CVE List for June 2018 (1783 vulnerabilities)

psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine ...

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as use...

Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject...

Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via...

Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick ...

Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly,...

Hue 3.12 has XSS via the /pig/save/ name and script parameters.

Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.

Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dash...

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leadin...

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lo...

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-...

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated admi...

Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server ...

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 ...

Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack.

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send so...

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation...

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation...

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient valid...

An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted n...

An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network...

An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted n...

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious ...

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored ...

Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafte...

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP respons...

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attac...

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to caus...

ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.

MODX Revolution 2.6.3 has XSS.

AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted syst...

There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient ...

Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url para...

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content param...

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhan...

Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.

The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's...

XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in dir...

apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, whic...

Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which le...

Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It m...

Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable ...

nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be pos...

Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloa...

closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. I...

closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM ...

libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HT...

wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be...

nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the req...

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP,...

jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may...

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to...

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM...

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect do...

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It ma...

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause re...

air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be po...

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to M...

dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM ...

grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves ...

openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, ...

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attac...

chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM at...

unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulne...

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possibl...

curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vul...

openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it v...

box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)...

node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it v...

fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM at...

nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM att...

macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves...

selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources ov...

headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary reso...

mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may ...

selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, whi...

nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It ma...

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable ...

apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulne...

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM at...

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM at...

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows mal...

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into...

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token By...

Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and bl...

Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.

Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to ...

In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the co...

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).

Yosoro 1.0.4 has stored XSS.

Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileg...

An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive...

An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be u...

Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device throu...

Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNE...

Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products usi...

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to ki...

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain rea...

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-1144...

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.

An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /...

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes ...

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be...

An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an ...

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leverage...

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which c...

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be...

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven app...

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math...

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely obser...

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible t...

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the...

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Sit...

soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ot...

A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors in...

Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauth...

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseN...

Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host pla...

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20....

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 o...

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Buil...

grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. ...

haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to...

js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be poss...

redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be p...

node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be poss...

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possibl...

jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It...

slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves ...

grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. I...

resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which l...

node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possib...

marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, ...

frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (R...

webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MI...

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which le...

xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to...

sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks...

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP,...

co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may...

fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves ...

phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. I...

tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be p...

wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM...

mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable t...

herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it v...

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It m...

libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may...

soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swap...

windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable...

mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks....

cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks...

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks....

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM...

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM att...

google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest dow...

serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible ...

arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swappin...

healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable t...

pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. I...

fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It ma...

windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, wh...

Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to...

The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulne...

openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, ...

windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnera...

haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be pos...

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM att...

alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resource...

IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to ...

The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.

IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthor...

The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, w...

windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which le...

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources ov...

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF ...

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing s...

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of a...

html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, b...

Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jos...

i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, u...

ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS i...

hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception ...

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the serve...

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not...

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in cer...

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability.

Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script...

GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scrip...

Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands v...

uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do th...

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and ear...

Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to ev...

The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning ...

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerabilit...

Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memo...

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptograp...

hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and ear...

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creati...

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random(...

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.c...

`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an at...

`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.

`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It ma...

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrar...

Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the ...

`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated...

An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A spe...

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted...

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and s...

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an ...

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys...

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and s...

nZEDb v0.7.3.3 has XSS in the 404 error page.

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the...

The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure ...

plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found ...

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found ...

An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found...

An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was foun...

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authentica...

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RS...

Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in informat...

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked proc...

The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of servi...

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker ...

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manag...

Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a c...

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject ...

Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary we...

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access co...

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code publishe...

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Pa...

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to...

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properl...

There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some spe...

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate...

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be ach...

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that ...

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted C...

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.j...

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers wi...

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Ove...

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with ...

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that a...

A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in s...

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/R...

A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read...

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows ...

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java tha...

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and...

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and...

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and...

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.

Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web sc...

QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the set...

A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allow...

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.ja...

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows maliciou...

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users ...

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/gl...

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with...

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows att...

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers ...

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to ...

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-...

XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct ...

Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant executio...

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launch...

SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php.

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to dele...

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. T...

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive inform...

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that coul...

IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remo...

Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an inten...

In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow ...

In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the con...

In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized ac...

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose i...

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF ad...

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, do...

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, do...

In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented...

A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Androi...

Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD An...

While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD An...

Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in al...

Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF ...

An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can...

Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for M...

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an in...

A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases fr...

A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE...

In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow ...

mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. Ther...

node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to th...

list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issu...

tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by ...

ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a...

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire ...

serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "....

xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the f...

Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesy...

cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placin...

iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing...

serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by ...

serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by pl...

tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2...

The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the ...

dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.

serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by pl...

serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placin...

citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...

pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem b...

easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../"...

weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to...

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulner...

The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can b...

The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop f...

The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when spec...

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted unt...

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of serv...

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service whe...

liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attack...

cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in ...

welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to t...

rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to...

The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user in...

The module pandora-doomsday infects other modules. It's since been unpublished from the registry.

The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that bec...

exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access t...

unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ".....

simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the f...

goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by ...

serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't suppor...

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k c...

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. A...

lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" i...

lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ...

infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesy...

myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesys...

sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by plac...

mockserve is a file server. mockserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in th...

shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" i...

serve46 is a static file server. serve46 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in...

zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by plac...

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent v...

static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesyst...

earlybird is a web server module for early development. earlybird is vulnerable to a directory traversal issue, giving an attacker access to the files...

fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an ...

myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker a...

dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

caolilinode is a simple file server. caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ...

11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

shenliru is a simple file server. shenliru is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in...

desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in ...

calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to th...

byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ...

hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to...

utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker ...

whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" i...

ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ".....

jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesyste...

chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" i...

intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "...

dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ...

serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ...

scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an att...

uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by pl...

360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem...

open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesys...

reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...

sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" i...

dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "....

cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem b...

mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the u...

picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the ...

pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by p...

qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ i...

susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "....

zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.

dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ".....

enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" i...

jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placin...

lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" ...

tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by pla...

fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to...

dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ...

yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in t...

wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in t...

yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in ...

nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../...

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain...

aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (t...

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the glo...

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very la...

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which a...

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious us...

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of an...

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious u...

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.

connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middlewa...

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modif...

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modi...

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith fun...

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modif...

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to mo...

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to re...

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any ...

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any fi...

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content...

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content ...

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of...

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, ...

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory lea...

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that cou...

A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfac...

A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shel...

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affect...

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, ...

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multipl...

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their p...

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain...

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to g...

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute a...

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invoc...

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modif...

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent La...

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary ...

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in pro...

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify pac...

libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain windo...

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute mali...

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper...

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal w...

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.

External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential infor...

In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which c...

In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which coul...

In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which co...

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/"...

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an a...

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.

content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arb...

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software co...

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) S...

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, ...

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN s...

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for ...

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to v...

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate ...

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local atta...

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to condu...

A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker t...

A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local at...

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)...

A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-...

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack aga...

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack aga...

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution...

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution...

An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially cons...

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfil...

DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and ...

xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.

A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_...

A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /port...

Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.

Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values us...

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as d...

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversa...

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.

Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_g...

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.

Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by...

tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.

A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (exec...

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SU...

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arb...

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitra...

IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and i...

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automa...

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users t...

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attack...

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authen...

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on ...

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on ...

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on ...

A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive...

BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expression...

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This...

The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allow...

The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or ...

The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 ...

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without t...

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local at...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allo...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows at...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to...

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows atta...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It al...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchO...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" comp...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud ...

An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attac...

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS befo...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchO...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to g...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to ga...

An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" ...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" co...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchO...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" compon...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attac...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It all...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It al...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attacke...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchO...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attacker...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchO...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximat...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically pro...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchO...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchO...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attacker...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchO...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affe...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" comp...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchO...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attacker...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers ...

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximat...

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to ...

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_P...

The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof t...

Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-1144...

S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old version...

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and applica...

The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorize...

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric...

There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via m...

tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.

tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.

Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via ...

A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod para...

Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.

md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block.

An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of servic...

An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows re...

portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.

Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the ...

md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly...

A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases ...

The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 sp...

The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parame...

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externaliz...

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes v...

The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 s...

The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from ...

The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externaliza...

The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) fr...

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet E...

Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agen...

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DL...

Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially craft...

A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox...

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This is...

Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that so...

Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with ...

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefo...

During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local f...

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability...

This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozill...

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulner...

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects...

A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new pag...

A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only....

A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant fo...

Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profi...

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform...

The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location b...

A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vuln...

Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < ...

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operatio...

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's brow...

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issu...

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox <...

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS...

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This ...

An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10...

Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input ...

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in ...

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting ...

Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort tha...

Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort t...

A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentiall...

Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerabilit...

Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Fir...

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. ...

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Fir...

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Fi...

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow...

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-sav...

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows...

Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be...

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This c...

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and T...

