38468 matches found
Top-Level Navigation Restrictions Bypass
electron allows bypass of top-level navigation restrictions. The vulnerability exists as sub-frames can bypass the top-level navigation prevention through the will-navigate event...
Directory Traversal
github.com/kubernetes/kubernetes is vulnerable to directory traversal. The vulnerability exists as a malicious container can replace or create files on a user's workstation. The vulnerability is due to incomplete fixes of CVE-2019-1002101 and CVE-2019-11246...
Information Disclosure
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious DSA private key to the system, causing a double-free in the system that can lead to the application to crash...
Denial Of Service (DoS)
getgrav/grav is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient sanitization of the scheduledat parameter, which allows an attacker to inject malicious cron expressions e.g., a single quote and disrupt the admin panel functionality, leading to a denial of service...
Privilege Escalation
github.com/etcd-io/etcd is vulnerable to Privilege Escalation. The vulnerability exists due to improper authentication in v3server.go which allows an attacker to gain escalated privilege when the log level is set to debug...
SQL Injection
php is vulnerable to SQL Injection attacks. The vulnerability exists due to an integer overflow when processing untrusted input within the PDO::quote in PDOSQLite, which allows a remote attacker to pass a specially crafted input to the application that after being processed by the affected...
Authentication Bypass
erlang is vulnerable to Authentication Bypass. The vulnerability exists in due to improper authentication which allows an attacker to access client certifications via the external database authentication...
Arbitrary Code Execution
Apache Commons Text is vulnerable to Arbitrary Code Execution. The vulnerability exists in the lookup module due to insecure interpolation defaults when untrusted configuration values are used which allows an attacker to inject arbitrary code into the system...
Prototype Pollution
Mozilla is vulnerable to prototype pollution. An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution...
Denial Of Service (DoS)
Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries is vulnerable to denial of service. It allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of...
Cross-site Scripting (XSS)
jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Text' option of the 'datepicker.js' widget is not properly handled allowing a malicious attacker to send and execute arbitrary Javascript...
Denial Of Service (DoS)
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a...
Stored Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the dataheadertemplate parameter at the /admin/pages/page endpoint, which allows an attacker to inject and store malicious scripts that execute when the content is rendere...
Cross-Site Scripting (XSS)
libexpat.so is vulnerable to cross-site scripting. The vulnerability exists in CHECKNAMECASE and CHECKNMSTRTCASES functions of xmltokimpl.c because the conditions are not properly validated which allows an attacker to inject and execute javascript...
Privilege Escalation
linux is vulnerable to privilege escalation. The vulnerability exists due to a memory leak flaw in shmget which are aligned to PUD alignment with the fault of some of the memory pages...
Denial Of Service (DoS)
apache2:sid is vulnerable to denial of service DoS. A malicious request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS...
Privilege Escalation
The kernel is vulnerable to privilege escalation. A flaw in the IA32 system call emulation provided in 64-bit Linux kernels could allow a local user to escalate their privileges...
Remote Code Execution (RCE)
chakracore is vulnerable to remote code execution. The vulnerability exists in lib/Backend/Lower.cpp through an issue with interpreting the intermediate representation IR. This CVE ID is different from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution RCE. The library does not merge block data properly for loops, leading to an invalid pointer read that can crash the application or cause arbitrary code to be executed...
Access Bypass
OpenSSL is vulnerable to access bypass. OpenSSL accepts client authentication with a Diffie-Helman certificate without receiving a CertificateValue message. This allows attacks to gain access without the knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that...
Denial Of Service
dnsmasq is vulnerable to Denial of Service. The vulnerability due to KeyTrap issue when dealing with a zone that contains numerous DNSKEY DNS Key and RRSIG Resource Record Signature records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG...
Arbitrary File Overwrite
org.eclipse.jgit is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a symbolic link present in a specially crafted git repository which can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem...
Password Disclosure
akka-stream-kafka is vulnerable to Password Disclosure. The vulnerability exists because it does not redact the Consumer or Producer properties in logs, which allows an attacker to read credentials as plaintext through the akka.kafka.internal.KafkaConsumerActor when debug logging is enabled...
Remote Code Execution (RCE)
.NET is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library does not properly validate the debugging symbols, allowing an attacker to inject and execute malicious code while reading a malicious symbols file...
