HTTP Response Splitting

ruby is vulnerable to HTTP response splitting. An attacker is able to inject arbitrary data into an HTTP response of the WEBrick server, allowing cross-site scripting attacks, web cache poisoning or similar exploits...

Denial Of Service (DoS)

nginx is vulnerable to denial of service. An attacker is able to cause a infinite loop or a memory disclosure in ngxhttpmp4module via a malicious mp4 file...

Information Disclosure

Linux kernel that is built with CONFIGPOSIXTIMERES and CONFIGCHECKPOINTRESTORE is vulnerable to information disclosure. An out-of-bounds access in the showtimer function in the timercreate syscall implementation in kernel/time/posix-timers.c allows userspace applications to read arbitrary kernel...

Memory Corruption

kernel-rt is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code...

Arbitrary Code Execution

patch is vulnerable to arbitrary code execution attacks. The vulnerability exists as GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitabl...

ASLR Bypass

kernel-rt is vulnerable to ASLR bypass attacks. The vulnerability exists as the archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the...

Information Disclosure

ansible is vulnerable to information disclosure. The application doesn't properly enforce the nolog flag, meaning that sensitive information that has been passed to the task will be logged by the system. This allows a malicious user with access to the logs can gain access to this sensitive...

Remote Code Execution (RCE)

kernel is vulnerable to remote code execution RCE attacks. The vulnerability exists as the native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP...

Remote Code Execution (RCE)

rh-git29-git is vulnerable to remote code execution RCE attacks. The vulnerability exists as a malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a U...

Privilege Escalation

Linux kernel is vulnerable to privilege escalation. A flaw was found in the Linux kernel's implementation of seqfile where a local attacker could manipulate memory in the put function pointer. This could lead to memory corruption and possible privilege escalation...

Privilege Escalation

openssh is vulnerable to privilege escalation. It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pamenv PAM module configured to read user environment settings, a local user could use this...

Denial Of Service (DoS)

QEMU is vulnearble to denial of service. An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance...

TLS Session Resumption Client Certificate Bypass

libcurl.so is vulnerable to TLS session resumption client certificate bypass attacks. The vulnerability exists in Curlclonesslconfig of lib/vtls/vtls.c where libcurl.so does not prevent the TLS session resumption if the client certificate has been replaced...

Denial Of Service (DoS)

commons-fileupload is vulnerable to denial of service attacks. The vulnerability can be triggered because the HTTP server does not properly filter the file upload requests which has the size of MIME boundary close to the size of the buffer in MultipartStream...

Privilege Escalation

kernel-rt is vulnerable to privilege escalation attacks. The vulnerability exists as arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges...

Authorization Bypass

kernel-rt is vulnerable to authorization bypass attacks. The vulnerability exists as the Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability...

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of servi...

Denial Of Service (DoS)

Linux kernel-rt is vulnerable to denial of service. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate th...

Denial Of Service

Mozilla Thunderbird is vulnerable to denial of service DoS attack. It is possible because it does not prevent the processing of malformed web content, allowing the application to crash...

Information Disclosure

PostgreSQL is vulnerable to information disclosure. An information leak occurs when the server handles certain error messages, allowing an authenticated database user could to obtain results of a query they did not have privileges to execute, by observing the constraint violation error messages...

Authorization Bypass

httpd24-httpd is vulnerable to authorization bypass attacks. The vulnerability exists as the modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding...

Authorization Bypass

hplip is vulnerable to authorization bypass. The checkpermissionv1 function in base/pkit.py does not properly use D-Bus for communications with a polkit authority. A race condition in the PolkitUnixProcess PolkitSubject allows a local user to bypass access restrictions via a setuid or pkexec...

Authorization Bypass

gnutls is vulnerable to authorization bypass attacks. The vulnerability exists as GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a...

Denial Of Service

The httpd packages is susceptible to a denial of service. The vulnerability is possible due to a NULL pointer dereference flaw in the modcache httpd module. A malicious HTTP server causes the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching...

Denial Of Service (DoS)

MySQL is vulnerable to denial of service. An unspecified vulnerability allows remote attackers to crash the service via vectors related to Error Handling...

Denial Of Service (Dos)

libxml2 is vulnerable to denial of service. An attacker is able to crash the application via a malicious XML document containing malformed XPath expressions...