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that wit...

Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that ...

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thun...

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This v...

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash ...

Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51.

A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < ...

The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowi...

Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal informa...

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing ...

Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than...

Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to pot...

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclo...

The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>"...

A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time...

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests ...

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allo...

Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found ...

Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption...

The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow mali...

A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript event...

Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of vie...

A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from m...

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for th...

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort t...

Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that so...

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. ...

A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable...

A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. Th...

When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-...

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This ...

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefo...

A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. T...

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted use...

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potentia...

The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback paramet...

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is manag...

A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed...

A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird <...

A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.

The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to informa...

An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and furthe...

In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulne...

When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the display...

An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of rand...

If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown throug...

A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to...

A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is curren...

If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hy...

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some dat...

On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be app...

A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local a...

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extens...

Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory cor...

Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we pre...

A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thu...

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation contr...

A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thu...

A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially explo...

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. ...

A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a poten...

A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. Th...

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading...

A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affe...

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerabi...

An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox E...

A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This ...

A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow ...

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable ...

An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an att...

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gec...

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability...

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, maki...

A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect...

Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable ...

A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" e...

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file p...

The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulne...

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for ...

When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be social...

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Fi...

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a ...

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The...

Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of t...

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory ...

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being...

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the relo...

A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability af...

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash w...

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ...

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with ...

Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that so...

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree...

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This v...

A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been r...

A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54,...

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. T...

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects T...

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox...

The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows pri...

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially ex...

A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results ...

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vul...

Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of lo...

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original fi...

The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with cr...

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing ...

Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name sp...

Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rende...

The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the We...

An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance ...

The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, ...

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the se...

A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This wo...

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uniniti...

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we...

Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that so...

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFIN...

An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Not...

If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal pr...

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in...

A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially ex...

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. T...

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top l...

When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Se...

If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Secu...

On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied...

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigat...

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). T...

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potenti...

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only h...

On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The p...

Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header name...

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, th...

JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is no...

A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished....

A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is fr...

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due ...

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforce...

The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write ar...

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases...

A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exp...

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed ...

A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the or...

A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This ...

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with ...

Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that so...

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to o...

Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually resul...

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature a...

On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the...

WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavio...

A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. Thi...

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through t...

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from ...

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content ca...

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific ...

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D...

The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-orig...

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect val...

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for dom...

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with ...

Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that so...

A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This res...

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not di...

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data thef...

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy ob...

The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the ...

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font...

A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy includin...

Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS ...

The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows...

SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.

Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode displ...

Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScri...

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exp...

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of...

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB s...

A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which p...

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due t...

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the...

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with ...

Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that so...

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable cr...

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread w...

A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnera...

A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uni...

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results...

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerabi...

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content d...

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentia...

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, res...

A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This...

A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This ...

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This ...

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitabl...

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploi...

WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with l...

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when ...

The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing pro...

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the priv...

An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request...

If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible wit...

When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site t...

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requireme...

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly...

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document i...

If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded fore...

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious ex...

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the di...

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was...

The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allo...

Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationali...

A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-o...

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with ...

Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that so...

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vuln...

A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentia...

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow f...

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. Th...

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache head...

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malic...

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It ...

WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that o...

WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this sho...

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vul...

A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a ...

A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside...

Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow fo...

A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. ...

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly dis...

URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a ...

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affect...

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some...

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1...

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vul...

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counte...

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we...

Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that so...

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic ...

If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read w...

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable...

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash...

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the...

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file...

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-...

WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC enc...

Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunde...

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thu...

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data res...

Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This cou...

In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Fl...

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access c...

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyp...

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could ...

If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a ...

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment ...

The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feed...

The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used...

In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not ...

A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website co...

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious...

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow ...

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requir...

A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited ...

If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local fil...

If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local ...

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and ...

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird ...

Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird ...

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is...

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability ...

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert befo...

An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sen...

Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to injec...

In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket fi...

In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice...

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will ...

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be...

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one choos...

Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated us...

Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before ...

An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in ke...

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does n...

An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in...

Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. A...

Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user i...

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the...

Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be re...

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected ar...

Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft ...

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_m...

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind ...

Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore...

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthor...

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vuln...

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installation...

The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or ...

router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20i...

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter.

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter.

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.

An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root u...

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can...

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full s...

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the ...

An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.

Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Fire...

Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android...

The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handle...

In the camera driver, an out-of-bounds access can occur due to an error in copying region params from user space in all Android releases from CAF (And...

In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp...

Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow...

In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condit...

While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android relea...

improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from...

