38191 matches found
Improper Access Control
TYPO3 is vulnerable to Improper Access Control. The vulnerability is caused because attackers can reference files in the fallback storage directly, exposing their file names and contents. This could lead to unauthorized disclosure of sensitive information...
Improper Access Control
TYPO3 is vulnerable to Improper Access Control. The vulnerability is due to a improper access control. An attacker can access resources outside there permission scope by utilizing the TYPO3-specific t3:// URI scheme. This allows users to access resources such as files, folders, pages, and records...
Improper Authorization
derhansen/sfeventmgt is vulnerable to Improper Authorization. The vulnerability is due to mishandling the RedirectResponse from the $this-redirect function, resulting in broken access control checks for events in the backend module. An attacker could exploit this by manipulating the redirect...
Path Traversal
mapshaper is vulnerable to Path Traversal. The vulnerability is caused due to not sanitizing the request URL path when a request is received. This allows an attacker to read any file in the system with privilege of the user running the mapshaper-gui...
Use-After-Free
microsoft.azure.uamqp is vulnerable to Use-After-Free. The vulnerability is due to improper memory management within the opengetofferedcapabilities function. If an attacker calls the function during connection communication, remote code execution may occur...
Sensitive Information Disclosure
typo3/cms-core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to password hashes being inadvertently reflected in editing forms. An attacker can potentially crack plaintext passwords through brute force techniques...
Code Injection
typo3/cms-core is vulnerable to Code Injection. The vulnerability is due to improper validation of settings within the Install Tool when configuring the path to system binaries. This vulnerability is only exploitable by an administrator-level backend user with system maintainer permissions...
Information Disclosure
TYPO3 is vulnerable to Information Disclosure. The vulnerability is due to the plaintext value of the $GLOBALS'SYS''encryptionKey' displayed in the TYPO3 Install Tool user interface. This allows an attacker to utilize the value to generate cryptographic hashes to verify the authenticity of HTTP...
Denial Of Service (DOS)
ASP.NET Core is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of certain SignalR requests which results in the server being overwhelmed unresponsive, resulting in Denial of Service DoS...
Path Traversal (Zip Slip)
github.com/artdarek/go-unzip is vulnerable to Zip Slip. The vulnerability is due to improper handling of file paths within an archive. An attacker can construct an archive containing files with arbitrary paths which results in arbitrary file write outside of the restricted target directory during...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerability to Denial Of Service DoS. The vulnerability is due to instances with Proxy Protocol version 2 PPv2 enabled on both a listener and a subsequent cluster. When the downstream request has a command type of LOCAL and lacks the protocol block, attempting to...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerable of Denial Of Service DoS. The vulnerability is due to missing checks to determine if an address type is supported by the OS. An attacker can send a request using a IPv6 address to a host with IPv6 disabled and a listener config with proxy protocol enabled...
Unauthorized Access
Mattermost Jira Plugin is vulnerable to unauthorized access. The vulnerability is due to its failure to check the security level of incoming issues or restrict based on the user, allowing registered Jira users to create webhooks granting access to all Jira issues...
Denial Of Service (DoS)
ibexiv2.so is vulnerable to Denial of Service DoS. The vulnerability is due to the QuickTimeVideo::multipleEntriesDecode function, which triggers unbounded recursion when reading the metadata of a crafted video file, resulting in DoS...
Authorization Bypass
pixelfed/pixelfed is vulnerable to Authorization Bypass. The vulnerability is due to insufficient checks during request processing, allowing attackers to access and potentially modify administrative and moderator functionalities beyond intended user permissions...
Out Of Bounds Read
libexiv2.so is vulnerable to45462 . The vulnerability is due to a flaw in the QuickTimeVideo::NikonTagsDecoder function when reading the metadata of a video. The vulnerability allows an attacker to trigger an out-of-bounds read by manipulating a video file...
Use After Free
libopensc.so is vulnerable to Use After Free. The vulnerability is caused when a user or administrator enrolls or modifies cards, due to the authenticemuupdatetokeninfo function in pkcs15-authentic.c only freeing memory if the scgetchallenge function does not return an error, potentially leaving...
Cross-site Scripting (XSS)
ghost is vulnerable to Cross-Site Scripting. The vulnerability is due to missing santization during svg image upload. An attacker can upload a SVG profile picture containing JavaScript code which interacts with the API on localhost TCP port 3001, allowing a contributor to potentially take over an...
Denial Of Service (DOS)
github.com/envoyproxy/envoy is vulnerable to Denial of Service. The vulnerability is due to specific timeout configurations leading to crashes when hedgeonpertrytimeout, pertryidletimeout, and per-try-timeout are enabled with values within certain intervals...
Cross Site Scripting (XSS)
https://github.com/greenpau/caddy-security is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization when handling /admin or /settings/mfa/delete/ GET requests. An attacker can inject arbitrary JavaScript code into the users browser, resulting in XSS...
Inadequate Access Control
moodle/moodle is vulnerable to Inadequate Access Control. This vulnerability allows unauthorized access by local users to create arbitrary events intended for higher roles. An attacker can add events to the calendar of all users without their prior consent...
Arbitrary File Read
OpenRefine is vulnerable to Arbitrary File Read. The vulnerability is due to improper JDBC hostname validation, which allows an attacker to read arbitrary files on the host filesystem...
Regular Expression Denial Of Service (ReDoS)
@lambda-middleware/json-deserializer is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regular expression used to identify a JSON mime-type in function isJsonMimeType in the file JsonDeserializer.ts . An attacker can exploit this complexity in...
Denial Of Service (DoS)
drupal/core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handing of requests within the comment module, allowing an attacker reply requests resulting in DoS...
Arbitrary Command Injection
clamav is vulnerable to Arbitrary Command Injection. The vulnerability is due to unsafe handling of file names within the VirusEvent feature of ClamAV and the application fails to properly sanitize file names provided to this feature, allowing for the injection of arbitrary command-line sequences...
Privilege Escalation
postgresql is vulnerable to Privilege Escalation. The vulnerability due to unauthorized execution of arbitrary SQL functions as the command issuer with elevated privileges using REFRESH MATERIALIZED VIEW CONCURRENTLY command. It leads to an attacker creates functions that use CREATE RULE to conve...
Denial Of Service
clamavedge is vulnerable of Denial Of Service. The vulnerability due to submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device and incorrect check for end-of-string values during scanning. It allow an attacker to cause the ClamAV scanning process to...
Denial Of Service
openvswitch is vulnerable to Denial Of Service. The vulnerability is due to a flaw in the handling of Geneve packets in Open vSwitch. Specifically, when hardware offloading via the netlink path is enabled, allows attackers to exploit Open vSwitch by sending specially crafted Geneve packets,...
Insufficient Verification Of Data Authenticity
Open vSwitch is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper handling of ICMPv6 packets, specifically allowing packets with modified or spoofed target IP addresses to redirect traffic to arbitrary destinations...
Infinite Loop
MongoDB C Driver is vulnerable to Infinite Loop. The vulnerability is due to calling bsonutf8validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop...
Unrestricted File Upload
Apache Solr is vulnerable to Unrestricted File Upload. The vulnerability is due to the ConfigSets API accepting and uploading jar/class files without proper restriction of file type. When backing up Solr Collections, the configSet files will be saved to disk, but if the backup directory is includ...
Insufficiently Protected Credentials
Apache Solr is vulnerable to Insufficiently Protected Credentials. The vulnerability is caused due to system property redaction logic inconsistencies. This allows an attacker to access sensitive system properties, including credentials such as passwords or secret keys...
Drive-by Localhost Attack
micronaut server is vulnerable to Drive-by Localhost Attack. The vulnerability is caused when unsecured management endpoints are enabled, which are susceptible to malicious HTTP requests from a compromised websites targeting localhost drive by localhost attack. The issue arises because some...
Server Side Request Forgery (SSRF)
ip is vulnerable to Server Side Request Forgery. The vulnerability is due to the isPublic function's failure to interpret and classify hexadecimal IP address representations. If an application utilizes the isPublic or isPrivate functions to determine if an address is public, an attacker can prefo...
Cross-site Request Forgery (CSRF)
github.com/mattermost/mattermost-plugin-jira is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to improper logout checks, allowing an attacker to disconnect a user's Jira connection in Mattermost by viewing a specially crafted message...
Observable Discrepancy
Liferay Portal is vulnerable to Observable Discrepancy. The vulnerability is due to the handling of different responses based on site existence or user permissions. An attacker can discover the existence of sites by enumerating URLs...
Cross Site Scripting (XSS)
concrete5/concrete5 is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the Image URL Import Feature. The vulnerability allows an admin authicated attacker to inject malicious code when importing images, resulting in XSS...
Missing Authorization
Apache Solr is vulnerable to Missing Authorization. The vulnerability is caused due to lack of authentication checks within the Schema Designer, allowing an attacker to load configSets without proper authentication, resulting in arbitrary code execution...
Authentication Bypass
github.com/envoyproxy/envoy is vulnerable to Authentication Bypass. The vulnerability is caused due to downstream clients being able to force invalid gRPC requests to extauthz, thereby circumventing extauthz checks when failuremodeallow is set to true. This leads to external authentication gettin...
Cross Site Scripting (XSS)
concrete5/concrete5 is vulnerable to Cross Site ScriptingXSS. The vulnerability due to file attributes which are insufficiently sanitized via the Edit Attributes page. It vulnerability allows an admin authenticated attacker to inject malicious code into file tags or description attributes,...
Code Injection
pkg is vulnerable toCode Injection. The vulnerability is due to the use of a hardcoded directory /tmp/pkg/ for native code packages, which is shared among all users on the same local system without unique or unpredictable package names, enabling attackers to replace genuine executables with...
Information Disclosure
nonebot2 is vulnerable to Information Disclosure. The vulnerability is due to improper handling of user-provided data in a MessageTemplate, which could result in sensitive information disclosure if the user input is used in templates without adequate filtering...
Cross Site Scripting (XSS)
concrete5/concrete5 is vulnerable to Cross Site Scripting XSS. The vulnerability due to insufficient santization of the Role Name field within roleslist.php, allowing an attacker with admin privileges to inject malicious code into the field resulting in stored Cross Site Scripting...
Sensitive Information Disclosure
Apache Solr is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing zkHost validation within the Solr Streaming Expressions feature, allowing users to extract data from other Solr Clouds by specifying an external ZooKeeper host, which results in the leakage of...
Cross-site Scripting (XSS)
miraheze/manage-wiki is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the columns and help keys interface messages within the form descriptor. An attacker requires the editinterface right to exploit this vulnerability...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerable to Denial Of Service DoS. The vulnerability is due to a regex expression which is compiled for every request. This can result in high CPU usage and increased request latency when multiple routes are configured with such matchers...
Arbitrary File Write
github.com/hashicorp/nomad is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of symlinks by the template renderer. The attacker can manipulate file paths and write arbitrary files to the host system...
Denial Of Service (DoS)
Mattermost is vulnerable to Denial of Service DoS. The vulnerability is caused due to the lack of validation for custom emoji reactions. This allows an attacker to send a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post...
XML Entity Expansion
libexpat is vulnerable to XML Entity Expansion . the vulnerability is due to Improper Restriction of Recursive Entity References in DTDs if XMLDTD is undefined at compile time...
Denial Of Service
libexpat is vulnerable of Denial of service. The vulnerability due to many full reparsings are required in the case of a large token for which multiple buffer fills are needed. It leads to the exhaustion of available resources...