38196 matches found
Incorrect Authorization
gitlab is vulnerable to Incorrect Authorization. The vulnerability allows an attacker to gain access to a private project through an email invite by using other user's email address as an unverified secondary email...
Access Restriction Bypass
chromium is vulnerable to Access Restriction Bypass. The vulnerability exists due to inappropriate implementation in Blink in Google Chrome which allows a remote attacker to perform arbitrary read/write via a crafted HTML page...
Arbitrary Code Execution
chromium is vulnerable to Arbitrary Code Execution. The vulnerability exists in FFmpeg in Google Chromewhich allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Information Disclosure
chromium is vulnerable to Information Disclosure. The vulnerability exists due to inappropriate implementation in iFrame Sandbox in Google Chromewhich allows a remote attacker to leak cross-origin data via a crafted HTML page...
Access Restriction Bypass
chromium is vulnerable to Access Restriction Bypass. The vulnerability exists due to inappropriate implementation in XML in Google Chromewhich allows a remote attacker to potentially perform an ASLR bypass via a crafted HTML page...
Improper Input Validation
chromium is vulnerable to Improper Input Validation. The vulnerability exists due to inappropriate implementation in Autofill in Google Chrome which allows a remote attacker to bypass navigation restrictions via a crafted HTML page...
Access Restriction Bypass
chromium is vulnerable to Access Restriction Bypass. The vulnerability exists due to insufficient data validation in DevTools in Google Chrome which allows a remote attacker to bypass content security policy via a crafted HTML page...
Denial Of Service (DoS)
chromium is vulnerable to Denial of Service DoS. The vulnerability exists due to type confusion in MathML in Google Chrome which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Access Restriction Bypass
chromium is vulnerable to Access Restriction Bypass. The vulnerability exists due to inappropriate implementation in Extensions in Google Chrome which allows a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page...
Heap Buffer Overflow
chromium is vulnerable to Heap Buffer Overflow. The vulnerability exists in the PrintPreview of the library, which allows an attacker to convince user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
Spoofing Attack
chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in URL Formatting of the library, allowing an attacker to perform domain spoofing via a maliciously crafted HTML page...
Use After Free
chromium is vulnerable to Use After Free. The vulnerability exists in the Media of the library, allowing an attacker to perform arbitrary read/write via a maliciously crafted HTML page...
Improper Access Control
chromium is vulnerable to Improper Access Control. The vulnerability exists due to incorrect security UI in Notifications in Google Chrome on Androidwhich allows a remote attacker to obscure the full screen notification via a crafted HTML page...
Heap-based Buffer Overflow
wireshark is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to failure in validating the length provided which allows an attacker to execute arbitrary codes using a crafted RTPS packet causing an application crash...
Heap-based Buffer Overflow
wireshark is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to failure in validating the length provided which allows an attacker to execute arbitrary codes using a crafted IEEE-C37.118 packet...
Heap-based Buffer Overflow
wireshark is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to failure in validating the length provided which allows an attacker to execute arbitrary codes using a crafted MSMMS packet...
Improper Access Control
gitlab is vulnerable to Improper Access Control. The vulnerability allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...
Improper Authorization
gitlab is vulnerable to Improper Authorization. The vulnerabiltiy allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of...
Cross-site Scripting (XSS)
gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the project settings page, allowing an attacker to inject and execute malicious javascript...
Improper Access Control
gitlab is vulnerable to Improper Access Control. An attacker could exploit this vulnerability by sending a specially crafted request to the GitLab server. This request would allow the attacker to perform any action that is allowed for the group or project, even if they do not have permission to...
Improper Authorization
gitlab is vulnerable to Improper Authorization. This vulnerability allows project members to manage issues in the error tracking feature if they are assigned the reporter role...
Open Redirect
gitlab is vulnerable to Open Redirect. The vulnerability exists due to the lack of sanitization in the user input URLs, which allows an attacker to redirect users to malicious locations...
Information Disclosure
gitlab is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by sending a specially crafted request to the GitLab server. This request would allow the attacker to leak the names of all Conan packages on the server, even if they do not have permission to access the...
Improper Authorization
monit is vulnerable to Improper Authorization. This vulnerability occurs due to the improper PAM-authorization, resulting in remote malicious attackers gaining escalated privileges...
Information Disclosure
gitlab is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by sending a specially crafted GraphQL query to the GitLab server. This query would allow the attacker to enumerate the usernames of all users on the server, even if they do not have an account...
Remote Code Execution (RCE)
gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of an authorization mechanism in the library, which allows an attacker to import maliciously crafted projects, injecting and executing malicious code...
