806 matches found
CVE-2022-21685 Integer underflow in Frontier
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...
File Traversal affecting SVG files on Nextcloud Server
None...
File path disclosure of shared files in Richdocuments application
None...
XSS in Contacts
None...
Bypass of image blocking in Nextcloud Mail
None...
GHSA-PVV8-8FX9-H673 Path Traversal in @backstage/plugin-scaffolder-backend
Impact A malicious actor could read sensitive files from the environment where Scaffolder tasks are run. The attack is executed by crafting a custom Scaffolder template with a publish:github:pull-request action using a particular source path. When the template is executed the sensitive files woul...
Path Traversal in @backstage/plugin-scaffolder-backend
Impact A malicious actor could read sensitive files from the environment where Scaffolder tasks are run. The attack is executed by crafting a custom Scaffolder template with a publish:github:pull-request action using a particular source path. When the template is executed the sensitive files woul...
CVE-2021-41151
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...
CVE-2021-41151
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...
backstage 路径遍历漏洞
backstage is a software application. Backstage is an open platform for building developer portals Backstage suffers from a path traversal vulnerability that stems from the ability to read sensitive files from an environment running Scaffolder Tasks. The attack is executed by crafting a custom...
Reconky - A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It
Reconky is a script written in bash to automate the task of recon and information gathering.This Bash Script allows you to collect some information that will help you identify what to do next and where to look for the required target. Usage ./reconky.sh Main-Features It will Gathers Subdomains wi...
Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized...
CVE-2021-32724
CVE-2021-32724 affects the GitHub Action check-spelling (check-spelling/check-spelling). In workflows that run on pull_request_target or schedule, a crafted PR can cause exposure of the GITHUB_TOKEN, enabling the attacker to push commits with repository-level access and potentially exfiltrate sec...
CVE-2021-40812
The GD Graphics Library aka LibGD through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks...
Bypass of Two Factor Authentication
None...
Exceptions may have logged Encryption-at-Rest key content
None...
Lack of ratelimit on Richdocuments OCS endpoint
None...
Unlimited transforms allowed for signed nodes
Impact A malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. Patches This has been resolved in version 3.1.0. The resolution is to...
Untrusted Search Path in Nextcloud Desktop Client
None...
XSS in Nextcloud Text application
None...