Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2021/07/26 9:19 p.m.91 views

Argo CD Insecure default administrative password

In Argo CD versions 1.8.0 and prior, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names...

8.8CVSS8.4AI score0.018EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 7:19 p.m.91 views

No CSRF protection on the password change form

Impact It's possible for forge an URL that, when accessed by an admin, will reset the password of any user in XWiki. Patches The problem has been patched in XWiki 12.10.5, 13.2RC1. Workarounds It's possible to apply the patch manually by modifying the registermacros.vm template like in...

5.7CVSS0.0061EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/01 5:2 p.m.91 views

Cached redirect poisoning via X-Forwarded-Host header

A user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerable if they do not configure a custom PublicAddress instance. A custom...

7CVSS1.7AI score0.00857EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/18 6:38 p.m.91 views

Command injection in LocalStack

The dashboard component of StackLift LocalStack allows attackers to inject arbitrary shell commands via the functionName parameter...

10CVSS5.8AI score0.02113EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/18 6:31 p.m.91 views

HTTP Request Smuggling in netius

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks...

6.1CVSS6.3AI score0.00811EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:33 p.m.91 views

Remote code execution in Apache Tapestry

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10CVSS0.8AI score0.94089EPSS
Exploits5References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/23 4:54 p.m.91 views

Uncontrolled Resource Consumption in pillow

Impact Pillow before 8.1.1 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. Patches An issue was discovered in Pillow before 6.2.0...

7.5CVSS0.9AI score0.0317EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 10:44 p.m.91 views

Prototype poisoning

Impact The issue is as follows: when msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. As you are no doubt aware, Object.prototype.proto is an accessor property for the receiver's prototype. If the value corresponding to the key proto decodes to an object or...

8.8CVSS0.5AI score0.01649EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 2:52 p.m.91 views

SQL injection in Django

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...

8.8CVSS2.7AI score0.22513EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/01 4:35 p.m.91 views

Improper Verification of Cryptographic Signature in Pure-Python ECDSA

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...

9.1CVSS2.8AI score0.01596EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/31 6:0 p.m.91 views

Ability to expose data in Sylius by using an unintended serialisation group

Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

5.3CVSS0.5AI score0.00737EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2018/12/21 5:51 p.m.91 views

Improper Access Control in commons-fileupload

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution...

9.8CVSS3.6AI score0.34731EPSS
Exploits0References26Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/11 10:3 p.m.90 views

Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate."...

9.1CVSS9.4AI score0.03153EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/19 3:7 p.m.90 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,...

6.1CVSS6.8AI score0.00529EPSS
Exploits0References8Affected Software3
Github Security Blog
Github Security Blog
added 2023/07/17 3:30 a.m.90 views

Mongoose Prototype Pollution vulnerability

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20...

10CVSS7AI score0.0101EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/11 10:45 p.m.90 views

Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to upda...

8.1CVSS8AI score0.01913EPSS
Exploits0References9Affected Software14
Github Security Blog
Github Security Blog
added 2023/06/06 1:59 a.m.91 views

Rancher UI has multiple Cross-Site Scripting (XSS) issues

Impact Multiple Cross-Site Scripting XSS vulnerabilities have been identified in the Rancher UI. Cross-Site scripting allows a malicious user to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform oth...

8.4CVSS6.3AI score0.00714EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/30 4:58 p.m.90 views

XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

7.5CVSS7.7AI score0.01022EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/11 8:48 p.m.90 views

NuGet Elevation of Privilege Vulnerability

Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0.0-rc, .NET 6.0, .NET Core 3.1, and NuGet NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol. This advisory also provides guidance on what developers can do to update their...

7.8CVSS8AI score0.01057EPSS
Exploits0References14Affected Software3
Github Security Blog
Github Security Blog
added 2022/09/16 9:15 p.m.90 views

TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`

Impact If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf signedinput = True rangegiven = False narrowrange = False axis = -1 input = tf.constant-3.5, shape=1,...

7.5CVSS7.4AI score0.00396EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2022/09/16 6:48 p.m.90 views

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...

5.3CVSS6.6AI score0.00804EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/25 7:22 p.m.90 views

Ansible Exposes Sensitive Information

A flaw was found in the Ansible Engine prior to 2.10.6rc1, 2.9.18rc1, and 2.8.19rc1, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The...

7.5CVSS7.2AI score0.02043EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/04 12:0 a.m.90 views

Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured

In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the...

10CVSS4.5AI score0.98253EPSS
Exploits54References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 10:26 p.m.90 views

Uncontrolled Resource Consumption in promhttp

This is the Go client library for Prometheus. It has two separate parts, one for instrumenting application code, and one for creating clients that talk to the Prometheus HTTP API. clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgola...

7.5CVSS0.6AI score0.05994EPSS
Exploits0References25Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/08 6:53 p.m.90 views

OCI Manifest Type Confusion Issue

Impact Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. Patches Upgrade to at least v2.8.0-beta.1 if you are running v2.x release. If you use the code from the main branch, update at least to the commit after...

2AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 4:23 p.m.90 views

BLS Signature "Malleability"

Impact 1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. 2. Lotus block validation functions perform a uniquenes...

