb., which allows an attacker to crash the application by providing maliciously crafted URI patterns. NOTE: This issue...

Server-Side Request Forgery (SSRF)

undici is vulnerable to Server-Side Request Forgery SSRF. The library assumes that the hostname won't change, when in actuality it can change because the specified path parameter is combined with the base URL, allowing remote attackers to cause SSRF attacks via sending a crafted request through t...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

Time Of Check To Time Of Use (TOCTOU)

tomcat-catalina is vulnerable to time of check to time of use. The vulnerability exists in file function of FileStore.java which allows an attacker to perform unauthenticated actions causing a race condition...

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists due to a use-after-free condition...

Remote Code Execution

gsoap is vulnerable to remote code execution. The WS-Addressing plugin functionality allows an attacker to execute arbitrary code on the host OS using a malicious SOAP request...

Remote Code Execution (RCE)

JBoss Enterprise Application Platform is vulnerable to remtoe code execution RCE. Due to an incomplete fix for CVE-2011-1484, JBoss Seam 2 did not block access to all malicious JBoss Expression Language EL constructs in page exception handling, allowing arbitrary Java methods to be executed. A...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a possible kernel memory leak was found in the Linux kernel Simple Internet Transition SIT INET6 implementation...

Arbitrary Code Execution

Apache Commons Collections ACC library is vulnerable to Arbitrary Code Execution. The vulnerability is possible because it directly uses ACC, or contains ACC, in the classpath, which allows an attacker to gain read access to unnecessary information in debug messages by sending modified requests...

Denial Of Service (DoS)

Temporal Server is vulnerable to Denial of Service DoS. The vulnerability is caused by an authenticated user with permissions to interact with workflows submitting an invalid UTF-8 string which causes an application crash. This can lead to stuck tasks in the queue, increased queue lag, resource...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to a segment fault in ndarraytensorbridge because the inputs are not properly validated which allows an attacker to cause an application crash...

Cross-site Scripting (XSS)

moodle is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to a lack of sanitization of user input to a recursive lambda function rendering to the Mustache template helper renderer allowing an attacker to inject maliciously crafted script into the system...

Memory Leak

kernel-rt is vulnerable to denial of service. The vulnerability exists due to the small table perturb size used in the tcp source port generation algorithm in net/ipv4/tcp.c, allowing an attacker to gain sensitive information which will give the attacker the authority to carry out a denial of...

Denial Of Service (DoS)

unboubnd is vulnerable to denial of service. According to the original report there are checks happening before the affected function that make this not exploitable. For these reasons its Impact is Moderate. Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdatacopy. A...

Authorization Bypass

microsoft.aspnetcore.http and microsoft.owin are vulnerable to authorization bypass. Cookie values are not properly decoded when it contain certain characters. A remote attacker is able to bypass the "Cookie Prefixes" security mechanism by sending malicious cookies to the application...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. The vulnerability is possible as an attacker can inject a malicious payload that will execute in a user's browser through header column renaming feature in table panel...

Insecure Defaults

tomcat-websocket is vulnerable to missing hostname verification. The application does not verify the hostname with a client when establishing a TLS connection through the websocket, allowing a malicious user to impersonate a different host machine...

Remote Code Execution (RCE)

Kafka clients is vulnerable to Remote Code Execution. The vulnerability is due to a lack of restrictions on the sasl.jaas.config authentication property, which allows an authenticated attacker to submit arbitrary SASL configurations. An attacker can inject a deserialization gadget chain into the...

SpEL Injection Attacks

spring-data-mongodb is vulnerable to Spring Expression Language SpEL injection. The vulnerability exists due to the non-sanitized input in the repository query method, allowing an attacker to inject and execute malicious SpEL to the repository query method when it is annotated with @Query or...

Authentication Bypass

firefox is vulnerable to authentication bypass. An attacker with the document in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

Denial Of Service (DoS)

log4j is vulnerable to denial of service. An attacker with control over Thread Context Map MDC input data is able to cause a denial of service by causing a StackOverflowError that will terminate the process. This is due to uncontrolled recursion from self-referential lookups when the logging...

Incorrect Content-type Handling

github.com/opencontainers/distribution-spec is handling content-type incorrectly. Type of the manifest during the push and pull operations was wrongly determined as it uses only Content-Type header, causing a client to interpret the resulting content differently...

Source Port UDP Randomization Bypass

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...

