38195 matches found
Buffer Overflow
gcc is vulnerable to Buffer Overflow. The vulnerability is caused due to fstack-protector feature in GCC-based toolchains that target AArch64 architecture which has an existing buffer overflow flaw in dynamically-sized local variables without being detected. An attacker can exploit this without...
Integer Overflow
gst-plugins-good is vulnerable to Integer Overflow. The vulnerability allows code execution with the privileges of the vulnerable application resulting in a potential denial-of-service DoS or a heap-based buffer overflow...
Heap-based Buffer Overflow
gst-plugins-bad gstreamer: AV1 codec parser is vulnerable to Heap-based Buffer Overflow. The vulnerability is caused due to a failure in handling / processing certain malformed streams. A malicious user can use this flaw to trigger a crash in the application and possibly affect code execution...
Use After Free
gst-plugins-bad MXF demuxer in GStreamer is vulnerable to Use After Free. The vulnerability is caused when handling certain MXF video files which can allow an attacker to trigger a crash in the application and may allow code execution...
Information Leak
Xen Citrix Hypervisor is vulnerable to Information Leak. The vulnerability is caused due to a quarantine page table level mismatch of the quarantine domain domio where last page table directory PDE effectively becoming a page table entry PTE causing a device in quarantine mode gaining write acces...
Race Condition
Xen is vulnerable to Race Condition. The vulnerability is caused due to the two mitigations XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow not active because it was believed that the mitigations always operated in contexts with IRQs disabled due to original XSA-254 fi...
Denial Of Service (DOS)
lua-http library is vulnerable to Denial Of Service DOS. The vulnerability is caused due to Improper Handling of Exceptional Conditions. An attacker can send a properly crafted request to the server leading to Excessive Allocation of resources and eventually Denial Of Service DOS...
Integer Overflow
gst-plugins-ugly GStreamer is vulnerable to Integer Overflow. The vulnerability is caused due to an integer overflow within the parsing of MDPR chunks. A remote attacker can pass specially crafted data to the application triggering integer overflow and execute arbitrary code on the target system...
Remote Code Execution
gst-plugins-ugly GStreamer is vulnerable to Remote Code Execution. The vulnerability is caused due to an integer overflow within the parsing of MDPR chunks. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target syst...
Heap Buffer Overflow
gst-plugins-bad GStreamer is vulnerable to Heap Buffer Overflow. The vulnerability is caused when handling malformed files with an uncompressed video. This could allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code execution via heap...
Integer Overflow
gst-plugins-bad:edge is vulnerable to Integer overflow. The vulnerability due to leading to heap overwrite in MXF file handling with AES3 audio. It allow an attacker to execute integer overflow...
Integer Overflow
gst-plugins-bad:edge is vulnerable to Integer overflow. The vulnerability due to GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. It leads to allow a remote attacker to execute Integer overflow...
Improper File Execution
firefox-esr,thunderbird vulnerable to Improper File Execution. The vulnerability due to a file is not present when downloading .msix, .msixbundle, .appx, and .appxbundle files. It allows an attacker could execute a malicious file will effect on windows operating system...
Improper Restriction Of Rendered UI Layers Or Frames
thunderbird is vulnerable to Improper Restriction of Rendered UI Layers or Frames. The vulnerability is due to thunderbird allow a website could obscure the full-screen notification by using the file open dialog. This could lead to user confusion and possible spoofing attacks...
Sensitive Information Leak
kibana is vulnerable to Sensitive Information Leak. The vulnerability is due to sensitive information being recorded to logs in case of an error. The log can contain account credentials for the kibanasystem user, API Keys and credentials of kibana end users...
Missing Authorization
samba is is vulnerable to Missing Authorization. The vulnerability is due to there is no access control checks in Samba's LDAP server while search, This allows an unprivileged users to access names and attributes of deleted objects...
LDAP Injection
keycloak-ldap-federation, keycloak-services is vulnerable to LDAP Injection. The vulnerability is due to the getFilterById function in LDAPOperationManager.java and getUserFromForm function in AbstractUsernameFormAuthenticator.java. This allows an attacker to manipulate the LDAP query in...
