734 matches found
destination-nz.com Cross Site Scripting vulnerability
Security Researcher MrRain1996 Helped patch 915 vulnerabilities Received 4 Coordinated Disclosure badges Received 9 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting destination-nz.com website and its users. Following...
Denial Of Service (DoS)
github.com/docker/cli is vulnerable to denial of service. The vulnerability exists as it was possible to cause the billion laughs attack through parsing a malicious yaml file causing an application crash...
HTTP Request Smuggling
github.com/golang/go is vulnerable to HTTP request smuggling. The vulnerability exists as invalid HTTP/1.1 headers were accepted and normalized with a space before the colon, allowing a reverse proxy to interpret the headers differently...
Denial Of Service (DoS) Via Settings Flood
github.com/grpc/grpc-go is vulnerable to denial of service DoS attacks. The attack can be triggered by sending a flood of settings by a HTTP/2 peer, leading to an excessive data queue and causing high CPU and resource consumption...
Information Disclosure
github.com/wtfutil/wtf is vulnerable to information disclosure. The permissions of config.yml is not set. This allows local attackers to access the file and retrieve confidential information such as passwords or API keys if permissions are incorrectly configured or configured with unsafe OS...
Authorization Bypass
github.com/golang/go is vulnerable to authorization bypass. The vulnerability exists as URL.Parse incorrectly parses host and port when given malformed URLs...
Arbitrary File Write
github.com/mholt/archiver is vulnerable to arbitrary file write attacks. The vulnerability exists as the library does not properly sanitize the destination filepath when extracting archived files, allowing a malicious user to extract files to an arbitrary filepath and overwrite files...
keystone/fuzz_asm_x86_64: Bad-cast to llvm_ks::X86OperandX86AsmParser::MatchAndEmitATTInstruction in AsmParser::parseStatement
Detailed report: https://oss-fuzz.com/testcase?key=5121855985287168 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmx8664 Fuzz target binary: fuzzasmx8664 Job Type: libfuzzerubsankeystone Platform Id: linux Crash Type: Bad-cast Crash Address: 0x00000210d120 Crash State: Bad-cast to...
Information Disclosure
github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability exists as the in-memory cache that exists on performance standby nodes is not purged if a mount filter was used to exclude the secondary cluster. This allows an attacker to retrieve mount configuration data whic...
Stored Cross-site Scripting (XSS)
github.com/go-gitea/gitea is vulnerable to stored cross-site scripting XSS. It does not escape the description in DescriptionHTML function, allowing the attacker to inject malicious HTML through it...
Timing Attack
github.com/youtube/vitess is vulnerable to timing attack. The usage of an insecure password comparison function entry.Password == password in vitess/go/mysql/authserverstatic.go allows a remote attacker to determine a user's password by analyzing the server response. This is due to early aborting...
robinbhandari FTP Remote Denial Of Service Exploit
Title: CVE-2019-9668 robinbhandari FTP remote DoS vulnerability Vulnerable: - https://github.com/rovinbhandari/FTP Description: robinbhandari is a open source tiny ftp server/client in github.com. it has a remote DoS vulnerability in a 'put' command. Timeline: 2019-03-11 CVE-2019-9668 robinbhanda...
Denial Of Service (DoS)
github.com/miekg/dns is vulnerable to Denial Of Service DoS. A null pointer dereference in the setTA function in scanrr.go causes a denial of service condition when dns.ParseZone parsing error occurs, allowing an attacker to deny service to users...
Privilege Escalation
github.com/hashicorp/consul is vulnerable to privilege escalation. In an unusual circumstance, a client is able to bypass access restrictions to obtain higher privileges within secondary datacenters using a secret token...
Cross-site Scripting (XSS)
github.com/ory/hydra is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not escape the errorhint parameter in the default error handler, allowing the attacker to inject arbitrary script through it...
Denial Of Service (DoS)
crypto/elliptic in github.com/golang/go is vulnerable to denial of service DoS. The attack exists because it introduces a long busy loop in subtraction term for the implementation of P-521 and P-384 elliptic curve cryptography algorithms which allows malicious input through TLS handshakes, X.509...
Denial Of Service (DoS)
github.com/moby/moby is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of validation of cpuset-mems or cpuset-cpus, where a memory exhaustion could occur with a large integer...
Authentication Bypass
github.com/grafana/grafana is vulnerable to authentication bypass. An attacker is able to generate a valid remember me cookie via the Login function with only the username of a user without a local Grafana password LDAP & OAuth users and gain access to the application...
Remote Code Execution (RCE)
github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...
Remote Code Execution (RCE)
github.com/golang/go is vulnerable to remote code execution RCE. If custom domains are used, a malicious user can set a domain example.com/proj1 to point to a subversion repository and another domain example.com/proj1/proj2 to point to a git repository. When the go get command is run, arbitrary...