Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
•added 2021/08/05 5:4 p.m.•73 views

Header dropping in traefik

Impact There exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potentia...

8.1CVSS0.9AI score0.011EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2021/07/28 6:57 p.m.•73 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828...

7.6CVSS5.2AI score0.09363EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/07/28 6:57 p.m.•73 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828,...

7.6CVSS2.8AI score0.09363EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/07/26 9:19 p.m.•73 views

Improper Restriction of Excessive Authentication Attempts in Argo API

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. Specific Go Packages Affected...

7.5CVSS7.5AI score0.02157EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/07/01 5:2 p.m.•73 views

Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...

7.5CVSS0.7AI score0.00455EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/29 6:32 p.m.•73 views

Open Redirect

Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirectto parameter, related to the function isValidRedirect in routes/user/auth.go...

6.1CVSS5.6AI score0.01316EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/24 8:28 p.m.•73 views

Improper Privilege Management in HashiCorp Nomad

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...

7.5CVSS4.9AI score0.01453EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/23 5:17 p.m.•73 views

Elliptic Curve Key Disclosure in go-jose

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making ...

9.1CVSS2.7AI score0.01411EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
•added 2021/05/25 6:45 p.m.•73 views

Cross-site Scripting in Wildfly

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity...

4.8CVSS5.6AI score0.00528EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 3:38 p.m.•73 views

XML Entity Expansion and Improper Input Validation in Kubernetes API server

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

7.5CVSS7.4AI score0.25939EPSS
Exploits2References11Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/13 10:31 p.m.•73 views

Autobinding vulnerability in MITREid Connect

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

9.1CVSS3.9AI score0.02222EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/13 10:30 p.m.•73 views

Uncontrolled Memory Allocation in Apache PDFBox

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions...

5.5CVSS4.1AI score0.03337EPSS
Exploits0References26Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/07 4:16 p.m.•73 views

Cross-site Scripting in PrimeFaces

An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation...

6.1CVSS1.9AI score0.00811EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2021/04/22 4:14 p.m.•73 views

"Deserialization errors in MyBatis"

MyBatis before 3.5.6 mishandles deserialization of object streams leading to potential cache poisoning...

8.1CVSS7.9AI score0.0182EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/19 2:54 p.m.•73 views

Sydent vulnerable to denial of service attack via memory exhaustion

Impact Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to disk space exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers....

7.5CVSS0.8AI score0.01833EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:22 p.m.•73 views

Improper Authentication in react-adal

This affects versions of react-adal 0.5.1. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is caused by h...

8.2CVSS7.6AI score0.01266EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/08 4:33 p.m.•73 views

Indico Tampering with links (e.g. password reset) in sent emails

Impact An external audit of the Indico codebase has discovered a vulnerability in Indico's URL generation logic which could have allowed an attacker to make Indico send a password reset link with a valid token pointing to an attacker-controlled domain by sending that domain in the Host header. Ha...

7.5CVSS7.3AI score0.01047EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/06 5:32 p.m.•73 views

Client TLS credentials sent raw to server in npm package nats

Nats is a Node.js client for the NATS messaging system. Problem Description Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The...

7.5CVSS1.3AI score0.01476EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/24 10:58 p.m.•73 views

Prototype Pollution in highlight.js

Impact Affected versions of this package are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsin...

8.7CVSS1.7AI score0.01296EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/13 5:18 p.m.•73 views

Authorization bypass in Spree

Impact The perpetrator could query the API v2 Order Status endpoint with an empty string passed as an Order token Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree 3.7 are not affected. References Pull request with a fix and in-depth explanati...

7.7CVSS0.5AI score0.01111EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/31 10:59 p.m.•73 views

API Admin Auth Weakness in tomato

Versions of tomato prior to 0.0.6 are affected by a somewhat complex authentication bypass vulnerability in the admin service when only a single access key is configured on the server. The vulnerability allows an attacker to guess the password for the admin service, no matter how complex that...

6.8CVSS1AI score0.02464EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/26 4:54 p.m.•73 views

ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign

Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...

7.5CVSS0.5AI score0.01116EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/03 10:2 p.m.•73 views

Information Exposure in Snyk Broker

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG...

7.5CVSS2.4AI score0.01122EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/07 9:10 p.m.•73 views

Cross-Site Scripting in BookStack

Impact A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machine...

