Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2024/03/18 8:36 p.m.68 views

Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency

Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will enable remote code executio...

9CVSS5.7AI score0.01485EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2024/01/19 12:30 p.m.68 views

Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue...

5.3CVSS5.8AI score0.14286EPSS
Exploits3References11Affected Software3
Github Security Blog
Github Security Blog
added 2023/08/29 11:33 p.m.68 views

@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

Impact @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.1. Workarounds None References N/A...

5.3CVSS6.6AI score0.00985EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/01 10:34 p.m.68 views

pyca/cryptography's wheels include vulnerable OpenSSL

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt,...

6.8AI score
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/20 2:52 p.m.68 views

aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser

Impact aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an...

7.5CVSS6.8AI score0.03906EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.68 views

Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability

Jenkins Pipeline Utility Steps Plugin provides the untar and unzip Pipeline steps to extract archives into job workspaces. Pipeline Utility Steps Plugin 2.15.2 and earlier does not validate or limit file paths of files contained within these archives. This allows attackers able to provide crafted...

8.8CVSS6.9AI score0.01016EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/24 6:30 a.m.68 views

@braintree/sanitize-url Cross-site Scripting vulnerability

sanitize-url aka @braintree/sanitize-url before 6.0.1 allows XSS via HTML entities...

6.1CVSS5.8AI score0.0056EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/20 6:30 p.m.68 views

Apache Commons FileUpload denial of service vulnerability

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

7.5CVSS7.7AI score0.46836EPSS
Exploits1References21Affected Software4
Github Security Blog
Github Security Blog
added 2022/12/25 9:30 p.m.68 views

Starcounter-Jack JSON-Patch Prototype Pollution vulnerability

A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be initiated remotely...

9.8CVSS2.8AI score0.01083EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/26 3:30 a.m.68 views

PyTorch vulnerable to arbitrary code execution

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely. The fix for this issue is available in version 1.13.1. There is a release checker in issue 89855...

9.8CVSS9.2AI score0.01192EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/07 7:0 p.m.68 views

Apache Commons BCEL vulnerable to out-of-bounds write

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those...

9.8CVSS9AI score0.02836EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.68 views

Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

9.9CVSS9.5AI score0.01428EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2022/10/18 12:0 p.m.68 views

minimatch ReDoS vulnerability

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

7.5CVSS7.8AI score0.01674EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/03 12:0 a.m.69 views

Uncontrolled Resource Consumption in Jackson-databind

In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. This was patched in 2.12.7.1,...

7.5CVSS7.6AI score0.02824EPSS
Exploits2References18Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/19 12:0 a.m.68 views

Path Traversal in Payara

Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded...

7.5CVSS7.3AI score0.01065EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:59 p.m.68 views

Improper Restriction of XML External Entity Reference in Apache POI

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

5.5CVSS3.5AI score0.0099EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:54 a.m.68 views

ClassLoader manipulation in Apache Struts

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...

5CVSS8.4AI score0.99614EPSS
Exploits7References12Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/04 12:0 a.m.68 views

Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hw42-3568-wj87. This link is maintained to preserve external references. Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the...

8.7CVSS7.2AI score0.00287EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 8:51 p.m.68 views

Apache Geode SSL endpoint verification vulnerability

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...

7.4CVSS6.9AI score0.01383EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/29 5:18 p.m.68 views

Improper Access Control in passport-oauth2

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants...

5.3CVSS1.3AI score0.01261EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/23 11:18 p.m.68 views

Observable Discrepancy in Apache Kafka

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS6.7AI score0.0582EPSS
Exploits0References14Affected Software4
Github Security Blog
Github Security Blog
added 2021/09/09 5:11 p.m.68 views

SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way

Impact The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...

7.5CVSS8AI score0.0628EPSS
Exploits0References19Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/09 8:41 p.m.68 views

Deserialization of Untrusted Data in Apache jUDDI

Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...

9.8CVSS9.3AI score0.04115EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/28 5:57 p.m.68 views

Missing Authentication for Critical Function in Saleor

An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...

5.3CVSS5.5AI score0.01083EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/12 4:53 p.m.68 views

Files or Directories Accessible to External Parties in ether/logs

Impact A vulnerability was found that allowed authenticated admin users to access any file on the server. Patches The vulnerability has been fixed in 3.0.4. Workarounds We recommend disabling the plugin if untrustworthy sources have admin access. For more information If you have any questions or...

7.2CVSS5.1AI score0.01079EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 3:12 a.m.68 views

List of order ids, number, items total and token value exposed for unauthorized uses via new API

Impact Part of the details order ID, order number, items total, and token value of all placed orders were exposed to unauthorized users. If exploited properly, a few additional information like the number of items in the cart and the date of the shipping may be fetched as well. This data seems to...