Denial Of Service (DoS)
gitlab is vulnerable to Denial Of Service DoS. An attacker can cause an application crash by uploading a maliciously crafted Helm chart...
Open Redirection
gitlab is vulnerable to Open Redirection. An attacker can redirect users to malicious URLs through the HTTP response splitting in the NPM package API...
Cross-site Scripting (XSS)
gitlab is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute malicious javascript through the email address for certain instances...
Out-of-bounds Read
samba is vulnerable to Out-of-bounds Read. The vulnerability is found within 'winbinddpamauthcrap.c' and occurs due to insufficient length checks resulting in a malicious request to trigger an out-of-bounds read...
Improper Access Control
samba is vulnerable to Improper Access Control. The vulnerability exists due to improper check attribute access rights for LDAP adds of computers which allows an attacker to perform unauthorized actions...
Arbitrary Code Execution
firefox-esr is vulnerable to Arbitrary Code Execution. The issue results in firefox users not being warned about it including malicious code within it...
Unsafe Reflection
thunderbird is vulnerable to Unsafe Reflection. This results in possible spoofing attacks since the website obscures fullscreen notifications using a URL scheme handled by an external program...
Information Disclosure
firefox is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website or by opening a malicious attachment. If the user is using a vulnerable version of Firefox, the attacker could execute arbitrary code on the user's...
URL Spoofing
firefox is vulnerable to URL Spoofing. This occurs due to the use of RTL Arabic characters within the address bar which could lead to URL spoofing...
Use-After-Free
firefox is vulnerable to Use-After-Free. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website or by opening a malicious attachment. If the user is using a vulnerable version of Firefox, the attacker could execute arbitrary code on the user's system. Th...
Out-of-bounds Write
firefox-esr is vulnerable to Out-of-bounds Write. The vulnerability occurs due to memory corruption leading to a malicious attacker to run arbitrary codes...
Spoofing Attacks
firefox is vulnerable to spoofing attacks. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website. If the user is using a vulnerable version of Firefox and enters full-screen mode, the attacker could prevent the user from exiting full-screen mode. This...
Out-of-Bounds Write
firefox is vulnerable to Out-of-Bounds Write. An attacker could exploit this vulnerability to execute arbitrary code on a victim's system, which could allow the attacker to steal data, install malware, or take control of the system. This could have serious consequences for the victim, such as...
Improper Authorization
gitlab is vulnerable to Improper Authorization. An attacker could exploit this vulnerability to obtain the public fingerprint and name of a Deploy Key for a public project. This information could then be used to impersonate the project owner and deploy malicious code to the project...
Improper Session Handling
fusiondirectory is vulnerable to Improper Session Handling. The vulnerability exists due to lack of validations in fusiondirectory package which allows an attacker to reuse old session credentials or session IDs for authorization...
Improper Access Control
gitlab is vulnerable to Improper Access Control. The vulnerability exists due to a lack of validated access control, which allows an attacker to use social engineering to bypass the security controls...
Cross-site Scripting (XSS)
fusiondirectory is vulnerable to Cross-Site Scripting XSS attacks. The attack exists due to insufficient sanitations in the response body which allow adding unauthorized headers via the request payload...
Information Disclosure
dogecoin is vulnerable to Information Disclosure. An attacker could exploit this vulnerability to steal a user's Bitcoin by obtaining their wallet.dat file. This could be done by causing the Bitcoin Core software to crash, and then extracting the wallet.dat file from the core dump file...
Improper Input Validation
chromium is vulnerable to Improper Input Validation. The vulnerability exists due to the lack of user input validation in the Extensions of the library, which allows an attacker to convince user to install a malicious extension to access local files via a crafted Chrome Extension...
Use After Free
chromium is vulnerable to Use After Free. The vulnerability exists in the DevTools in the library, which allows an attacker to convince user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...
Policy Bypass
chromium is vulnerable to Policy Bypass. The vulnerability exists in the Blink of the library. allowing an attacker to bypass content security policy via a maliciously crafted HTML page...
Use After Free
chromium is vulnerable to Use After Free. The vulnerability exists in the Blink of the library, which allows an attacker to arbitrary read or write via a maliciously crafted HTML page through the renderer process...
Use After Free
chromium is vulnerable to Use After Free. The vulnerability exists in the Blink of the library, which allows an attacker to arbitrary read or write via a maliciously crafted HTML page...
Spoofing Attack
chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the improper implementation in Cast UI of library, allowing an attacker to spoof browser UI via a maliciously crafted HTML page...