Denial Of Service (DoS)

moodle/moodle is vulnerable to denial of service. The vulnerability exists because the yuicombo.php does not properly limit the path length, allowing an attacker to crash the application by loading a large number of files...

Privilege Escalation

libuv.so is vulnerable to privilege escalation. The vulnerability exists in the uvprocesschildinit function in process.c due to improper configurations of group privilege downgrade which allows an attacker to gain privileges via unspecified vectors...

Remote Code Execution

drupal/core is vulnerable to remote code execution. A remote attacker is able to bypass protections provided in sanitizeName function because the filenames with .htaccess extension are not properly sanitized, which allows the attacker to upload and execute malicious code on the system under attac...

Use-After-Free

samba is vulnerable to use-after-free. The vulnerability exists because the AD DC database audit logging module can access LDAP message values freed by a preceding database module which allows an attacker to cause a memory corruption which then leads to an application crash...

Denial Of Service (DoS)

firefox:edge is vulnerable to denial of service...

Out-Of-Bounds Write

net-snmp is vulnerable to out of bounds write. The vulnerability exists due to a boundary error in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable. A remote user is able to pass a malformed OID in a SET request, trigger an out-of-bounds write and execute arbitrary code on the target...

Denial Of Service (DoS)

sqlite3 is vulnerable to Denial Of Service DoS. The vulnerability exists because the whereKeyStats routine is unable to cope with row-value comparisons against the primary key index of a WITHOUT ROWID table which allows an attacker to cause an application crash...

Authorization Bypass

Apache Hive is vulnerable to authorization bypass. The vulnerability exists in the CREATE/DROP operations due to improper restrictions of users privileges which allows an attacker to create and drop UDFs...

Information Disclosure

xen is vulnerable to Information Disclosure. The vulnerability exists due to an aliases in the branch predictor causing some AMD processors to predict the wrong branch type...

Privilege Escalation

git is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of user inputs which allows an attacker to access the git repository perform unauthorized actions...

SQL Injection

oliverklee/seminars is vulnerable to SQL injection. Lack of sufficient sanitisation of input query to EventBagBuilder::limitToOrganizers and EventBagBuilder::limitToCategories allows an attacker to inject malicious SQL query...

DLL Hijacking

node is vulnerable to dll hijacking. The vulnerability exists due to the default open ssl configuration which allows an attacker to exploit the vulnerability by placing a malicious dll file on an affected system...

Sensitive Information Disclosure

Xen is vulnerable to Sensitive Information Disclosure. Linux block table does not zero memory regions before sharing with the backend, leading to information disclosure. Additionally, the grant table only shares 4k pages, leading to unrelated data from different backends residing in the same page...

Regular Expression Denial Of Service (ReDoS)

org.apache.tika:tika is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler component, due to an insecure regular expression usage in setThreshold function by...

Denial Of Service (DoS)

aiohttp is vulnerable to denial of service. An attacker can crash the application by providing invalid IPv6 URLs to the parsemessage function of httpparser.py...

Use After Free

chrome is vulnerable to Use after free. The vulnerability exists due to a use after free in WebGPU allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Buffer Overflow

php is vulnerable to buffer overflow. The vulnerability exists due to a memory corruption which allows an attacker to cause an overflow...

Incorrect Logic

x86 pv is using an incorrect logic. The vulnerability exists due to insufficient care with non-coherent mappings which allows an attacker to perform unwanted actions...

Denial Of Service (DoS)

github.com/containerd/containerd is vulnerable to denial of service. The vulnerability exists in the ExecSync function in containerexecsync.go due to a lack of validation in memory consumption which allows an attacker to crash the application via memory exhaustion...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists due to a flaw found in the Linux kernel allowing an attacker to crash the system...

Cross-site Scripting (XSS)

limesurvey/limesurvey is vulnerable to cross-site scripting attacks. The vulnerability exists in the uploadConfirm.php due to a lack of input validation which allows an attacker to inject and execute arbitrary javascript or HTML...

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in ANGLE which causes a memory corruption allowing a malicious attacker to cause a denial of service...

Privilege Escalation

github.com/vmware-tanzu/pinniped is vulnerable to privilege escalation. The vulnerability exists in the groupSearchFilter function in upstreamldap.go due to lack of validation in search filters which allows an unauthorized user to elevate privileges...

