6348 matches found
MGASA-2021-0475 Updated golang packages fix security vulnerability
The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...
Updated golang packages fix security vulnerability
The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...
GHSA-P75J-WC34-527C Exposure of Sensitive Information to an Unauthorized Actor in ansible
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...
Exposure of Sensitive Information to an Unauthorized Actor in ansible
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...
CVE-2021-38297
A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM WebAssembly Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang. Mitigation Mitigation for this issu...
CVE-2021-42139
Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...
CVE-2021-42139
Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...
Code injection
Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...
CVE-2021-42139
The CVE-2021-42139 issue affects Deno Standard Modules prior to 0.107.0, where code execution can be injected via an untrusted YAML file in certain configurations. Affected component: Deno Standard Modules (before 0.107.0). Root cause: insecure handling of YAML input leading to code injection. Im...
CVE-2021-42139
Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...
Viper - Intranet Pentesting Tool With Webui
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on Viper ha...
The vulnerability of the Bluetooth Classic implementation of the microprogramming software for the ESP-WROVER-KIT development board, which is used for the ESP32 Wi-Fi/Bluetooth module series, allows a hacker to execute arbitrary code.
The vulnerability of the Bluetooth Classic implementation of the microprogramming software for the ESP-WROVER-KIT development board for the ESP32 Wi-Fi/Bluetooth series modules is related to insufficient verification of input data. Exploiting this vulnerability could allow a remote attacker to...
go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data
The Go project reports: When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. If using wasmexec.js to execute WASM modules, users will need to replace their copy aft...
Mail.ru: [samokat.ru] PHP modules path disclosure due to lack of error handling
Hi security team @mailru we found a Information disclosure in phpproject in subsamokat.ru On one side of the server samokat.ru generates a full stack error trace instead of an HTTP 500 error. The complete error stack trace reveals the full path of the PHPConfiguration module directory on the...
GHSA-XPWJ-7V8Q-MCGJ Deno's static imports inside dynamically imported modules do not adhere to permission checks
Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...
python3 bug fix and enhancement update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in External element Feed when created Content Proof of Concept POST /content/item/edit?type=Zikula%5CContentModule%5CContentType%5CFeedType HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...
The vulnerability of Xen hypervisors on Arm, related to information disclosure, allows attackers to gain access to confidential data.
The vulnerability of Xen hypervisors on ARM is related to the lack of cleaning of loading modules. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
Cross-site Scripting (XSS) - Stored in zikula-modules/mediamodule
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept // PoC.js Steps to reproduce : 1 -- Go to link -- https://demo.ziku.la/media/media/create/paste/url 2 -- Inject Payload in...