Lucene search
K
GithubMost viewed

33122 matches found

Github Security Blog
Github Security Blog
•added 2021/06/21 5:3 p.m.•42 views

Authentication granted to all firewalls instead of just one

Description ----------- When an application defines multiple firewalls, the authenticated token delivered by one of the firewalls is available to all other firewalls. This can be abused when the application defines different providers for different parts of an application. In such a situation, a...

8.8CVSS1.6AI score0.01388EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
•added 2021/06/08 6:49 p.m.•42 views

Insufficient Verification of Data Authenticity in Pillow

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

5.5CVSS2.4AI score0.00732EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/21 2:27 p.m.•42 views

Division by zero in TFLite's implementation of `DepthToSpace`

Impact The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero error: cc const int blocksize = params-blocksize; ... const int inputchannels = input-dims-data3; ... int outputchannels = inputchannels / blocksize / blocksize; An attacker can craft a model such th...

7.8CVSS2.3AI score0.00201EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/19 11:1 p.m.•42 views

Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint

Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Patches The issue is fixed by https://github.com/matrix-org/synapse/pull/9855. Workarounds There are no...

2.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 6:30 p.m.•42 views

Predictable SIF UUID Identifiers in github.com/sylabs/sif

Impact The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. Patches A patch is available in version = v1.2.3 of the module. Users are encouraged to upgrade. The pat...

7.5CVSS0.8AI score0.00958EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 6:14 p.m.•42 views

Integer Overflow or Wraparound in NATS Server

An integer overflow in NATS Server before 2.2.0 allows a remote attacker to crash the server by sending a crafted request. Specific Go Packages Affected github.com/nats-io/nats-server/v2/server...

7.5CVSS7.3AI score0.01739EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 3:30 p.m.•42 views

Kubernetes kubectl cp Vulnerable to Symlink Attack

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

5.7CVSS6.4AI score0.0262EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 4:10 p.m.•42 views

Regular Expression Denial of Service in hosted-git-info

The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...

5.3CVSS3.4AI score0.03612EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/19 2:48 p.m.•42 views

Directory traversal in development mode handler in Vaadin 14 and 15-17

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder. -...

7.5CVSS3.7AI score0.01211EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:24 p.m.•42 views

Prototype Pollution in asciitable.js

The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function. PoC js var a = require"asciitable.js"; var b = JSON.parse'"proto":"test":123'; a,b; console.log.test...

9.8CVSS8.9AI score0.01939EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 9:0 p.m.•42 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...

7.6CVSS2.6AI score0.09215EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 9:0 p.m.•42 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0917...

7.6CVSS2.6AI score0.09215EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:59 p.m.•42 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107...

7.6CVSS2.6AI score0.08948EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:58 p.m.•42 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...

7.6CVSS2.6AI score0.09215EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:55 p.m.•42 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366...

7.6CVSS2.6AI score0.09703EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:48 p.m.•42 views

Double Free in Adplug

AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h...

9.8CVSS1.5AI score0.02131EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:42 p.m.•42 views

Improper Access Control in moodle

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier...

7.5CVSS7.1AI score0.01895EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/08 3:50 p.m.•42 views

botframework-connector vulnerable to Improper Authentication

Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see the...

5.5CVSS6.8AI score0.01057EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/02/10 6:11 p.m.•42 views

File System Bounds Escape

Impact Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. Background When windows separators exist within the path , path.resolve leaves the upper pointers intact and allows...

9.6CVSS8.8AI score0.01863EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/01/29 6:13 p.m.•42 views

XSS in Flarum Sticky extension

Impact A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through Mithril's m.trust helper. This...

5.4CVSS0.1AI score0.00787EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/14 7:50 p.m.•42 views

Denial of Service in i18n

This affects the package i18n before version 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs...

7.5CVSS4.2AI score0.02977EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/18 9:6 p.m.•42 views

Cross-Site Scripting through Fluid view helper arguments

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS throug maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML...

8CVSS0.8AI score0.01026EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/16 9:23 p.m.•42 views

Reflected XSS with parameters in PostComment

Impact An attacker could inject malicious web code into the users' web browsers by creating a malicious link. Patches The problem is fixed in 4.2.0 References Cross-site Scripting XSS - Reflected CWE-79...

8.7CVSS4.1AI score0.00875EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/10/13 5:30 p.m.•42 views

Privilege Escalation in Channelmgnt plug-in for Sopel

Impact Malicious users are able to op/voice and take over a channel Patches On version 1.0.3 Workarounds Disable channelmgnt References https://phab.bots.miraheze.wiki/T117 For more information If you have any questions or comments about this advisory: Email us at staffatmirahezebotsdotorg...

7.7CVSS2.5AI score0.01142EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
•added 2020/09/25 6:28 p.m.•42 views

Denial of Service in Tensorflow

Impact Changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-serving or other inference-as-a-service installments. We have added...