Host Header Injection
zitadel is vulnerable to Host Header Injection attack. The vulnerability is caused due to improper validation of the X-Forwarded-Host header while creating a password reset link. An attacker can phish a user by tampering with X-Forwarded-Host header, retrieve the secret code which can be used to...
Insufficient Session Expiration
Cosmos-server is vulnerable to Insufficient Session Expiration. The vulnerability is due to the authorization header Jwttoken used for user login remaining valid and not expiring after log out. This allows an attacker to use the token to gain unauthorized access to the application/system even aft...
Content Type Bypass
carrierwave is vulnerable to Content-Type bypass. The vulnerability arises due to a partial match performed while whitelisting content types in allowlistedcontenttype method. The Eexploitation of this vulnerability possibly leads to Cross Site Scripting...
Stored Cross Site Scripting (XSS)
October CMS is vulnerable to Stored Cross Site Scripting. The vulnerability is due to improperly validating uploaded SVG files for malicious scripts. This issue can be exploited by an attacker via including malicious JavaScript in the SVG files resulting in Stored Cross Site Scripting...
Template Injection
October CMS is vulnerable to Template Injection. The vulnerability is caused by a crafted request which includes PHP code in the CMS template, where an authenticated backend user possessing the editor.cmspages, editor.cmslayouts, or editor.cmspartials can execute arbitrary PHP code even when the...
Server Side Template Injection
October CMS is vulnerable to Server Side Template Injection. The vulnerability is due improper sandboxing of twig code, where an authenticated backend user possessing the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions, can execute PHP code even when cms.safemode being...
Denial Of Service (DoS)
ch.qos.logback:logback-classic is vulnerable to Denial Of Service DoS. The vulnerability is due a missing check on the length of an argument array during the deserialization process. This could lead to Denial of Service attacks by sending crafted data...
Information Disclosure
haproxy is vulnerable to Information Disclosure. The vulnerability exists in the URI component, potentially allowing an attacker to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule. This could include scenarios like routing index.html.png to a...
Open Redirect
apache-superset is vulnerable to Open Redirect. The vulnerability is caused due to lack of validation of HTTP host header. An authenticated attacker can spoof the HTTP host header and redirect users to the website of attacker's choice. An attacker can perform a phishing attack by exploiting this...
Denial Of Service
libtiff.so is vulnerable to Denial Of Service attack. The vulnerability is due to a lack of codec validation in the tiffcp utility. A heap based buffer overflow is caused while processing a crafted TIFF file, leading to Denial of Service DoS...
Improper Signature Validation
simplesamlphp/xml-security and simplesamlphp/saml2 are vulnerable to Improper Signature Validation. The vulnerability is due to a lack of proper signature validation in the validateReference method. This could lead to the forging of digital signatures...
Path Traversal
oro/platform is vulnerable to Path Traversal. The vulnerability is due to the getTemporaryFileName function in Oro/Bundle/GaufretteBundle/FileManager.php. An attacker can exploit this method to pass the path to a non-existent file, which will allow writing the content to a new file that will be...
Race Condition
github.com/go-resty/resty/ is vulnerable to Race condition. The vulnerability is due to calling sync.pool. The vulnerability arises due to improper handling of buffer reset functionality, wherein the buffer gets embedded with a request body and gets appended to current HTTP request body. Any...
Cross Site Scripting (XSS)
nodejs is vulnerable to Cross Site Scripting XSS. The vulnerability exists because maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to,...
Denial Of Service (DoS)
apachesuperset is vulnerable to Denial Of Service DoS. The vulnerability is caused by a lack rate limiting in the API and dashboard functionalities. An attacker with authenticated access, could exploit this vulnerability by initiating multiple concurrent requests for dashboard exports. This can...
Information Disclosure
oro/commerce is vulnerable to Information Disclosure. The vulnerability allows back-office users to bypass access control ACL restrictions and access detailed order totals information by simply knowing the order ID...
