Denial Of Service (DoS)

firefox-esr is vulnerable to Denial Of Service DoS. An attacker can supply malicious data to PathRecording, causing an out-of-bounds write and potentially leading to an exploitable crash in a privileged process...

Denial Of Service (DoS)

firefox-esr is vulnerable to Denial Of Service DoS. An attacker can supply malicious data to FilterNodeD2D1, causing an out-of-bounds write and potentially leading to an exploitable crash in a privileged process...

Denial Of Service (DoS)

firefox-esr is vulnerable to Denial Of Service DoS. This vulnerability occurs during log compilation. A Garbage Collection could lead to a use-after-free condition, enabling an attacker to write two NUL bytes and potentially trigger a crash that could be exploitable...

Memory Corruptions

firefox-esr is vulnerable to Memory Corruptions. The vulnerability exists due to the memory safety bugs in the library, which allows an attacker to cause an application crash and run arbitrary code on the system...

Denial Of Service (DoS)

Firefox ESR is vulnerable to Denial Of Service DoS. The vulnerability occurs if Windows does not duplicate a handle during process creation. In such cases, the sandbox code may unintentionally free a pointer twice, leading to a use-after-free situation and a potentially exploitable crash. This bu...

Heap Buffer Overflow

Google Chrome is vulnerable to Heap Buffer Overflow. The vulnerability exists in the vp8 encoding in libvpx in the library, which allows an attacker to cause heap corruption via a maliciously crafted HTML page...

Improper Input Validation

Firefox is vulnerable to Improper Input Validation. This vulnerability occurs when downloading files via the Windows Save As dialog, where suggested filenames contain environment variable names. Windows resolves these variables within the context of the current user, potentially leading to...

Remote Code Execution (RCE)

netatalk is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of type checking in callers in the dallocvalueforkey function of the library, which leads to type confusion and allows an attacker to inject and execute malicious code by parsing maliciously crafted...

Remote Code Execution (RCE)

composer/composer is vulnerable to Remote Code Execution RCE. The vulnerability exists because the registerargcargv is not properly disabled in php.ini, which allows an attacker to inject and execute malicious code through the malicious composer.phar file when publishing a composer.phar to a publ...

Information Disclosure

Firefox is vulnerable to Information Disclosure. The vulnerability exists after downloading a Windows .url shortcut from the local filesystem, which allows an attacker to supply a remote path that would lead to unexpected network requests from the operating system, leaking the NTLM credentials to...

Denial Of Service (DoS)

Firefox is vulnerable to Denial of Service DoS. The vulnerability arises from inadequate validation of the members of the DEVMODEW struct, which is set by the printer device driver. An attacker can exploit this issue to perform out-of-bounds access, potentially leading to application crashes.This...

Remote Code Execution (RCE)

libspf2 is vulnerable to Remote Code Execution RCE. The vulnerability could allow an attacker to execute arbitrary code on the Exim server, potentially allowing them to take control of the system or steal sensitive data...

Stack-based Overflow

exim is vulnerable to Stack-based Overflow. The vulnerability arises from the absence of proper validation of user-supplied data length before copying it into a fixed-length stack-based buffer during the handling of NTLM challenge requests in the SMTP challenge component. This allows an attacker ...

Remote Code Execution (RCE)

exim is vulnerable to Remote Code Execution RCE. The vulnerability arises from the absence of proper validation for user-supplied data in the SMTP service. This could result in a buffer overflow, enabling an attacker to inject and execute malicious code within the service account's context...

Information Disclosure

exim is vulnerable to Information Disclosure. The vulnerability exists due to the absence of validation for user-supplied data during the handling of NTLM challenge requests. This allows an attacker to read beyond allocated data structures, potentially leading to the disclosure of information...

Denial Of Service (DoS)

bind is vulnerable to Denial of Service DoS. The vulnerability exists due to a flaw in the networking code handling DNS-over-TLS queries due to an assertion failure causing an application crash...

Information Disclosure

xen is vulnerable to Information Disclosure. The vulnerability exists due to a division-by-zero error on some AMD processors which allows an attacker to gain access to speculative data...

Arbitrary Code Execution

busybox is vulnerable to Arbitrary Code Execution. The vulnerability exists due to a stack overflow vulnerability which allows an attacker to inject and execute arbitrary codes...

Out Of Bound Writes

mpfr4 is vulnerable to Out of Bound Writes. The vulnerability exists due to a buffer overflow which allows an attacker to perform out of bound writes...

Integer Overflow

vim is vulnerable to Integer Overflow. The vulnerability exists due to a Wraparound in GitHub repository which allows an attacker to cause an application crash...

Use After Free

vim is vulnerable to Use After Free. The vulnerability allows an attacker to perform unauthorized actions in GitHub repository...

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. This vulnerability allows an attacker to execute arbitrary code on a vulnerable system by exploiting a bug in the way Vim handles memory...

Untrusted Search Path

vim is vulnerable to Untrusted Search Path. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server due to the way Vim searches for files. Once the vulnerability is exploited, the...

Out-of-bounds Write

vim is vulnerable to Out-of-bounds Write. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server. Once the vulnerability is exploited, the attacker could take control of the user's...

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server. Once the vulnerability is exploited, the attacker could take control of the...

Use After Free

vim is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server. Once the vulnerability is exploited, the attacker could take control of the user's system a...

Use After Free

vim is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server. Once the vulnerability is exploited, the attacker could take control of the user's system a...

Denial Of Service (DoS)

bind is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability by sending a malicious DNS packet to a vulnerable named server. Once the vulnerability is exploited, the attacker could take control of the server and steal data, install malware, or disrupt service...