Denial Of Service (DoS)

GnuTLS is vulnerable to denial of service. A buffer over-read occurs in the gnutlsciphertext2compressed function in lib/gnutlscipher.c when CBC-mode cipher suites are used. This allows a remote attacker to crash the process via a crafted padding length...

XML External Entity (XXE) To Read Files

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...

Denial Of Service (DoS)

openjpeg is vulnerable to denial of service. A remote attacker is able to crash the process, or potentially execute arbitrary code in the context of the process worker, via a malicious OpenJPEG image to cause a heap-based buffer overflow...

Remote Code Execution (RCE)

php is vulnerable to remote code execution RCE attacks. The vulnerability exists through a format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary cod...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS attacks. The vulnerability exists as PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an...

Denial Of Service (DoS)

openipmi is vulnerable to denial of service DoS attacks. The vulnerability exists as ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid...

Authentication Bypass

libcurl.so is vulnerable to authentication bypasses. The library re-uses NTLM connections, allowing a malicious user to reuse a connection to bypass authentication...

Insecure Caching

bind is vulnerable to ghost domain names attack. This is due to a flaw in the way BIND handles the updates of cached name server NS resource records. A malicious owner of a DNS domain is able to abuse the vulnerability to keep the domain resolvable by the BIND server even after the delegation has...

Denial Of Service (DoS)

openssh is vulnerable to denial of service DoS attacks. The vulnerability exists as the default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service...

Remote Code Execution (RCE)

crypto/x509 in github.com/golang/go is vulnerable to remote code execution RCE. The vulnerability is possible because TLS servers accepting client certificates and TLS clients does not validate the input, causing denial of service leading to remote code execution...

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to a type confusion bug which would allow for a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838,...

Denial Of Service (DoS)

node is vulnerable to denial of service DoS attacks. The vulnerability exists when a malicious user sends headers while keeping HTTP/HTTPS connections alive for a long period of time...

Cross-site Scripting (XSS)

tomcat-http is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the assumption that the Accept-Language header value received conforms to RFC 2616, allowing XSS attacks...

Directory Traversal

tomcat-util is vulnerable to directory traversal attacks. The vulnerability exists due to the ability to include ../, ..\, and ..%5C characters in the URL, allowing directory traversal attacks...

Denial Of Service (DoS)

libsystemd.so is vulnerable to denial of service. A malicious DHCP server in the adjacent network is able to corrupt heap memory in the DHCPv6 client via a crafted options packet, resulting in a denial of service condition or possible code execution...

XML External Entity (XXE)

dom4j is vulnerable to XML External Entity XXE attacks. The library does not properly validate the attributes that can be inserted by the user, allowing a malicious user to conduct an XXE attack...

Sensitive Information Leakage

IdentityServer3 is vulnerable to sensitive information leakage. The leakage of identityserver responses is possible because there is a flaw in Angular expression on the authorize response page...

Denial Of Service (DoS)

libgd.so is vulnerable to denial of service DoS attacks. The library contains a memory leak during interpolation, allowing a malicious user to cause a DoS condition by calling the gdImageScaleTwoPass function in gdinterpolation.c...

Arbitrary File Write

wildfly-deployment-repository is vulnerable to the zip-slip vulnerability. The library does not validate the target path when extracting and deploying .war files, leading to arbitrary file writes outside of the intended target directory...

Denial Of Service (DoS)

FFmpeg is vulnerable to denial of service DoS attacks. The library contains multiple out-of-array accesses in the ffmmsasfheaderparser function of mms.c, allowing a malicious user to pass a file to the application to cause out-of-array accesses that can crash the application...

Denial Of Service (DoS)

libxslt.so is vulnerable to denial of service attacks. The application does not properly handle i format token for xsl:number data, allowing a malicious user to pass a file to the application to cause a integer overflow that can crash the application or cause arbitrary code to be executed...

Cross-Domain Request Through Insecure JSONP Defaults

spring-webmvc is vulnerable to cross-domain requests. The vulnerability exists as JSONP is enabled through the jsonp and callback JSONP parameters in MappingJackson2JsonView by default...

Information Disclosure

libcurl.so is vulnerable to information disclosures. A malicious user can pass a URL with filename longer than 515 bytes during a TFTP transfer to cause curl to send more data than is actually in the buffer, leading to the sendto function sending data past the heap based buffer. This can cause...

Remote Code Execution (RCE)

icu4c is vulnerable to remote code execution RCE attacks. A malicious user can pass a string to the ucnvUTF8FromUTF8 function in ucnvu8.cpp to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...