Information Disclosure

curl is vulnerable to information disclosure. The vulnerability exists due to an Auth/cookie leak on redirect to the same host but another port number...

Open Redirect

next-auth is vulnerable to open redirect. The vulnerability exists in redirect function in default-callbacks.ts due to the lack of url validation which allows an attacker to parse malicious urls to redirect the user...

Denial Of Service (DoS)

go:edge is vulnerable to Denial Of Service DoS. A malicious user is able to cause an application to crash via long scalar input...

Remote Code Execution (RCE)

chrome is vulnerable to remote code execution. The vulnerability exists due to an Inappropriate implementation in Web Cursor...

Cross-Site Scripting (XSS)

Keycloak Core is vulnerable to reflected cross-site scripting. The vulnerability exists via the POST http requests due to lack of escaping which allows a malicious attacker to inject and execute arbitrary javascript...

Denial Of Service (DoS)

Go-Ethereum is vulnerable to denial of service. An attacker is able to exploit the vulnerability and crash the system by sending an excessive amount of messages to a node...

Cross-site Scripting (XSS)

@braintree/sanitize-url is vulnerable to cross-site scripting. The vulnerability exists due to a lack of validating HTML encoding...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to stored cross-site scripting. The vulnerability exists in the parameter Name when saving Grid Options because a content security policy is not handled properly which allows a malicious attacker to inject and execute arbitrary javascript...

Information Exposure

moodle/moodle is vulnerable to information exposure. The vulnerability exists due to a lack of input validation in the export.php file, allowing to read sensitive informations in the system...

Insecure Signature

rpm has insecure signature. The vulnerability exists due to an untrusted RPM or public key...

Cross-site Request Forgery (CSRF)

liferay is vulnerable to cross-site request forgery. The vulnerability exists due to the module is not validating the origin of the event message in the fetch.es.js file allowing attackers to pull out the CSRF token via a crafted event message...

Denial Of Service (DoS)

webkit2gtk:edge is vulnerable to denial of service...

Denial Of Service (DoS)

libexpat.so is vulnerable to denial of service. An attacker can trigger stack exhaustion in the buildmodel function of xmlparse.c via a large nesting depth in the DTD element, leading to an application crash...

Denial Of Service (DoS)

libexpat.so is vulnerable to denial of service. The vulnerability exists due to the integer overflow in the copyString function of xmlparse.c as it is only used for encoding strings supplied by the library user, allowing an attacker to cause an application crash...

Authorization Bypass

url-parse is vulnerable to authorization bypass. The vulnerability exists in Url function of index.js because the user name and password are not properly handled which allows a malicious user to modify user information...

Denial Of Service (DoS)

xrdp is vulnerable to denial of service. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root...

Remote Code Execution (RCE)

github.com/git-lfs/git-lfs is vulnerable to remote code execution. The vulnerability exists in 'ExecCommand' function of subprocesswindows.go which allows an attacker to inject and execute codes in the root directory of a malicious repository by simply adding an executable files...

Buffer Overflow

vim:edge is vulnerable to buffer overflow. An attacker is able to trigger a stack-based buffer overflow...

Cross Site Scripting (XSS)

github.com/go-gitea/gitea is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization in the repository settings in the setting.go file allows the attacker to inject and execute arbitrary Javascript via the URL field in the external wiki/issue tracker...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in TensorByteSize function of attrvalueutil.cc because of the check failure in TensorShape which leads to an application crash...

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability when a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible...

Remote Code Execution (RCE)

Chrome is vulnerable to remote code execution. The vulnerability exists due to an inappropriate implementation in the function scroll...

Path Traversal

org.neo4j.procedure:apoc is vulnerable to path traversal. A remote attacker is able to retrieve and download files from outside the authorized directory and under some circumstances to also create files on the affected server resulting in path traversal vulnerability...

Denial Of Service (DoS)

libpng is vulnerable to denial of service. The vulnerability exists due to an absolute path in the export script that crashes when reading multiple zTXT chunks...

Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to a lack of sanitization...

Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. The vulnerability exist due to a lack of sanitization of the memory control pointer...

Remote Code Execution (RCE)

chromium-browser is vulnerable to remote code execution. The vulnerability exists due to the issue in the Object lifecycle in ANGLE...