Denial Of Service
Reactor Netty HTTP Server is vulnerable to Denial Of Service DOS. The vulnerability is due to the improper validation of HTTP requests while if the micrometer integration is enabled, which can result in Denial Of Service...
Denial Of Service (DoS)
cryptography is vulnerable to Denial of Service DoS. The vulnerability is due to NULL-pointer dereference while loading PKCS7 certificates. This could lead to Denial Of Service if an application is utilizing the loadderpkcs7certificates or loadpempkcs7certificates functions...
Information Disclosure
oro/customer-portal is vulnerable to Information Disclosure. An access control vulnerability allows back-office users to bypass access control ACL restrictions and access information about Customer and Customer User menus...
Authentication Bypass
Pimcore/admin-ui-classic-bundle is vulnerable to an Authentication Bypass. The vulnerability exists in the shouldPerformTwoFactorAuthentication function in PimcoreUserTwoFactorCondition.php because it does not properly check whether the two-factor authentication which allows an attacker to bypass...
Denial Of Service (DOS)
github.com/knative/serving is vulnerable to Denial Of Service DOS. The vulnerability exists due to unbound memory allocation in httpscrapeclient.go which allows attackers to control the responses from the /metrics endpoint and crash the application...
Arbitrary File Read
com.bstek.ureport/ureport2-core is vulnerable to Arbitrary File Read. The vulnerability is due to a lack of image path santization. The image path provided by the user is directly append to the obtained path into the FileInputStream method. This allows an attacker to submit malicious data, leadin...
Denial Of Service (DoS)
Spring Boot is vulnerable to Denial Of Service. The vulnerability is due to parsing malicious HTTP Request without proper validation or sanitization. This issue can be exploited by an attacker via crafting mailicous HTTP Request leading to Denial Of Service. Note that the following conditions mus...
Command Injection
uptime-kuma is vulnerable to Command Injection. The vulnerability is caused due to the application including hostname parameter inside a shell command. Attacker can inject OS commands in the hostname parameter leading to command injection...
Denial Of Service (DoS)
org.springframework: spring-web is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of validation for HTTP methods in DefaultServerRequestObservationConvention.java. This allows an attacker to inject specially crafted HTTP requests that may cause Denial of Service. Note tha...
Cross Site Scripting (XSS)
Apache NiFi is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization of user input. This issue can be exploited by an attacker via crafting specific malicious url to execute Javascript within the session context of the authenticated user...
Privilege Escalation
apache-superset is vulnerable to Privilege Escalation. The vulnerability is due to the default examples database connection. An attacker can exploit this flaw via using a specially crafted CTE SQL statement and as a result could tamper with the authentication / authorization data...
Request Smuggling
aiohttp is vulnerable to Request Smuggling. The vulnerability exists due to improper HTTP method validation in the init function of clientreqrep.py. This allows an attacker to modify the HTTP request, such as inserting a new header or even creating a new HTTP request if the attacker can control t...
Information Disclosure
oro/crm-call-bundle is vulnerable to Information Disclosure. The vulnerability allows back-office users to bypass access control ACL restrictions and gain unauthorized access to sensitive information, such as customer call logs and personal data...
Information Disclosure
apachesuperset is vulnerable to Information Disclosure. The vulnerability allows an authenticated user with read permissions on the database connections metadata to access sensitive information such as the connection’s username...
Cross Site Scripting (XSS)
uptime-kuma is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper validation of google analytics tagID. An attacker can inject malicious javascript and perform session hijacking...
Deserialization Of Untrusted Data
org.apache.activemq is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to org.jolokia.http.HttpRequestHandlerhandlePostRequest creating a JmxRequest through a JSONObject and calls to org.jolokia.http.HttpRequestHandlerexecuteRequest. This issue can be exploited by an...
Improper Access Control
oro/calendar-bundle is vulnerable to Improper Access Control. The vulnerability exists due to the lack of permission checks in the checkPermissions function of SystemCalendarEventController.php. This allows back-office users to access information from any system calendar event, bypassing ACL...