33225 matches found
Log entry injection in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
Spree Auth Devise vulnerability allows for authentication bypass through CSRF weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given...
Type confusion in mpath
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...
Denial of Service in Elasticsearch
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...
Out-of-bounds write in ChakraCore
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827,...
Missing Authorization in TeamPass
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...
Regular Expression Denial of Service in Addressable templates
Impact Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless,...
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
The Helm core maintainers have identified a high severity security vulnerability in Go's crypto package affecting all versions prior to Helm 2.16.8 and Helm 3.1.0. Thanks to @ravin9249 for identifying the vulnerability. Impact Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte...
Path traversal in github.com/ipfs/go-ipfs
Impact It is currently possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when ipfs get is done on an affected DAG. 1. The only affected command is...
Incomplete validation in `tf.raw_ops.CTCLoss`
Impact Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap: python import tensorflow as tf inputs = tf.constant, shape=10, 16, 0, dtype=tf.float32 labelsindices = tf.constant, shape=8, 0, dtype=tf.int64 labelsvalues = tf.constant-100 8, shape=8,...
Heap OOB and null pointer dereference in `RaggedTensorToTensor`
Impact Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty: python import tensorflow as tf shape = tf.constant-1, -1, shape=2, dtype=tf.int64 values = tf.constant, shape=0, dtype=tf.int64 defaultvalue =...
Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
Impact The regex injection that may lead to Denial of Service. Patches Will be patched in 2.4 and 3.0 Workarounds Versions lower than 2.x are only affected if the navigation module is added References See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304 If you...
Prototype pollution in controlled-merge
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
Regular Expression Denial of Service in dat.gui
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values...
Man-in-the-middle attack in Apache Cassandra
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and...
Reflected cross-site scripting in francoisjacquet/rosariosis
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request...
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 Vaadin versions 8.0.0 through 8.12.4 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...
Authentication bypass in Apache Shiro
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...
Code Injection in oauth2-server
"oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...
Improper Verification of Cryptographic Signature in ansible
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...
lxml vulnerable to Cross-Site Scripting
An XSS vulnerability was discovered in the python lxml clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
Leak of information via Store-API
Impact Leak of information via Store-API Patches We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 The vulnerability could only be fixed by...
Regular Expression Denial of Service (REDoS) in Marked
Impact What kind of vulnerability is it? Who is impacted? Regular expression Denial of Service A Denial of Service attack can affect anyone who runs user generated code through marked. Patches Has the problem been patched? What versions should users upgrade to? patched in v2.0.0 Workarounds Is...
Kirby .dev domains and some reverse proxy setups were treated as local
Impact About our registration block In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget...
Potential Command Injection in libnotify
Versions 1.0.3 and earlier of libnotify are affected by a shell command injection vulnerability. This may result in execution of arbitrary shell commands, if user input is passed into libnotify.notify. Untrusted input passed in the call to libnotify.notify could result in execution of shell...
Cross Site Scripting and RCE in baserCMS
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS and Remote Code Execution RCE. Impact: XSS to RCE via Arbitrary file upload. Attack vector is: Administrator must be logged in. Components are: ThemeFilesController.php, UploaderFilesController.php. Tested baserCMS Version : 4.3.6...
dot-prop Prototype Pollution vulnerability
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...
Improper Access Control in novajoin
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...
Denial of Service in uap-core when processing crafted User-Agent strings
Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....
Ckeditor XSS Vulnerability
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. It was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a specially crafted HTML code, prepared by the attacker, into the opene...
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection
Summary Nodemailer constructs List- headers from the caller-provided list message option using internally prepared header values. The list..comment field is inserted into those prepared values without removing CR \r or LF \n characters. Because prepared headers bypass the normal header-value...
OpenList vulnerable to Path Traversal in file copy and remove handlers
Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal and copying across user...
Improper Authorization vulnerability in Magento and Adobe Commerce
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access...
Mongoose search injection vulnerability
Mongoose versions prior to 8.9.5, 7.8.4, and 6.13.6 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthorized access...
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Cose, System.IO.Packaging, Microsoft.Extensions.Caching.Memory. This...
Server Side Request Forgery (SSRF) attack in Fedify
Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...
Winter CMS Server-Side Template Injection (SSTI) vulnerability
Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components...
Ion Java StackOverflow vulnerability
Impact A potential denial-of-service issue exists in ion-java for applications that use ion-java to: Deserialize Ion text encoded data, or Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation. An actor could...
Fabric vulnerable to crosslinking transaction attack
Short summary Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the...
Keycloak vulnerable to Plaintext Storage of User Password
A flaw was discovered in Keycloak Core package. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular attributes in the users attributes. The password is also created, but the user attributes must not be there. This...
Gravitee API Management contains Path Traversal
This CVE addresses the partial fix for CVE-2019-25075 Gravitee API Management before 3.15.13 allows path traversal through HTML injection. A certain HTML injection combined with path traversal in the Email service in Gravitee API Management before 3.15.13 allows anonymous users to read arbitrary...
Denial of service in Spring Framework
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
Spoofing attack in swagger-ui
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions...
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...
Git LFS can execute a Git binary from the current directory
Impact On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This occurs because on Windows, Go includes and prefers t...
Cross-site Scripting in showdoc
Stored XSS via upload attachment with format .svg in File Library...
A potential Denial of Service issue in protobuf-java
Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Reporter: OSS-Fuzz Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are...
Improper sanitization of target names
Impact The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. AWS would like to thank...