In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_p...

In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can ...

Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, ...

An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for ...

In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Ke...

In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (And...

Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS f...

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len...

Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kern...

Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from ...

portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.h...

Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.

system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.

acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an s...

A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2....

xowl/request.php in Ximdex 4.0 has XSS via the content parameter.

The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.

The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Ed...

The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Editi...

The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a mali...

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS.

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation A...

A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command t...

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the S...

private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses no...

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSucces...

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4...

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11,...

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4...

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allo...

The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and ...

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker c...

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.

There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.

There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier...

Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to cir...

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node ...

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node proces...

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when read...

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vu...

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code...

The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe...

OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a ...

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote at...

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code be...

ArticleCMS through 2017-02-19 has XSS via an "add an article" action.

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention...

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash...

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending num...

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00....

Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows ...

OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run ar...

An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. B...

An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can e...

An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. ...

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing ...

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not comp...

An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full in...

Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web scr...

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of ...

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the st...

An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication ...

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.

Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue.

An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affec...

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu...

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulner...

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windo...

A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial...

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerab...

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerab...

A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka "Internet Explorer S...

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Discl...

An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Ele...

An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "...

An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka "WEBDAV Denial of Service Vulnerabi...

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session...

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affect...

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosur...

An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Brid...

An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Wi...

A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." Thi...

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session...

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session...

A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." Thi...

An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Brid...

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session...

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session...

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session...

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use...

An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor ...

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session...

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Pr...

A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windo...

A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests...

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scri...

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scri...

A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote...

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation ...

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vu...

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feat...

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerab...

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Inform...

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory C...

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation ...

A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiati...

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information ...

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Mi...

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft ...

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu...

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption V...

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affec...

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affec...

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin...

Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker...

Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbi...

Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attack...

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via ...

Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to injec...

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite lo...

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIP...

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch f...

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch fami...

Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST requ...

Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, ...

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data...

The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of ...

An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious ...

IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.

In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.

On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16....

SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).

JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output...

cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To...

LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Numbe...

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or R...

wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number ...

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To dis...

The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the H...

MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To d...

BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To dis...

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disable...

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a he...

expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.

IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code wh...

IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used ...

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticat...

Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to vi...

An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violatio...

An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assert...

libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to M...

A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Lin...

In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using th...

Chevereto Free before 1.0.13 has XSS.

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/ex...

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/e...

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer O...

The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User pas...

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading...

PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.

An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/l...

An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/...

The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over...

spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.

User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, ...

In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be ...

If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, F...

The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev1...

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/upd...

Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax e...

XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.p...

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev2...

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev2...

The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev...

Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allow...

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 bef...

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev2...

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could...

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10....

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it...

Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.

tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.

tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.

Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via ...

The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publi...

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privile...

PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle a...

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the i...

index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL.

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning.

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via comprom...

Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise...

Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a c...

Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relev...

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtu...

Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipula...

Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH acce...

Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential co...

Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulat...

Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 becaus...

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2,...

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to repl...

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation:...

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upo...

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passe...

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.

An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a...

An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interf...

Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post c...

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execu...

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java ...

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker ...

In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access o...

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle ...

An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory ...

An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulner...

A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.

An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of servi...

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with sp...

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands...

An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially cra...

An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.

An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.

A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.

A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a speciall...

Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.

An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buff...

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buf...

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be ...

An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreacha...

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insuffic...

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via direct...

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file...

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forwa...

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any f...

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will...

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote c...

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An ...

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an at...

There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified o...

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['u...

An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.

An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php.

SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$tx...

The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInter...

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attack...

Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories...

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and applic...

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary m...

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an infor...

The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or poss...

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read)...

The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or p...

The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an informatio...

The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to c...

The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information ...

The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attacke...

The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an informat...

The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an informat...

The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an i...

The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (he...

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior...

WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free fo...

An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application...

Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1...

ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/Cloud...

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer....

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer....

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer....

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer....

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer....

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer....

FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled b...

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish mess...

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authen...

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manip...

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the...

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the a...

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chose...

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line argum...

A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the co...

Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or...

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges vi...

The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to...

Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack th...

CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged user...

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs i...

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of iss...

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command inj...

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cr...

In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0....

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-h...

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.

In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.

There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other imp...

The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may all...

GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote a...

A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent att...

A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands tha...

A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure a...

A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a...

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management inte...

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker...

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected d...

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker...

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker...

A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote at...

A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an ...

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buff...

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authentic...

A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) an...

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to ca...

A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent att...

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker...