Remote Code Execution (RCE)

cups is vulnerable to remote code execution RCE. The attack exists because of LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS...

Denial Of Service (DoS)

Xerces2-j aka Apache Xerces-J parser is vulnerable to denial of service DoS. The attack can be triggered when malicious XML data is passed to Apache Xerces-J parser and processed by the JRE...

XML External Entity (XXE)

libxml2.so is vulnerable to XML external entity attacks XXE. The XML parser allows parsing of external entities by default, enabling remote attackers to conduct XXE attacks through a crafted document...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. The library mishandles invalid ASN.1 encoding and causes large amounts of memory being consumed. A malicious user can take advantage of this to cause a denial of service via resource consumption...

Authentication Bypass

pyjwt is vulnerable to authentication bypass. The vulnerability exists because the library permits an attacker submitting a JWT token to choose which algorithms are used when signing in, enabling non-blocklisted, but weak public key formats to be supported in the authentication process allowing a...

Cross-Site Scripting (XSS)

libexpat.so is vulnerable to cross-site scripting. The vulnerability exists in CHECKNAMECASE and CHECKNMSTRTCASES functions of xmltokimpl.c because the conditions are not properly validated which allows an attacker to inject and execute javascript...

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Text' option of the 'datepicker.js' widget is not properly handled allowing a malicious attacker to send and execute arbitrary Javascript...

HTTP Request Smuggling

nodejs:sid is vulnerable to HTTP Request Smuggling. The vulnerability is possible when parsing the body...

Information Disclosure

Dnn.Platform is vulnerable to information disclosure. The attack is due to the use of weak encryption algorithm to encrypt input parameters...

Open Redirect

express is vulnerable to Open Redirect. The vulnerability is due to improper handling of user-provided URLs during redirection in Express.js, which performs encoding using the encodeurl library before passing it to the 'location' header. It allows bypass of an improperly implemented allow lists a...

Rogue Session Attack (Terrapin)

ssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol BPP with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and...

Timing Attack

laravel/framework is vulnerable to Timing Attacks. The vulnerability exists in the hasValidCredentials function of SessionGuard.php due to the fact that a successful login request takes more time then a unsuccessful request due to HTTP/2 multiplexing, which allows an attacker to enumerate users v...

Regular Expression Denial Of Service (ReDoS)

isjs is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for url matching in is.js allowing an attacker to crash the application by providing malicious urls...

Denial Of Service (DoS)

Newtonsoft.Json is vulnerable to denial of service. The use of insecure defaults cause an StackOverFlow exception SOE whenever nested expressions are being processed when an attacker sends 5 requests that cause SOE in time frame of 5 minutes...

Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists due to a stack overflow in TIPC protocol functionality allowing an attacker to crash the system with a maliciously crafted packet content where the number of domain member nodes is higher than the 64 allowed...

Path Traversal

django is vulnerable to path traversal. The vulnerability exists in the save function in storage.py as it does not properly validate the filenames, allowing an attacker to access files outside the expected directory through the crafted filenames...

Directory Traversal

github.com/kubernetes/kubernetes is vulnerable to directory traversal. The vulnerability exists as a malicious container can replace or create files on a user's workstation. The vulnerability is due to incomplete fixes of CVE-2019-1002101 and CVE-2019-11246...

Information Disclosure

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious DSA private key to the system, causing a double-free in the system that can lead to the application to crash...

Privilege Escalation

github.com/etcd-io/etcd is vulnerable to Privilege Escalation. The vulnerability exists due to improper authentication in v3server.go which allows an attacker to gain escalated privilege when the log level is set to debug...

Denial Of Service (DoS)

dicer is vulnerable to denial of service. The vulnerability exists in parseHeader function in HeaderParser.js due to the use of a variable h which allows an attacker to modify and send the form to server and crash the service...

Code Injection

spring-cloud-gateway is vulnerable to code injection. With Gateway Actuator endpoint setting enabled, an attacker is able to inject malicious code through the exposed actuator endpoint...

Privilege Escalation

linux is vulnerable to privilege escalation. The vulnerability exists due to a memory leak flaw in shmget which are aligned to PUD alignment with the fault of some of the memory pages...

Packet Injection

kernel is vulnerable to packet injection. The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext...

Denial Of Service (DoS)

apache2:sid is vulnerable to denial of service DoS. A malicious request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS...