Permission Bypass

github.com/rancher/rancher is vulnerable to Permission Bypass. The vulnerability due to a misconfiguration in RBAC rules, which grants excessive permissions for the create or global role for the namespaces resource type. This flaw allows an attacker to access, create, update, or delete a namespac...

Stack-Buffer-Overflow

Vim is vulnerable of stack-buffer-overflow. The vulnerability due to use sprintfbuf to write into the error buffer using function didsetlangmap in map.c. It leads to call passed down to the option callback functions...

DLL Redirection Attacks

PanelSwWix4.Sdk is vulneravle to DLL redirection attacks. The vulnerability is due to improper DLL tamper checks within the users temp folder, allowing an attacker to escalate privileges by dropping a malicious DLL into a specific directory monitored by the burn engine, resulting in privilege...

Use After Free

Artifex Ghostscript is vulnerable to Use After Free. The vulnerability is due to a single-character code in a PDF document being able to map to more than one Unicode code point. This potentially leads to a Denial of ServiceDoS Attack...

Sensitive Information Exposure

Liferay Portal is vulnerable to Sensitive Information Exposure. The vulnerability is due to the doAsUserId URL parameter being leaked when creating linked content using the WYSIWYG editor and impersonating a user. This can be exploited to potentially allow remote authenticated users to impersonat...

Server-Side Request Forgery (SSRF)

xxl-job is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is caused due to improper validation of user-supplied input within JobInfoController.java. This allows an attacker to supply a malicious address, potentially leading to Server-Side Request Forgery SSRF...

Improper Authorization

DIRAC is vulnerable to Improper Authorization. The vulnerability is caused due to the TokenManager not checking permissions on cached tokens. This allows an attacker to use improperly cached tokens to gain access to resources, data, or functionalities within the DIRAC system for which they do not...

Improper Access Control

Kinto Attachment is vulnerable to Improper Access Control. The vulnerability is due to improper access control where the attachment file of an existing record can be replaced if the user has "read" permission on one of the parent...

Sensitive Information Disclosure

github.com/rancher/rancher is vulnerable to Sensitive Information Disclosure. This vulnerability arises due to the exposure of various sensitive data, including HTTP headers, credentials, and API Server calls, leaked into Rancher's audit logs when AUDITLEVEL is set to 1 or above. An attacker can...

Cross-site Scripting (XSS)

github.com/rancher/apiserver is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the ParseRequestURL function within base.go constructing a URL from parts of the request without proper sanitization. This flaws allows an attacker to execute arbitrary JavaScript by sending a...

Denial Of Service (DoS)

com.liferay.portal:release.dxp.bom and com.liferay.portal:release.portal.bom is vulnerable to a Denial Of Service DoS attack. The vulnerability is due to insufficient validation of the URL parameter within the IFrame widget. This allows remote authenticated users to trigger the DoS condition...

DLL Redirection Attacks

wix is vulnerable to DLL Redirection Attacks. The vulnerability is due to insufficient security checks in handling the TEMP folder, allowing attackers to escalate privileges by dropping a malicious DLL into a specific directory structure monitored by the burn engine, which when elevated, loads th...

DLL Redirection

PanelSW.Custom.WiX is vulnerable to DLL redirection attacks. The vulnerability is due to insufficient security checks in handling of the TEMP folder, allowing attackers to escalate privileges by dropping a malicious DLL into a specific directory structure monitored by the burn engine, which when...

Arbitrary Code Execution

composer is vulnerable to Arbitrary Code Execution. The vulnerability due to improper santization when parsing the installed.php/InstalledVersions.ph file during the invocation of Composer. If Composer is invoked within a directory where InstalledVersions.ph was tampered with by an attacker,...

Cross Site Scripting (XSS)

github.com/rancher/norman is vulnerable to Cross Site Scripting XSS . The vulnerability is due to a lack of URL validation within the ParseRequestURL method. An attacker can execute arbitrary JavaScript by sending a crafted payload to a public API endpoint, resulting in XSS...