7.5CVSS0.00976EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/06 5:31 p.m.90 views

Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources

Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. Workarounds The problem can be worked around by compiling the...

7.8CVSS0.4AI score0.53861EPSS
Exploits1References109Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/15 8:30 p.m.90 views

Security Constraint Bypass in Spring Security

Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...

7.5CVSS0.2AI score0.01416EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/02 3:26 p.m.90 views

Remote Memory Exposure in bl

A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...

6.5CVSS4.1AI score0.02183EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 4:11 p.m.90 views

File system access via H2 in Apache Ignite

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

9.1CVSS4.8AI score0.04983EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/23 9:36 p.m.90 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane...

8.8CVSS3.2AI score0.03473EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/01 4:35 p.m.90 views

Open Redirect in ecstatic

Versions of ecstatic prior to 4.1.2, 3.3.2 or 2.2.2 are vulnerable to Open Redirect. The package fails to validate redirects, allowing attackers to craft requests that result in an HTTP 301 redirect to any other domains. Recommendation If using ecstatic 4.x, upgrade to 4.1.2 or later. If using...

7.5CVSS2.2AI score0.01274EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/13 3:39 p.m.91 views

npm symlink reference outside of node_modules

Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of nodemodules. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would...

8.1CVSS2.3AI score0.03342EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:13 p.m.90 views

Unescaped exception messages in error responses in Jetty

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output...

6.1CVSS2.6AI score0.01905EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/23 10:6 p.m.90 views

Directory Traversal in exxxxxxxxxxx

Affected versions of exxxxxxxxxxx resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. This...

7.5CVSS6.9AI score0.02005EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/23 10:11 p.m.89 views

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in rollup when bundling scripts that use import.meta.url or with plugins that emit and reference asset files from code in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XSS in web pages where scriptless...

6.1CVSS6AI score0.007EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/28 12:33 a.m.89 views

ntlk unsafe deserialization vulnerability

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

9.8CVSS7.9AI score0.01346EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/20 6:6 p.m.89 views

robrichards/xmlseclibs XPath injection

A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated into XPath expressions...

7.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/27 3:30 p.m.89 views

Apache ActiveMQ is vulnerable to Remote Code Execution

Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users...

10CVSS8AI score0.99654EPSS
Exploits31References20Affected Software2
Github Security Blog
Github Security Blog
added 2023/08/29 6:31 p.m.89 views

MongoDB Driver may publish events containing authentication-related data

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...

7.5CVSS5.8AI score0.00492EPSS
Exploits0References13Affected Software3
Github Security Blog
Github Security Blog
added 2021/09/13 8:9 p.m.89 views

Prototype Pollution in set-value

This affects the package set-value. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS9.3AI score0.02457EPSS
Exploits1References11Affected Software2
Github Security Blog
Github Security Blog
added 2021/09/07 10:57 p.m.89 views

Prototype Pollution in immer

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

9.8CVSS8.9AI score0.01651EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 6:33 p.m.89 views

API information disclosure flaw in Elasticsearch

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...

5.3CVSS1.2AI score0.01162EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 9:13 p.m.89 views

Denial of service in go-ethereum due to CVE-2020-28362

Impact Versions of Geth built with Go 1.15.5 or 1.14.12 are most likely affected by a critical DoS-related security vulnerability. The golang team has registered the underlying flaw as ‘CVE-2020-28362’. We recommend all users to rebuild ideally v1.9.24 with Go 1.15.5 or 1.14.12, to avoid node...

7.5CVSS1.6AI score0.03813EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:29 p.m.89 views

Cross-Site Request Forgery in the Jenkins Claim plugin

Jenkins Claim Plugin 2.18.1 and earlier does not require POST requests for the form submission endpoint assigning claims, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to change claims. Jenkins Claim Plugin 2.18.2 requires POST requests for the...

4.3CVSS4.9AI score0.01635EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 7:16 p.m.89 views

Command injection in nodemailer

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails...

9.8CVSS9.4AI score0.02316EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/02 9:42 p.m.89 views

Unbounded connection acceptance leads to file handle exhaustion

Impact All servers running blaze-core = 0.14.14, including blaze-http and http4s-blaze-server users, are affected. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request...

7.5CVSS1.1AI score0.02117EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2020/12/21 4:4 p.m.89 views

OS Command Injection in node-notifier

This affects the package node-notifier before 8.0.1. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array...

6.8CVSS6.7AI score0.01575EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/31 10:51 p.m.89 views

Heap Based Buffer Overflow in libyaml

Versions 0.2.2 and earlier depend on native libyaml version 0.1.5 or earlier. As such, they are affected by a heap-based buffer overflow vulnerability that may result in a crash or arbitrary code execution when parsing YAML tags. Recommendation - Update to version 0.2.3 that includes a version of...

6.8CVSS5.1AI score0.09312EPSS
Exploits0References25Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/15 8:35 p.m.89 views

Denial of Service in Google Guava

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class when serialized with Java serialization...

5.9CVSS4.3AI score0.05119EPSS
Exploits0References56Affected Software6
Total number of security vulnerabilities5000