Denial Of Service (DoS)

firefox is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability by tricking a user into clicking on a malicious link or by sending a malicious email to a vulnerable user. Once the user clicks on the malicious link or opens the malicious email, the attacker could trigg...

Insufficiently Protected Credentials

github.com/schollz/croc is vulnerable to sensitive information disclosure via Insufficiently Protected Credentials. The vulnerability is due to when users specify a custom shared secret via the command line, as it becomes visible on the host's process list for all local users. This can lead to...

Information Exposure

github.com/schollz/croc is vulnerable to Information Exposure. The vulnerability is due to there case where an explicit IP isn't provided, the receiver prompts the sender for its local IP addresses using the ips? message. That triggers an unencrypted message exchange and sender will send out...

Sensitive Information Exposure

github.com/schollz/croc is vulnerable to Sensitive Information Exposure. The vulnerability is due to the way croc uses the leading three characters of a shared secret to select a common "room name". When custom shared secrets are used, the leading three characters might give away information abou...

Improper Neutralization Of Filename Or Path

github.com/schollz/croc is vulnerable to Improper Neutralization Of Filename Or Path. The vulnerability is due to a lack of filenames filtering or received from the client side. This allows an attacker to use filenames with special characters, including ANSI/CSI terminal escape sequences. The...

Arbitrary File Overwrite

github.com/schollz/croc is vulnerable to Arbitrary File Overwrite. The vulnerability is due to the Croc protocol allowing a sender to specify an arbitrary path for the file transfer, which lacks validation to check if the file path will overwrite an existing file on the client side. An attacker c...

Arbitrary File Write

github.com/schollz/croc is vulnerable to Arbitrary File Write through crafted File Paths. The vulnerability is due to the Croc protocol which allows senders to specify sn arbitrary path for a file transfer. If the recipient doesn't already have a file with the same name, an attacker can exploit...

Heap Buffer Overflow

napi-rs/image is vulnerable to Heap Buffer Overflow. The vulnerability is due to a remote attacker's ability to perform an out-of-bounds memory write via a crafted webp image resulting in Denial of Service or Code Execution under special circumstances...

Incorrect Bounds Checking

Vyper is vulnerable to Incorrect Bounds Checking. The vulnerability is due to the lack of input validation when abidecode is nested in an expression. This allows for the construction of uses of abidecode that can bypass bounds checking, ultimately resulting in incorrect results...

Plaintext Password Storage

Synapse is vulnerable to Plaintext Password Storage. The vulnerability is due to the brief storage of updated credentials in the server database, which could result in passwords being inadvertently captured in database backups for a longer duration then anticipated...

Insufficient Verification Of Data Authenticity

github.com/cilium/cilium is vulnerable to Insufficient Verification Of Data Authenticity. The vulnerability is due to in GetPodMetadata as there is no check or sanitization for user changing namespace, service account or cluster name labels. This allow an attacker to utilize crafted pod labels...

Improper Authorization

Synapse is vulnerable to Improper Authorization. The vulnerability is due to a flaw that allowed users to forge read receipts for any event. The attacker can mark any event as read even if he/she was not in the room...

Denial Of Service (DoS)

github.com/cilium/cilium is vulnerable to Denial of Service DoS. The vulnerability is due to a lack of checks to confirm if the L7 proxy is enabled or disabled before processing the proxyVisibility annotations. When the L7 proxy is disabled, any workload with these annotations can crash the Ciliu...

Missing Authentication For Critical Function

github.com/cilium/cilium is vulnerable to Missing Authentication. The vulnerability is due to the ValidateCNP function in validator.go which lacks checks for a policy with any malicious or incorrectly match configurations, allowing an attacker to create policies that bypass namespace restrictions...

Authentication Bypass

Sing is vulnerable to an authentication bypass vulnerability. The vulnerability is due to SOCKS5 inbound user authentication which allows an attacker to bypass authentication by using specially crafted packets...

Arbitrary Text Injection

Kiali is vulnerable to content spoofing. The vulnerability is due to implement proper error handling when a page or endpoint being accessed is not found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed...

HTTP Request/Response Smuggling

gevent is vulnerable to HTTP Request/Response Smuggling. The vulnerability is caused by a missing validation check on trailers in processing of chunked requests in the WSGI application on keep-alive connections. This can lead to an attacker carefully crafting invalid trailers in chunked requests...

Remote Code Execution

pgadmin4 is vulnerable to Remote Code Execution. The vulnerability is caused by a missing validation in the pgAdmin server HTTP API - validatebinarypath that is used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. This can result in an...

Cross-site Scripting

pimcore/admin-ui-classic-bundle is vulnerable to Cross-site Scripting. The vulnerability is due to sprintf function in functions.js which does not perform any escaping or sanitization of the subst and str value itself. This can lead to Cross-Site Scripting vulnerabilities if the str is later...

Local File Inclusion

FUXA is vulnerable to Local File Inclusion. The vulnerability is due to improper file sanitization via the fuxa.log file. The attacker can exploit this issue to read arbitrary files on the server by manipulating the file parameter to reference the desired file...

Arbitrary Code Execution

searchor is vulnerable to Arbitrary Code Execution. The vulnerability is due to the search function in main.py which uses eval to dynamically construct the method call and execute it. An attacker can construct malicious input to the variables engine, query, copy, open which can leads to Code...

Authentication Bypass

apiserver-library-go s vulnerable to Authentication Bypass. The vulnerability is due to the computeSecurityContext function in admission.go not properly checking against all SCCs. This issue could allow a remote, authenticated attacker who has been given the "update, patch" permissions and the...