Use-After-Free

chromiumsid is vulnerability of Use-After-Free. The vulnerability due to potentially exploit heap corruption via a crafted HTML page. It allows a remote attacker could potentially exploit it to achieve heap corruption...

Heap Buffer Overflow

chromium sid is vulnerability of Heap buffer overflow. The vulnerability due to write more data to a heap-allocated buffer in the Skia graphics library, which is used in Google Chrome. It allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Cross Site Scripting (XSS)

com.liferay.portal:release.portal.bom and com.liferay.portal:release.dxp.bom are vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of user input validation within the search functionality if highlighting is disabled by adding any searchable content to the application...

Server-Side Request Forgery (SSRF)

libuv.so is vulnerable to Server-Side Request Forgery SSRF. The vulnerability arises due to how the hostnameascii variable with a length of 256 bytes is handled in uvgetaddrinfo and subsequently in uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating nu...

Denial Of Service (DoS)

com.liferay.portal:release.portal.bom is vulnerable to Denial Of Service DoS. The vulnerability is due improper resource consumption limits while generating a preview image. A remote, authenticated attacker can cause a DoS via a crafted image...

Denial Of Service (DoS)

Django is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient string processing within the intcomma template filter when a long string is parsed. This issue can be exploited by an attacker to cause DoS...

SQL Injection

SQLAlchemyDA is vulnerable to SQL Injection. The vulnerability is due to improper validation of SQL statements within the SQLAlchemyDA instance. This issue can be exploited by an attacker to execute arbitrary SQL statements in the database...

Directory Traversal

salt is vulnerable to Directory Traversal. The vulnerability is caused due to lack of proper path validation during the handling of URLs within the salt file server. This allows an attacker to craft a specially designed URL which results directory traversal...

Session Fixation

org.graylog2:graylog2-server is vulnerable to Session Fixation. The vulnerability is due to missing token checks when authentication is performed with an existing session id. Pre-existing session can be used to gain elevated access to an existing session, provided the attacker is able to inject a...

Arbitrary Code Execution

Graylog is vulnerable to Arbitrary Code Execution. The vulnerability is due to a lack of class validation, which allows an attacker to send a HTTP PUT request to the /api/system/clusterconfig/ endpoint which results in the loading of arbitrary classes. This issue can be exploited by an attacker b...

Improper Access Control

pimcore/admin-ui-classic-bundle is vulnerable to Improper Access Control. The vulnerability is due to lack of permission validation while creating and deleting tags. An attacker can create and delete tags without having the permission to do so...

Memory Leak

mupdf is vulnerable to a Memory Leak. The vulnerability is caused due to improper memory management within the menuEntry variable in the glutAddSubMenu function. This can potentially lead to a Denial of ServiceDoS attacks...

Memory Leak

mupdf is vulnerable to a Memory Leak. The vulnerability is caused due to improper memory management of the menuEntry variable within the glutAddMenuEntry function. This can potentially lead to a Denial of Service DoS attack...

Improper Authentication

org.apache.ozone ozone-main is vulnerable to Improper Authentication. The vulnerability is due to improper verification for the identity of a user accessing the Storage Container Manager service. This flaw allows an attackers to download internal metadata without the need for proper authenticatio...

Timing Attack

pulsar-broker-auth-sasl is vulnerable to a Timing Attack. The vulnerability is due to the verifyAndExtract function within SaslRoleTokenSigner.java because it take different amounts of time to return false depending on how many characters it needs to compare before finding a mismatch. This...

Improper Input Validation

libmysofa.so is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of multiplications and additions in the treeRead function within btree.c. The flaw could potentially allow attackers to execute arbitrary code or cause a buffer overflow...

Cross-site Scripting (XSS)

CKEditor4 is vulnerable to Cross-site Scripting. The vulnerability is due to editor instances that have enabled full-page editing mode or enabled CDATA elements in the Advanced Content Filtering configuration which defaults to script and style elements. This flaw allows an attacker to inject...

Cross Site Scripting (XSS)

ckeditor4 is vulnerable to Cross Site Scripting XSS. The vulnerability due to the preview feature which allows an attacker to execute arbitrary JavaScript resulting in XSS...

