Path traversal

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

Cross-Site Request Forgery (CSRF) in publify/publify

Description An attacker is able to craft an URL with special parameters, what contains the theme switching command. Upon sending the malicious link to a logged-in administrator, the theme is being changed. Proof of Concept With an admin user, simply open the following URL please replace the...

Apache Web Server Zero-Day Actively Exploited, Exposes Sensitive Data

Apache Software has quickly issued a fix for a zero-day security bug in the Apache HTTP Server, which was first reported to the project last week. The vulnerability is under active exploitation in the wild, it said, and could allow attackers to access sensitive information. According to a securit...

CVE-2021-41089

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem,...

Fastify: Open redirect in fastify-static via mishandled user's input when attempt to redirect

Summary: When fastify-static is mounted at root and the register option redirect: true, the following 2 lines cause open redirect bug: https://github.com/fastify/fastify-static/blob/master/index.jsL156-L157. A remote attackers can redirect users to arbitrary web sites via a double forward slash:...

CVE-2021-39514

An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service...

CVE-2021-39562

CVE-2021-39562 concerns swftools up to 20200710, where a NULL pointer dereference in FileStream::makeSubStream() (Stream.cc) can lead to Denial of Service. The issue is caused in the swftools file handling component; exploitation details are not provided in the documents, and there is no confirme...

Code Injection in zoujingli/thinkadmin

Description remote code execution Proof of Concept Bellow request is vulnerable to arbitary system command injection .\ During file upload it does not properly check file upload which allow to upload php file and this php file will execute system command POST /admin/api.upload/file.html HTTP/2...

CVE-2021-39207

parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...

CVE-2021-39207

parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...

Deserialization of untrusted data

parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...

CVE-2021-39207 Deserialization of Untrusted Data in parlai

parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...

Heap-based Buffer Overflow in vim/vim

...

CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

Remote memory exhaustion in ckb

In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...

Buffer overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

CVE-2021-22238

An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues...

Windows EoP Bug Detailed by Google Project Zero

It looked like Google Project Zero blew its own 90-day disclosure window when, on Wednesday, it disclosed an elevation of privilege EoP flaw in Windows that it reported to Microsoft just over a month ago on July 8. But no: It turns out that Microsoft flip-flopped on whether or not it was planning...

OPENSUSE-SU-2021:1162-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 bsc1188846 - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld...

Basecamp: Privilege Escalation leads to trash other users comment without having admin rights.

Privilege Escalation leads to trash other users comment without having admin rights...