Server-Side Request Forgery (SSRF)
com.amazonaws:aws-android-sdk-core is vulnerable to server-side request forgery. The vulnerability exists due to the the XML Parser component located in the XpathUtils function in aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java which allows a remote attacker to abuse server...
Denial Of Service
poppler is vulnerable to denial of service attacks. A logical error in the Hints::Hints function in the Hints.cc file allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the program to hang for a long time, leading to a denial of service...
Cross-site Scripting (XSS)
jsoup is vulnerable to cross-site scripting. The vulnerability exists in resolve function in StringUtil.java because the jsoup cleaner is not properly sanitized when SafeList.preserveRelativeLinks is enabled which allows an attacker to inject and execute arbitrary javascript...
Server-Side Template Injection
ejs is vulnerable to server side template injection. Lack of protection against server-side template injection in outputFunctionName allows an attacker to inject arbitrary OS commands which are executed upon template compilation...
Privilege Escalation
electron is vulnerable to privilege escalation. An attacker can obtain access to a bluetooth device via the web bluetooth API if the application has not configured a custom select-bluetooth-device event handler...
Clickjacking
swagger-ui, is vulnerable to clickjacking. It was possible to perform a clickjacking attack due to the lack of validation in the SwaggerUI function allowing a remote attacker to exploit and hijack victim click actions...
Code Injection
spring-cloud-gateway is vulnerable to code injection. With Gateway Actuator endpoint setting enabled, an attacker is able to inject malicious code through the exposed actuator endpoint...
Path Traversal
django is vulnerable to path traversal. The vulnerability exists in the save function in storage.py as it does not properly validate the filenames, allowing an attacker to access files outside the expected directory through the crafted filenames...
Packet Injection
kernel is vulnerable to packet injection. The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext...
Information Disclosure
Curl:Edge is vulnerable to information disclosure due to an incomplete fix for CVE-2021-22898...
Privilege Escalation
bash is vulnerable to privilege escalation. The way privileges are dropped when started with an effective user ID not equal to the real user ID. If the setuid permission is set and the owner of the bash program is a non-root user, a local attacker is able to abuse the vulnerability to escalate...
Directory Traversal
Linux kernel is vulnerable to directory traversal. An attacker is able to send a malicious LIO block requests to the Linux system to overwrite data on the backing store...
Arbitrary Code Execution
djv is vulnerable to Arbitrary Code Execution. An attacker is able to execute arbitrary Javascript code on the host OS by controlling the schema file...
Cross-Site Scripting (XSS)
prismjs is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript via the easing preview of the Previewers plugin...
Privilege Escalation
openssh is vulnerable to privilege escalation. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw, could us...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code...
Stack-based Buffer Overflow
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...
Unrestricted File Upload
tomcat-catalina is vulnerable to remote code execution RCE attacks. On a Windows system with HTTP PUTs enabled a malicious user can upload a JSP file to the server which would then be executed...
Heap Buffer Overflow
libwebp.so is vulnerable to Out Of Bounds Memory Write. The vulnerability is due to the BuildHuffmanTable function in src/dec/vp8ldec.c improperly allocating memory to the table when parsing a stream, which results in an application crash or Arbitrary Code Execution when reading a crafted webp...
Improper Locking
openssl is vulnerable to denial of service DoS attacks. When an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems this results in a denial of service when the affected process han...
Regular Expression Denial Of Service (ReDoS)
shescape is vulnerable to denial of service. The vulnerability is due to insecure regex in the escapeArgBash function of unix.js which allows an attacker to crash the application by providing a malicious user input...
Validation Bypass
firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in decode and verify functions in JWT.php because the token validations are not properly handled when multiple keys are loaded in a key ring which allows an attacker to bypass server-side validations...
Regular Expression Denial Of Service (ReDoS)
glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an incorrect regex implementation on the enclosure variable. This vulnerability is caused by an incomplete fix of CVE-2020-28469...
Remote Code Execution (RCE)
redis is vulnerable to remote code execution. The vulnerability exists due to an integer overflow bug which could corrupt the memory heap...
Email Spoofing
matrixsydent allows email spoofing. Sending arbitrary emails from the Sydent email address is not handled to block, allowing a malicious user to take control of the content of invitation emails...