Lucene search
K

6348 matches found

OSV
OSV
added 2021/10/13 7:39 p.m.6 views

MGASA-2021-0475 Updated golang packages fix security vulnerability

The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...

9.8CVSS7.6AI score0.10299EPSS
Exploits0References7
Mageia
Mageia
added 2021/10/13 7:39 p.m.74 views

Updated golang packages fix security vulnerability

The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...

9.8CVSS8AI score0.10299EPSS
Exploits0References6
OSV
OSV
added 2021/10/12 4:31 p.m.24 views

GHSA-P75J-WC34-527C Exposure of Sensitive Information to an Unauthorized Actor in ansible

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...

7.1CVSS6.4AI score0.01609EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2021/10/12 4:31 p.m.28 views

Exposure of Sensitive Information to an Unauthorized Actor in ansible

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...

6.5CVSS1.9AI score0.01609EPSS
Exploits1References9Affected Software1
RedhatCVE
RedhatCVE
added 2021/10/11 2:49 p.m.102 views

CVE-2021-38297

A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM WebAssembly Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang. Mitigation Mitigation for this issu...

9.8CVSS0.5AI score0.10299EPSS
Exploits0References4
NVD
NVD
added 2021/10/11 5:15 a.m.12 views

CVE-2021-42139

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

9.8CVSS0.02003EPSS
Exploits1References3
OSV
OSV
added 2021/10/11 5:15 a.m.14 views

CVE-2021-42139

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

9.8CVSS7.3AI score
Exploits0References3
Prion
Prion
added 2021/10/11 5:15 a.m.15 views

Code injection

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

6.8CVSS9.6AI score0.02003EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/10/11 4:14 a.m.60 views

CVE-2021-42139

The CVE-2021-42139 issue affects Deno Standard Modules prior to 0.107.0, where code execution can be injected via an untrusted YAML file in certain configurations. Affected component: Deno Standard Modules (before 0.107.0). Root cause: insecure handling of YAML input leading to code injection. Im...

9.8CVSS9.6AI score0.02003EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/10/11 4:14 a.m.13 views

CVE-2021-42139

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

9.9AI score0.02003EPSS
Exploits1References3
Kitploit
Kitploit
added 2021/10/08 8:30 p.m.39 views

Viper - Intranet Pentesting Tool With Webui

Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on Viper ha...

7.6AI score
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2021/10/08 12:0 a.m.3 views

The vulnerability of the Bluetooth Classic implementation of the microprogramming software for the ESP-WROVER-KIT development board, which is used for the ESP32 Wi-Fi/Bluetooth module series, allows a hacker to execute arbitrary code.

The vulnerability of the Bluetooth Classic implementation of the microprogramming software for the ESP-WROVER-KIT development board for the ESP32 Wi-Fi/Bluetooth series modules is related to insufficient verification of input data. Exploiting this vulnerability could allow a remote attacker to...

6.5CVSS7AI score0.00437EPSS
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2021/10/06 12:0 a.m.37 views

go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data

The Go project reports: When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. If using wasmexec.js to execute WASM modules, users will need to replace their copy aft...

9.8CVSS4AI score0.10299EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/09/28 7:52 a.m.51 views

Mail.ru: [samokat.ru] PHP modules path disclosure due to lack of error handling

Hi security team @mailru we found a Information disclosure in phpproject in subsamokat.ru On one side of the server samokat.ru generates a full stack error trace instead of an HTTP 500 error. The complete error stack trace reveals the full path of the PHPConfiguration module directory on the...

6.6AI score
Exploits0
OSV
OSV
added 2021/09/23 11:18 p.m.12 views

GHSA-XPWJ-7V8Q-MCGJ Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...

9.8CVSS9.8AI score0.01113EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2021/09/21 7:12 a.m.15 views

python3 bug fix and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/09/20 10:49 a.m.9 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

Description Stored XSS in External element Feed when created Content Proof of Concept POST /content/item/edit?type=Zikula%5CContentModule%5CContentType%5CFeedType HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/09/20 4:54 a.m.11 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

0.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.4 views

The vulnerability of Xen hypervisors on Arm, related to information disclosure, allows attackers to gain access to confidential data.

The vulnerability of Xen hypervisors on ARM is related to the lack of cleaning of loading modules. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

5.5CVSS5.9AI score0.00321EPSS
Exploits0References5Affected Software3
Huntr
Huntr
added 2021/09/18 8:49 p.m.10 views

Cross-site Scripting (XSS) - Stored in zikula-modules/mediamodule

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept // PoC.js Steps to reproduce : 1 -- Go to link -- https://demo.ziku.la/media/media/create/paste/url 2 -- Inject Payload in...

6.3AI score
Exploits0
Rows per page
Query Builder