Improper Validation Of Array Index

vyper is vulnerable to Improper Validation Of Array Index. The vulnerability is due to the typechecker allowing usage of an int as an index for an array validation, allowing an attacker to manipulate the typechcker in such a way that the index will be forced to be negative which results in Denial...

Regular Expression Denial Of Service (ReDoS)

python-multipart is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to a Regular Expression with inefficient complexity utilized to parse the HTTP Content-Type header. An attacker can send a request with a crafted Content-Type option that consumes excessive CPU...

Denial Of Service( DoS)

libgit2 is vulnerable to Denial of Service DoS. The vulnerability is caused due to improper validation within src/revparse.c. If an attacker is able to provide crafted input to the gitrevparsesingle function, an infinite loop can occur resulting in Denial of Service...

Incorrect File Permission

org.springframework.security: spring-security-config is vulnerable to Incorrect File Permissions. The vulnerability is due to insecure permissions assigned to the spring-security.xsd file inside the spring-security-config jar which is world writable. An attacker with access to the filesystem can...

Insecure Deserialisation

clearml is vulnerable to Insecure Deserialisation. The vulnerability is due to Deserialisation of untrusted data. An attacker can upload a malicious pickle file via the project API to run arbitrary code on an end user's system...

Heap Buffer Overflow

libgit2 is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling of string paths in the hasdirname function within index.c. This logic in path processing may cause the application to crash, resulting in Denial of Service DoS...

Improper Control Of A Resource Through Its Lifetime

github.com/cosmos/cosmos-sdk is vulnerable to Improper Control of a Resource Through its Lifetime. The x/crisis module is supposed to allow anyone to halt a chain in event of any violation. The vulnerability is caused due to x/crisis module, which does not halt the chain as expected upon an...

Open Redirect

github.com/go-macaron/i18n is vulnerable to Open Redirect. The vulnerability is caused due to a lack of URL validation within i18n.go. This allows an attacker to manipulate the URL parameter to redirect users to a malicious website...

Directory Traversal

Stimulsoft Dashboard.JS is vulnerable to Directory Traversal. The vulnerability is due to improper fileName validation within the Save function. This issue can be exploited by an attacker to perform directory traversal via fileName parameter, resulting in Arbitrary Code Execution...

Path Traversal

Gradio is vulnerable to Path Traversal. The vulnerability is due to improper validation when parsing a user supplied JSON value inan API request. This issue can be exploited by an attacker read am arbitrary file on the filesystem...

Path Traversal

clearml is vulnerable to Path Traversal. The vulnerability is due to a lack of file path validation, which allows an attacker to craft a malicious dataset which writes files to arbitrary locations on the system...

Path Traversal

org.apache.sling: org.apache.sling.servlets.resolver is vulnerable to Path Traversal. The vulnerability is due to the findScript function within SlingScriptResolverImpl.java allowing user-supplied paths without any validation and the resolveServletInternal function within SlingServletResolver.jav...

Improper Privilege Management

minio is vulnerable to Improper Privilege Management.The vulnerability is due to access keys inheriting permissions from parent keys, including admin rights, allowing them to override their own permissions...

Path Traversal

salt is vulnerable to Path Traversal. The vulnerability is caused by roots.py because there is no explicit path validation before performing file operations, as well as master.py creating directories and files based on unvalidated user input. An attacker can exploit these flaws to traverse and...

Misassignment Of Phantom Functions

xen is vulnerable to Misassignment of Phantom Functions. The vulnerability is due to the failure to properly handle the assignment of phantom functions when the IOMMU context setup fails. It allows attackers in the primary device being assigned to a guest while some phantom functions are assigned...

Arbitrary File Upload

mingSoft is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation when uploading files within the following POST request /ms/file/upload.do. This issue can be exploited by an attacker to upload arbitrary files...

Bleichenbacher Timing Attack

M2Crypto is vulnerable to Bleichenbacher Timing Attack. The vulnerability is due insecure padding schemes, resulting in the exposure of confidential or sensitive data...