3433 matches found
PT-2021-16349
Name of the Vulnerable Software and Affected Versions: The Registrations for the Events Calendar WordPress plugin versions prior to 2.7.5 Description: The issue concerns a Reflected Cross-Site Scripting problem. It arises because the v parameter is not properly escaped before being outputted back...
Access Control Bypass
Overview latte/latte is an intuitive and fast template engine for those who want the most secure PHP sites. Introduces context-sensitive escaping. Affected versions of this package are vulnerable to Access Control Bypass. There is a way to bypass allowFunctions that will affect the security of th...
CVE-2021-41281
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...
PT-2021-23224 · Rubygems · Rails Multisite
Name of the Vulnerable Software and Affected Versions: rails multisite versions prior to 4 Description: The issue impacts Rails applications using rails multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an...
PT-2021-23169 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.0 through 2.6.0 TensorFlow versions 2.5.0 through 2.5.1 TensorFlow versions 2.4.0 through 2.4.3 Description: TensorFlow allows tensors to have a large number of dimensions and each...
PT-2021-23259 · Atlassian · Jira
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.13.12 Description: The issue allows anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the...
PT-2021-23142 · Snudown · Snudown
Name of the Vulnerable Software and Affected Versions: Snudown versions prior to 1.7.0 Description: Snudown, a reddit-specific fork of the Sundown Markdown parser, is vulnerable to denial of service attacks due to its reference table implementation. The hash table used for references written in...
CVE-2021-41124
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...
PT-2021-15291 · Unknown · Revive Adserver
Name of the Vulnerable Software and Affected Versions: revive-adserver versions prior to 5.3.0 Description: The issue is related to the generation of session IDs, which is based on the cryptographically insecure uniqid PHP function. This could potentially allow an attacker to brute force session...
CVE-2021-39229
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin which just comes out of the box are subject to a denial of service attac...
UBUNTU-CVE-2021-32839
sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. On...
Insecure Randomness
Overview otp-generator is an One time password generator Affected versions of this package are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack. Remediation Upgrade otp-generator to version 3.0.0 or higher. References ...
Server-side Request Forgery (SSRF)
Overview ssrf-agent is a prevent SSRF in https request Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private. PoC by Sayooj B Kumar // run a service on your localhost con...
Arbitrary File Upload
Overview plupload is a Plupload is JavaScript API for building file uploaders. It supports multiple file selection, file filtering, chunked upload, client side image downsizing and when necessary can fallback to alternative runtimes, like Flash and Silverlight. Affected versions of this package a...
mod_auth_openidc 输入输入验证错误漏洞
modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server, used as an OpenID Connect dependency to authenticate users according to the OpenID Connect provider. modauthopenidc is an authentication/authorization module for the Apache 2.x...
UBUNTU-CVE-2021-39163
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable...
Open Redirect
Overview clearance is an authentication app for rails. Affected versions of this package are vulnerable to Open Redirect. The vulnerability can be possible when users are able to set the value of session:returnto. If the value used for returnto contains multiple leading slashes /////example.com t...
PT-2021-14724 · Jenkins · Jenkins Nomad Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin versions 0.7.4 and earlier Description: The issue allows Docker passwords to be stored unencrypted in the global config.xml file on the Jenkins controller. These passwords can be viewed by users with access to the Jenkins...
UBUNTU-CVE-2021-39150
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...
AZL-7253 CVE-2021-37714 affecting package jsoup 1.11.3-3
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...