33225 matches found
golang.org/x/net vulnerable to Cross-site Scripting
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
RunGptLLM class in LlamaIndex has a command injection
A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Impact SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default query mode. Users that do not overri...
angular vulnerable to super-linear runtime due to backtracking
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of...
Command Injection in pip when used with Mercurial
When installing a package from a Mercurial VCS URL, e.g. pip install hg+..., with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call e.g. --config. Controlling the Mercurial configuration can modify how and which...
github.com/kumahq/kuma affected by CVE-2023-44487
Impact Envoy and Go HTTP/2 protocol stack is vulnerable to the "Rapid Reset" class of exploits, which send a sequence of HEADERS frames optionally followed by RSTSTREAM frames. This can be exercised if you use the builtin gateway and receive untrusted http2 traffic. Patches...
nuxt Code Injection vulnerability
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly...
Insufficient validation when decoding a Socket.IO packet
Impact A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. TypeError: Cannot convert object to primitive value at Socket.emit node:events:507:25 at .../nodemodules/socket.io/lib/socket.js:531:14 Patches A fix has been...
Jenkins HashiCorp Vault Plugin has improper masking of credentials
Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...
Denial of service in ASP.NET Core
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548...
Cross-site Scripting in wicket-jquery-ui
In wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...
Stored XSS vulnerability in Jenkins Git Parameter Plugin
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
DOM-based cross-site scripting in Froala Editor
Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications. A DOM-based cross-site scripting XSS vulnerability exists in versions before 3.2.3 because HTML code in the editor is not correctly sanitized whe...
Server-side request forgery (SSRF) in Apache XmlGraphics Commons
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
CKEditor 4 vulnerabilities in versions <4.16.1
Details see: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc CVE-2021-37695 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c CVE-2021-32808 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg CVE-2021-32809 Patch...
Out-of-bounds Write in ChakraCore
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054...
Shallow copy bug in geth
Impact This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth’s pre-compiled dataCopy at 0x00...04 contract did a shallow copy on invocation. An attacker could deploy a contract that - writes X to an EVM memory region R,...
Remote Code Execution via traversal in TAL expressions
Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...
Arbitrary code execution in Apache Druid
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker...
Cross-site Scripting in docsify
docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...
Possible pod name collisions in jupyterhub-kubespawner
Impact What kind of vulnerability is it? Who is impacted? JupyterHub deployments using: - KubeSpawner = 0.11.1 e.g. zero-to-jupyterhub 0.9.0 and - enabled namedservers not default, and - an Authenticator that allows: - usernames with hyphens or other characters that require escape e.g. user-hyphe...
Command Injection in standard-version
GitHub Security Lab GHSL Vulnerability Report: GHSL-2020-111 The GitHub Security Lab team has identified a potential security vulnerability in standard-version. Summary The standardVersion function has a command injection vulnerability. Clients of the standard-version library are unlikely to be...
Ability to forge per-form CSRF tokens in Rails
It is possible to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token for any action for that session. Impact ------ Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for...
Insecure Deserialization in Backend User Settings in TYPO3 CMS
It has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3...
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle
Impact The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validating these...
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Due to an incomplete fix for CVE-2019-9658, checkstyle was still vulnerable to XML External Entity XXE Processing. Impact User: Build Maintainers This vulnerability probably doesn't impact Maven/Gradle users as, in most cases, these builds are processing files that are trusted, or pre-vetted by a...
Password Hashing: Do not use MD5
Impact User passwords are stored in the database using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problemati...
Request smuggling is possible when both chunked TE and content length specified
Impact Request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle alone \n as a headers separator. Patches https://github.com/ktorio/ktor/pull/1547 Workarounds None except migrating to a better proxy. References...
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pwfw-mgfj-7g3g. This link is maintained to preserve external references...
User enumeration leak using switch user functionality in Symfony
An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security...
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...
Paramiko not properly checking authentication before processing other requests
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as...
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementati...
Apache Tomcat Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
The issue involves a security vulnerability in Vite where the server options can be bypassed using a double forward slash //. This vulnerability poses a potential security risk as it can allow unauthorized access to sensitive directories and files. Steps to Fix. Update Vite: Ensure that you are...
Etcd-io Improper Authentication vulnerability
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. This has been fixed in v.3.5.8 and was also backported to 3.4 and 3.5...
Cortex's Alertmanager can expose local files content via specially crafted config
Impact A local file inclusion vulnerability exists in Cortex versions v1.13.0, v1.13.1 and v1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users o...
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the gssapi-with-mic method which will cause...
Shell command injection in gitea
Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...
Path traversal in the OWASP Enterprise Security API
Impact The default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire...
Potential Captcha Validate Bypass in flask-session-captcha
Impact flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. The captcha.validate function would return None if passed no value e.g. by submitting a request with an empty form. If implementing users were checking th...
Prototype Pollution in async
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x fixed in 3.2.2 and 2.6.4, which could let a malicious user obtain privileges via the mapValues method...
Use after free in Animation
CVE-2022-0609: Use after free in Animation - https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop14.html - https://vulners.com/cve/CVE-2022-0609 Google is aware of reports that exploits for CVE-2022-0609 exist in the wild. The exploitation is known to be easy. The attac...
Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...
XStream is vulnerable to a Remote Command Execution attack
Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...
Out-of-bounds Write in ChakraCore
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828,...