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an aff...

A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in s...

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker...

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker...

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the manageme...

A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vuln...

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary...

A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remo...

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an u...

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Se...

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an una...

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker t...

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct ...

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) co...

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop ...

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, ...

Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their...

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent...

A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would...

Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier ...

Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET u...

RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operation...

RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenti...

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not s...

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing...

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does n...

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.

Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has c...

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can u...

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vul...

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to i...

NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.

Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.

Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutili...

An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user da...

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html...

CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.

An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling ...

Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote ...

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a cli...

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.

An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP m...

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.

NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated us...

Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= U...

Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords...

Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI.

Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= U...

Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.

SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.

The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs pag...

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String...

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec end...

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession detai...

Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information D...

tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.

tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in ...

Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacte...

Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of ...

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.

mao10cms 6 allows XSS via the m=bbs&a=index page.

mao10cms 6 allows XSS via the article page.

The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted...

The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port...

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as ...

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka ...

finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified ot...

GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by...

DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).

DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.

An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, w...

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON d...

The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to ste...

The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal ass...

The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to caus...

The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used...

The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that coul...

The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used...

The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be use...

The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause fin...

The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the...

The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allow...

The mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, wh...

The mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allo...

The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows t...

The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which al...

The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows ...

Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service....

IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the ...

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-doma...

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 exce...

Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An at...

A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker ...

SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main....

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php...

Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resu...

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id...

Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users ...

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it clo...

In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastruct...

An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array l...

Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified ve...

Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unsp...

Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.

Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Det...

Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'Syst...

Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unsp...

Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRU...

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified ve...

Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecifie...

Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors...

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS c...

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticat...

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to uploa...

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restrict...

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a cont...

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers t...

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail fo...

IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspe...

Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecif...

Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecifi...

Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an uns...

Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecif...

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain pri...

Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an ...

Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via...

Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script o...

Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspeci...

Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.

Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vect...

SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecifie...

Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified ...

Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspe...

Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code ...

The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof ...

Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecifie...

Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This...

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can se...

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0....

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfe...

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This ...

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This att...

Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Acc...

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allo...

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums withou...

Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP fil...

Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody...

Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metro...

WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify us...

WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do ...

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could al...

WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of ser...

WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain t...

Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow...

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSu...

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxe...

ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.v...

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many template...

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget...

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clien...

aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp...

ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() t...

BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerabilit...

topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71...

miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote de...

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure ...

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploi...

Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and r...

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password for...

Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerab...

inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can res...

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user c...

klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can...

Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance w...

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to re...

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vuln...

Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can res...

Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-...

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM e...

LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XM...

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information dis...

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated ...

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary f...

Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information dis...

coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to acces...

Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of ...

Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote ...

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that ...

Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack...

Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to b...

Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal res...

Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. Thi...

WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An ...

OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that ...

OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An ...

qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history co...

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented wi...

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows...

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers wit...

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to imper...

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, J...

A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that al...

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidato...

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall...

A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to co...

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker ...

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java tha...

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, ...

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to exec...

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from c...

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash...

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.

An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.

An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.

An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.

ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options...

A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF)...

A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS)...

A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for admin...

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens H...

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens H...

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), coul...

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), coul...

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), coul...

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current langua...

An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" functio...

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafte...

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS...

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, whic...

An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecti...

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker t...

A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a netwo...

A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a netwo...

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file pe...

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4,...

In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site.

In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the V...

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, pote...

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version...

joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions.

In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any...

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition whi...

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw t...

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct re...

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) vi...

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Pl...

The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multip...

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Pl...

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't matc...

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/ope...

In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.

A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directo...

In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.

In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.

In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c.

In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.

In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive in...

An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X...

IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in...

IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certifi...

IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exc...

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user con...

Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to ...

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allow...

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker...

On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that...

Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7.

Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basi...

Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_infor...

Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet...

BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.

Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.

Baseon Lantronix MSS devices do not require a password for TELNET access.

Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/l...

Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/s...

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows...

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by ...

Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.

In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs...

ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly caus...

ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write a...

ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a d...

PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspeci...

PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified ot...

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM...

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code vi...

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows re...

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.

An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and the...

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.

Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-se...

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by r...

Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.

An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface.

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_passwo...

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inje...

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before buil...

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before b...

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web ser...

An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Priva...

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attacke...

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `in...

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.

An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain ch...

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain ch...

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain ch...

WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate.

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure,...

Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftC...

Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure...

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted ...

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to e...

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated re...

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authe...

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php...

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an ...

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/d...

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths whi...

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Type.

An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-...

phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.

Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script ...