9CVSS3AI score0.00944EPSS
Exploits1References11Affected Software3
Github Security Blog
Github Security Blog
•added 2020/09/23 5:20 p.m.•42 views

RCE in Third Party Library in Shopware

Impact RCE in Third Party Library Patches We recommend to update to the current version 6.3.1.1. You can get the update to 6.3.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

3AI score
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
•added 2020/09/15 5:34 p.m.•42 views

Potential XSS injection In PrestaShop contactform

Impact An attacker is able to inject javascript while using the contact form. Patches The problem is fixed in v4.3.0 References Cross-site Scripting XSS - Stored CWE-79...

9.3CVSS2.2AI score0.01223EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/11 9:18 p.m.•42 views

Malicious Package in electron-native-notify

All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets. Recommendation Remove the package from your environment and follo...

5.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/04 5:59 p.m.•42 views

Denial of Service in http-proxy

Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERRHTTPHEADERSSENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader...

1.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/02 9:50 p.m.•42 views

Denial of Service in ipfs-bitswap

Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service DoS. The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions. Recommendation Upgrade to version 0.24.1 or later...

4.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/02 6:3 p.m.•42 views

Information Disclosure in TYPO3 extension sf_event_mgt

A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure. Another missing access check in the backend module allows an authenticated backend user to send emai...

4.3CVSS1.7AI score0.0077EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 8:41 p.m.•42 views

Malicious Package in ladder-text-js

ladder-text-js contained a malicious script that attempted to delete all files when npm test was run. Recommendation This module has been unpublished from the npm Registry. If you find this module in your environment remove it...

1.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 3:28 p.m.•42 views

Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...

2.6AI score0.00713EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/29 2:53 p.m.•42 views

Command Injection in git-tags-remote

All versions of git-tags-remote are vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This may allow attackers to execute arbitrary code in the system if the repo value passed to the function is...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/27 4:57 p.m.•42 views

Remote code execution (RCE) in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

8.8CVSS9.2AI score0.99118EPSS
Exploits9References10Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/27 4:2 p.m.•42 views

Directory traversal in fast-http

This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js...

7.5CVSS4.1AI score0.01761EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/27 3:46 p.m.•42 views

Uncontrolled resource consumption in jpeg-js

Uncontrolled resource consumption in jpeg-js before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image...

5.5CVSS4.6AI score0.01077EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/23 6:20 p.m.•42 views

Storing Password in Local Storage

The setPassword method http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.htmlsetPassword stores the user's password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all. In the...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/20 5:20 p.m.•42 views

Command injection in codecov (npm package)

Impact The upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE was issued: CVE-2020-7597, but the fix was incomplete. It only blocked &, and...

9.3CVSS0.9AI score0.03805EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/26 4:26 p.m.•42 views

RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign

Impact Jsrsasign can verify RSA-PSS signature which value can expressed as BigInteger. When there is a valid RSA-PSS signature value, this vulnerability is also accept value with prepending zeros as a valid signature. - If you are not use RSA-PSS signature validation, this vulnerability is not...

9.8CVSS1.3AI score0.0293EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/15 6:51 p.m.•42 views

Denial of service in Apache Xerces2

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service CPU consumption via a crafted message to an XML service, which triggers hash table collisions...

7.8CVSS6.2AI score0.17461EPSS
Exploits0References21Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/11 9:9 p.m.•42 views

Information disclosure in SSB-DB

Impact What kind of vulnerability is it? Who is impacted? Servers running SSB-DB 20.0.0 which is packaged with SSB-Server 16.0.0 must upgrade immediately. There is no evidence that other SSB apps are vulnerable or that this problem has been exploited in the wild. The get method is supposed to onl...

7.5CVSS2AI score0.01292EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2019/11/20 1:31 a.m.•42 views

Eval injection in Supybot/Limnoria

Eval injection in the Math plugin of Limnoria before 2019.11.09 and Supybot through 2018-05-09 allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands...

9.8CVSS6.8AI score0.0171EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2019/09/11 10:59 p.m.•42 views

Directory Traversal in SharpCompress

SharpCompress prior to version 0.21 is vulnerable to path traversal issue in archive extraction...

5.5CVSS3.9AI score0.10051EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2019/08/27 5:41 p.m.•42 views

Improper input validation in Apache Santuario XML Security for Java

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS1.3AI score0.00776EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
•added 2019/05/31 11:47 p.m.•42 views

Cross-Site Scripting in react-svg

Versions of react-svg before 2.2.18 are vulnerable to cross-site scripting xss. This is due to the fact that scripts found in SVG files are run by default. Recommendation Update to version 2.2.18 or later...

2.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2019/05/01 6:37 p.m.•42 views

Arbitrary File Overwrite in tar

Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file...

7.5CVSS3.1AI score0.03145EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2019/03/18 3:59 p.m.•42 views

Regular Expression Denial of Service in highcharts

Versions of highcharts prior to 6.1.0 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrade to...

7.5CVSS4.5AI score0.03169EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2019/01/25 4:19 p.m.•42 views

Apache Airflow vulnerable to XSS

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlocked can exfil all credentials from the system...

9.8CVSS8.5AI score0.02166EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2019/01/07 7:14 p.m.•42 views

Improper Authentication in Apache Karaf

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...

8.1CVSS3.2AI score0.02573EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities5000