6.3CVSS0.00782EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/06 7:41 p.m.•73 views

Improper Verification of Cryptographic Signature in PySAML2

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.5CVSS7.2AI score0.01207EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2020/02/12 6:45 p.m.•73 views

Improper Input Validation in Apache Solr

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS2.1AI score0.98567EPSS
Exploits12References60Affected Software1
Github Security Blog
Github Security Blog
•added 2020/02/04 3:7 a.m.•73 views

Catastrophic backtracking in regex allows Denial of Service in Waitress

Impact When waitress receives a header that contains invalid characters it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This would allow an attacker to send a single request with an invalid...

6.8CVSS1.1AI score0.0262EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2019/12/02 6:12 p.m.•73 views

Unsafe deserialization in SmtpTransport in CakePHP

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

7.5CVSS2.9AI score0.02002EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2019/04/23 4:7 p.m.•73 views

Installation information leak in Eclipse Jetty

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

5.3CVSS1AI score0.05782EPSS
Exploits0References20Affected Software1
Github Security Blog
Github Security Blog
•added 2019/01/07 7:14 p.m.•73 views

XML External Entity Reference in mchange:c3p0

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization...

9.8CVSS3.6AI score0.04589EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2024/11/22 8:26 p.m.•72 views

Tornado has an HTTP cookie parsing DoS vulnerability

The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. See...

7.5CVSS6.7AI score0.01051EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/08/12 6:30 p.m.•72 views

Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

5.9CVSS6AI score0.00581EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2024/01/04 9:54 p.m.•73 views

view_component Cross-site Scripting vulnerability

Impact What kind of vulnerability is it? Who is impacted? This is an XSS vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template...

6.1CVSS5.8AI score0.00495EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/12/04 9:30 a.m.•72 views

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

7.5CVSS6.7AI score0.00682EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/10/02 8:39 p.m.•72 views

TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

10CVSS6.8AI score0.35256EPSS
Exploits6References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/07 8:54 p.m.•72 views

Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf

Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers: pycon outbuf = b"\x00" 32 c = ciphers.CipherAESb"\x00" 32, modes.ECB.encryptor c.updateintob"\x00" 16, outbuf 16 outbuf...

6.5CVSS6.6AI score0.01301EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/09 7:45 p.m.•72 views

Gitops Run insecure communication

Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...

7.3CVSS1.4AI score0.00239EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/12 9:19 p.m.•72 views

SnakeYaml Constructor Deserialization Remote Code Execution

Summary SnakeYaml's Constructor class, which inherits from SafeConstructor, allows any type be deserialized given the following line: new Yamlnew ConstructorTestDataClass.class.loadyamlContent; Types do not have to match the types of properties in the target class. A ConstructorException is throw...

9.8CVSS9AI score0.99615EPSS
Exploits7References19Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/16 12:0 a.m.•72 views

Code injection in Apache NiFi and NiFi Registry

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

8.8CVSS8.9AI score0.03674EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2022/05/24 4:52 p.m.•72 views

Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text

Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

6.5CVSS6.7AI score0.0038EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/13 12:0 a.m.•72 views

SQL Injection in Django

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

9.8CVSS9.4AI score0.18516EPSS
Exploits3References16Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/02 12:0 a.m.•72 views

Command injection in simple-git

simple-git maintained as git-js named repository on GitHub is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch...

9.8CVSS1.7AI score0.04067EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/15 12:40 a.m.•72 views

Privilege Escalation in Docker

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...

7.2CVSS6.4AI score0.00393EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/10 10:38 p.m.•72 views

Apache CXF JMX Integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the createMBServerConnectorFactory property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An attack...

5.3CVSS6AI score0.06147EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/07/28 6:57 p.m.•72 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,...

7.6CVSS2.8AI score0.09363EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/15 3:59 p.m.•72 views

Cross-Site Scripting

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

6.1CVSS3.5AI score0.00856EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2021/04/30 5:30 p.m.•72 views

REXML round-trip instability

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

7.5CVSS3.7AI score0.05061EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/30 5:28 p.m.•72 views

Allocation of Resources Without Limits or Throttling in Undertow

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service...

7.5CVSS3.8AI score0.01192EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/20 4:40 p.m.•72 views

Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944

The origin parameter passed to some of the endpoints like /trigger was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.15. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...

6.1CVSS6AI score0.25076EPSS
Exploits0References21Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/08 6:11 p.m.•72 views

Directory Traversal in Django

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...

5.3CVSS3.4AI score0.03865EPSS
Exploits0References10Affected Software1
Total number of security vulnerabilities5000