5.3CVSS1.6AI score0.00881EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:19 p.m.68 views

Shell command injection in Apache Syncope

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

8.5CVSS2.5AI score0.02835EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 11:19 p.m.68 views

Open Redirect in trailing-slash

The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable code is in index.js::createTrailing, as the web server uses relative URLs...

6.1CVSS1AI score0.0115EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:15 p.m.68 views

OS Command Injection in gulp-scss-lint

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

9.8CVSS9.2AI score0.02644EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:27 p.m.68 views

Arbitrary Code Execution in grunt

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load instead of its secure replacement safeLoad of the package js-yaml inside grunt.file.readYAML...

7.1CVSS7.2AI score0.02285EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:16 p.m.68 views

Observable Differences in Behavior to Error Inputs in Bouncy Castle

In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that...

5.3CVSS5.5AI score0.00914EPSS
Exploits0References8Affected Software8
Github Security Blog
Github Security Blog
added 2021/04/20 4:46 p.m.68 views

Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

5CVSS6AI score0.004EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:29 p.m.68 views

Improper Certificate Validation in blackduck

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

7.5CVSS7.3AI score0.01112EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:51 p.m.68 views

Directory traversal in development mode handler in Vaadin 14 and 15-17

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder. -...

7.5CVSS7.3AI score0.01211EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/08 4:46 p.m.68 views

CSRF Vuln can expose user's QRcode

Impact When a user is setting up two-factor authentication using an authenticator app, a QRcode is generated and made available via a GET request to /tf-qrcode. Since GETs do not have any CSRF protection, it is possible a malicious 3rd party could access the QRcode and therefore gain access to...

2.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 9:28 p.m.68 views

Regular Expression Denial of Service (ReDoS) in Jinja2

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiti...

5.3CVSS5.9AI score0.03546EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:55 p.m.68 views

Pillow Out-of-bounds Write

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

8.8CVSS9.2AI score0.01789EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 9:34 p.m.68 views

Cross-site scripting (XSS)

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...

4.8CVSS5.9AI score0.01134EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 9:33 p.m.68 views

Keycloak Missing authentication for critical function

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.8CVSS6.1AI score0.00329EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 9:28 p.m.68 views

jspdf vulnerable to Regular Expression Denial of Service (ReDoS)

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function...

7.5CVSS7.3AI score0.02644EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/01 7:57 p.m.68 views

Denial of service in three

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: js var three = require'three' function buildblankn var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...

7.5CVSS7.3AI score0.02519EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/19 9:16 p.m.68 views

XSS vulnerability in company name field in Mautic

Impact Mautic version 2.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Company's name that can result in denial of service and execution of javascript code. Patches Update to 2.14.0 or later. Workarounds None. For more information If you have any questions or comments about...

6.1CVSS3.4AI score0.00832EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/13 7:13 p.m.68 views

Signature validation bypass in ServiceStack

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

5.3CVSS5.5AI score0.02325EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/18 10:51 p.m.69 views

Cross-site Scripting in dompurify

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.4AI score0.04881EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/10 7:7 p.m.68 views

Lack of validation in data format attributes in TensorFlow

Impact The tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. However, these assumptions are not checked and this can result in uninitialized memory accesses, read outside of bounds a...

7.8CVSS2.1AI score0.00241EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2020/10/08 7:28 p.m.68 views

Open Redirect in Next.js versions

Impact - Affected: Users of Next.js between 9.5.0 and 9.5.3 - Not affected: Deployments on Vercel https://vercel.com are not affected - Not affected: Deployments using next export We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. Patches...

6.1CVSS1.8AI score0.00773EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/29 4:26 p.m.68 views

Authorization header is not sanitized in an error object in auth0

Overview Versions before and including 2.27.0 use a block list of specific keys that should be sanitized from the request object contained in the error object. When a request to Auth0 management API fails, the key for Authorization header is not sanitized and the Authorization header value can be...

7.7CVSS1.3AI score0.01539EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/26 3:9 p.m.68 views

Possible Strong Parameters Bypass in ActionPack

There is a strong parameters bypass vector in ActionPack. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of each, or eachvalue, or eachpair will return the...

7.5CVSS7.5AI score0.04198EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/12 12:45 a.m.68 views

False-negative validation results in MINT transactions with invalid baton

Impact Users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Patches npm package slp-validate has been patched and...

8.6CVSS2.8AI score0.01036EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/12 12:39 a.m.68 views

False-negative validation results in MINT transactions with invalid baton

Impact Users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Patches npm package slpjs has been patched and published a...

8.6CVSS2.5AI score0.00932EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000