33122 matches found
Authentication granted to all firewalls instead of just one
Description ----------- When an application defines multiple firewalls, the authenticated token delivered by one of the firewalls is available to all other firewalls. This can be abused when the application defines different providers for different parts of an application. In such a situation, a...
Insufficient Verification of Data Authenticity in Pillow
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...
Division by zero in TFLite's implementation of `DepthToSpace`
Impact The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero error: cc const int blocksize = params-blocksize; ... const int inputchannels = input-dims-data3; ... int outputchannels = inputchannels / blocksize / blocksize; An attacker can craft a model such th...
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Patches The issue is fixed by https://github.com/matrix-org/synapse/pull/9855. Workarounds There are no...
Predictable SIF UUID Identifiers in github.com/sylabs/sif
Impact The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. Patches A patch is available in version = v1.2.3 of the module. Users are encouraged to upgrade. The pat...
Integer Overflow or Wraparound in NATS Server
An integer overflow in NATS Server before 2.2.0 allows a remote attacker to crash the server by sending a crafted request. Specific Go Packages Affected github.com/nats-io/nats-server/v2/server...
Kubernetes kubectl cp Vulnerable to Symlink Attack
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...
Regular Expression Denial of Service in hosted-git-info
The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...
Directory traversal in development mode handler in Vaadin 14 and 15-17
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder. -...
Prototype Pollution in asciitable.js
The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function. PoC js var a = require"asciitable.js"; var b = JSON.parse'"proto":"test":123'; a,b; console.log.test...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0917...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366...
Double Free in Adplug
AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h...
Improper Access Control in moodle
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier...
botframework-connector vulnerable to Improper Authentication
Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see the...
File System Bounds Escape
Impact Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. Background When windows separators exist within the path , path.resolve leaves the upper pointers intact and allows...
XSS in Flarum Sticky extension
Impact A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through Mithril's m.trust helper. This...
Denial of Service in i18n
This affects the package i18n before version 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs...
Cross-Site Scripting through Fluid view helper arguments
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS throug maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML...
Reflected XSS with parameters in PostComment
Impact An attacker could inject malicious web code into the users' web browsers by creating a malicious link. Patches The problem is fixed in 4.2.0 References Cross-site Scripting XSS - Reflected CWE-79...
Privilege Escalation in Channelmgnt plug-in for Sopel
Impact Malicious users are able to op/voice and take over a channel Patches On version 1.0.3 Workarounds Disable channelmgnt References https://phab.bots.miraheze.wiki/T117 For more information If you have any questions or comments about this advisory: Email us at staffatmirahezebotsdotorg...
Denial of Service in Tensorflow
Impact Changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-serving or other inference-as-a-service installments. We have added...
RCE in Third Party Library in Shopware
Impact RCE in Third Party Library Patches We recommend to update to the current version 6.3.1.1. You can get the update to 6.3.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...
Potential XSS injection In PrestaShop contactform
Impact An attacker is able to inject javascript while using the contact form. Patches The problem is fixed in v4.3.0 References Cross-site Scripting XSS - Stored CWE-79...
Malicious Package in electron-native-notify
All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets. Recommendation Remove the package from your environment and follo...
Denial of Service in http-proxy
Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERRHTTPHEADERSSENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader...
Denial of Service in ipfs-bitswap
Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service DoS. The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions. Recommendation Upgrade to version 0.24.1 or later...
Information Disclosure in TYPO3 extension sf_event_mgt
A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure. Another missing access check in the backend module allows an authenticated backend user to send emai...
Malicious Package in ladder-text-js
ladder-text-js contained a malicious script that attempted to delete all files when npm test was run. Recommendation This module has been unpublished from the npm Registry. If you find this module in your environment remove it...
Cross-Site Scripting in swagger-ui
Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...
Command Injection in git-tags-remote
All versions of git-tags-remote are vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This may allow attackers to execute arbitrary code in the system if the repo value passed to the function is...
Remote code execution (RCE) in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...
Directory traversal in fast-http
This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js...
Uncontrolled resource consumption in jpeg-js
Uncontrolled resource consumption in jpeg-js before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image...
Storing Password in Local Storage
The setPassword method http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.htmlsetPassword stores the user's password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all. In the...
Command injection in codecov (npm package)
Impact The upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE was issued: CVE-2020-7597, but the fix was incomplete. It only blocked &, and...
RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign
Impact Jsrsasign can verify RSA-PSS signature which value can expressed as BigInteger. When there is a valid RSA-PSS signature value, this vulnerability is also accept value with prepending zeros as a valid signature. - If you are not use RSA-PSS signature validation, this vulnerability is not...
Denial of service in Apache Xerces2
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service CPU consumption via a crafted message to an XML service, which triggers hash table collisions...
Information disclosure in SSB-DB
Impact What kind of vulnerability is it? Who is impacted? Servers running SSB-DB 20.0.0 which is packaged with SSB-Server 16.0.0 must upgrade immediately. There is no evidence that other SSB apps are vulnerable or that this problem has been exploited in the wild. The get method is supposed to onl...
Eval injection in Supybot/Limnoria
Eval injection in the Math plugin of Limnoria before 2019.11.09 and Supybot through 2018-05-09 allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands...
Directory Traversal in SharpCompress
SharpCompress prior to version 0.21 is vulnerable to path traversal issue in archive extraction...
Improper input validation in Apache Santuario XML Security for Java
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
Cross-Site Scripting in react-svg
Versions of react-svg before 2.2.18 are vulnerable to cross-site scripting xss. This is due to the fact that scripts found in SVG files are run by default. Recommendation Update to version 2.2.18 or later...
Arbitrary File Overwrite in tar
Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file...
Regular Expression Denial of Service in highcharts
Versions of highcharts prior to 6.1.0 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrade to...
Apache Airflow vulnerable to XSS
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlocked can exfil all credentials from the system...
Improper Authentication in Apache Karaf
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...