GHSA-M836-GXWQ-J2PM Improper Access Control in github.com/treeverse/lakefs

Impact 1. medium A user with write permissions to a portion of a repository may use the S3 gateway to copy any object in the repository if they know its name. 1. medium A user with permission to write any one of tags, branches, or commits on a repository may write all of them. 1. low A user with...

CVE-2021-40542

creationtimestamp| type| source ---|---|--- 2021-10-11 16:23:31+00:00| seen| https://t.me/cibsecurity/30335 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-40542.yaml...

Exploit for Path Traversal in Apache Http_Server

Apachuk - CVE-2021-41773 Grabber with Shodan Grabber Apache Di...

CVE-2021-30175

creationtimestamp| type| source ---|---|--- 2021-09-21 06:42:48+00:00| published-proof-of-concept| https://t.me/pwnwikizhchannel/153 2023-04-27 17:01:53+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-30175.yaml...

Wrong type for `Linker`-define functions when used across two `Engine`s

Impact As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of...

CVE-2021-37416

creationtimestamp| type| source ---|---|--- 2021-08-30 22:32:38+00:00| seen| https://t.me/cibsecurity/28023 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-37416.yaml...

CVE-2021-37538

creationtimestamp| type| source ---|---|--- 2021-08-24 16:23:27+00:00| seen| https://t.me/cibsecurity/27767 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-37538.yaml 2024-01-16 07:48:45+00:00| seen|...

GHSA-H563-XH25-X54Q Workflow re-write vulnerability using input parameter

Impact Allow end-users to set input parameters, but otherwise expect workflows to be secure. Patches Not yet. Workarounds Set EXPRESSIONTEMPLATES=false for the workflow controller References https://github.com/argoproj/argo-workflows/issues/6441 For more information If you have any questions or...

Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft

Last month, we introduced the SimuLand project to help security researchers around the world deploy lab environments to reproduce well-known attack scenarios, actively test detections, and learn more about the underlying behavior and implementation of adversary techniques. Since the release of th...

CVE-2021-32789

creationtimestamp| type| source ---|---|--- 2021-07-26 20:11:30+00:00| seen| https://t.me/cibsecurity/26495 2021-10-28 11:07:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/4617 2023-04-27 09:58:59+00:00| confirmed|...

Ian Dunn: Multiple server ssh usernames leaked in your github repository

hi security team,while searching on github,I have found multiple ssh usernames that belongs to your organization are exposed in the organization github repository STEPS TO REPRODUCE:- 1.Go to this repository. you will see the leaked multiple server ssh usernames...

CVE-2021-28164

creationtimestamp| type| source ---|---|--- 2021-07-15 20:26:58+00:00| seen| https://t.me/cibsecurity/26189 2021-09-02 09:51:47+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/491 2021-11-12 18:09:42+00:00| seen|...

MCUboot: private keys exposed on the GitHub repository

Summary: When I searched Github for sensitive information I found some privet key in GitHub repository. these are private RSA key and private server key, which could be used for unauthorized access. Steps To Reproduce: VISIT THESE LINKS: Repository : EX:...

Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration Exploit

Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration Exploit Author: Ricardo Ruiz @ricardojoserf CVE: CVE-2021-31159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159 Vendor Homepage: https://www.manageengine.com Vendor Confirmation:...

CVE-2021-34370

creationtimestamp| type| source ---|---|--- 2021-06-15 01:16:14+00:00| seen| https://t.me/pwnwikizhchannel/648 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-34370.yaml...

CVE-2021-3017

creationtimestamp| type| source ---|---|--- 2021-05-07 08:28:28+00:00| seen| https://t.me/pwnwikizhchannel/367 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-3017.yaml...

RUSTSEC-2021-0064 `cpuid-bool` has been renamed to `cpufeatures`

Please use the cpufeatures crate going forward: There will be no further releases of cpuid-bool...

cumulative-distribution-function Infinite Loop vulnerability

Impact Apps using this library on improper data may crash or go into an infinite-loop In the case of a nodejs server-app using this library to act on invalid non-numeric data, the nodejs server may crash. This may affect other users of this server and/or require the server to be rebooted for prop...

Sifchain: ETHEREUM_PRIVATE_KEY leaked

Summary: I found below private key for ethereum wallet leaked via public code in github repository ETHEREUMPRIVATEKEY="c87509a1c067bbde78beb793e6fa76530b6382a4c0241e5e4a9ec0a0f44dc0d3" Steps To Reproduce: You can find private key via below link :...

Exploit for Incorrect Authorization in Moodle

Python script to exploit CVE-2020-14321https://moodle.org/mod...