Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2022/07/15 9:46 p.m.64 views

Cilium host policy bypass in endpoint-routes mode with dual-stack

Impact This vulnerability allows bypassing host policies for IPv6 traffic coming from a Cilium-managed pod and destined to the host-network namespace e.g., to a host-network pod. Host policy enforcement on IPv4 or for traffic coming from outside the node is not affected. Cilium is only affected b...

7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/05 9:6 p.m.64 views

Incorrect handling of invalid surrogate pair characters

Impact What kind of vulnerability is it? Who is impacted? Anyone parsing JSON from an untrusted source is vulnerable. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key...

7.5CVSS7.4AI score0.02283EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:35 p.m.64 views

OpenStack Horizon Open redirect in workflow forms

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

6.1CVSS6.5AI score0.014EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/18 12:0 a.m.64 views

Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin

Pipeline: Groovy Plugin allows pipelines to load Groovy source files. This is intended to be used to allow Global Shared Libraries to execute without sandbox protection. In Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier, any Groovy source files bundled with Jenkins core and plugins could ...

8.5CVSS8.3AI score0.01328EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:55 a.m.64 views

Access restriction bypass in Apache Tomcat

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an...

4.3CVSS5AI score0.06016EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 11:28 p.m.64 views

Reachable Assertion in Tensorflow

Impact When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow...

6.5CVSS3.4AI score0.00469EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/09 1:1 a.m.64 views

Authentication Bypass in Apache Cassandra

Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internodeencryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despit...

7.5CVSS7.2AI score0.01931EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:56 a.m.64 views

Allocation of Resources Without Limits or Throttling in Keycloak

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body...

7.5CVSS1.4AI score0.02242EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:36 p.m.64 views

Open Redirect in node-forge

parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path...

6.1CVSS6.5AI score0.00832EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/20 5:52 p.m.64 views

Authentication Bypass in dex

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Thi...

9.8CVSS8.8AI score0.01718EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/18 6:0 p.m.64 views

Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in...

5.9CVSS4.9AI score0.99999EPSS
Exploits20References19Affected Software2
Github Security Blog
Github Security Blog
added 2021/11/08 6:3 p.m.64 views

GraphiQL introspection schema template injection attack

Impact - 2. Scope - 3. Patches - 3.1 CDN bundle implementations may be automatically patched - 4. Workarounds for Older Versions - 5. How to Re-create the Exploit - 6. Credit - 7. References - 8. For more information This is a security advisory for an XSS vulnerability in graphiql. A similar...

7.1CVSS0.4AI score0.01032EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 5:22 p.m.64 views

Cross-Site Request Forgery in express-cart

The express-cart package through 1.1.10 for Node.js allows CSRF...

8.8CVSS8.4AI score0.00567EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:25 p.m.64 views

Missing Authorization in Apache Airflow

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.3CVSS6AI score0.04022EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:43 p.m.64 views

Division by 0 in `ResourceScatterDiv`

Impact The implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error: python import tensorflow as tf v= tf.Variable1,2,3 tf.rawops.ResourceScatterDiv resource=v.handle, indices=1, updates=0 The implementation uses a common class for all binary operations but fails to...

5.5CVSS5.9AI score0.00154EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/13 3:21 p.m.64 views

Druid ingestion system Authenticated users can read data from other sources than intended

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

6.5CVSS6.1AI score0.09877EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:42 p.m.64 views

Directory Traversal in elFinder.AspNet

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...

7.5CVSS3.1AI score0.01732EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 9:25 p.m.64 views

Path Traversal in Dutchcoders transfer.sh

Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files...

9.1CVSS4.1AI score0.02035EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 11:42 p.m.64 views

Potential Denial-of-Service in bindata

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...

4.3CVSS4.8AI score0.01866EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/17 8:10 p.m.64 views

Cross-site Scripting in wagtail

Impact When the % includeblock % template tag is used to output the value of a plain-text StreamField block CharBlock, TextBlock or a similar user-defined block derived from FieldBlock, and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This...

5.4CVSS5.8AI score0.01109EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/09 5:34 p.m.64 views

Insufficient Session Expiration in OpenStack Keystone

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

8.8CVSS3.1AI score0.01896EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 11:15 p.m.64 views

Command Injection in @ronomon/opened

The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input...

10CVSS5.4AI score0.04508EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 6:49 p.m.64 views

Out-of-bounds Read in Pillow

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayala...

9.1CVSS2.1AI score0.02876EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/02 9:44 p.m.64 views

markdown2 Regular Expression Denial of Service

markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time...

7.5CVSS7.1AI score0.02384EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/25 6:46 p.m.64 views

Cross-site Scripting in OpenNMS Horizon

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since ther...

4.8CVSS3.3AI score0.0102EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:56 p.m.64 views

Aliases are never checked in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. Patches This issue has been patched in Helm 3.3.2 a...

4CVSS5.4AI score0.01029EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/21 7:20 p.m.64 views

Command injection in Apache Flink

A vulnerability in Apache Flink where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reportername.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind th...

4.7CVSS5.4AI score0.00863EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:18 p.m.64 views

Use of a Broken or Risky Cryptographic Algorithm in Terraform

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. Specific Go Packages Affected github.com/hashicorp/terraform/backend/remote-state/azure...

7.5CVSS7.2AI score0.00998EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 8:58 p.m.64 views

Insecure template handling in haml-coffee

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...

7.7CVSS0.4AI score0.007EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 7:17 p.m.64 views

Prototype pollution in json8-merge-patch

Prototype pollution vulnerability in json8-merge-patch npm package 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor...

7.5CVSS7.2AI score0.01277EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:39 p.m.64 views

Prototype Pollution in mathjs

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

7.5CVSS7AI score0.03924EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:47 p.m.64 views

Uncontrolled Resource Consumption in json-bigint

Prototype pollution in json-bigint npm package 1.0.0 may lead to a denial-of-service DoS attack...

7.5CVSS7.8AI score0.01708EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 3:52 p.m.64 views

Command Injection in psnode

This affects all current versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS5.8AI score0.01336EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:11 p.m.64 views

XSS Cross Site Scripting

Impact It is possible to persistently inject scripts in XWiki. For unregistred users: - By filling simple text fields For registered users: - By filling their personal information - if they have edit rights By filling the values of static lists using App Within Minutes That can lead to user's...

9.6CVSS0.3AI score0.01123EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2021/04/22 4:11 p.m.64 views

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

7.1CVSS3.4AI score0.00322EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:14 p.m.64 views

Improper Input Validation in PyYAML

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

10CVSS9.7AI score0.05299EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:58 p.m.64 views

Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS2AI score0.01238EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:56 p.m.64 views

Missing validation of JWT signature in `ManyDesigns/Portofino`

Impact Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. Patches The issue will be patched in the upcoming 5.2.1 release. For more information If you have any questions o...

9.1CVSS8.7AI score0.00949EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2021/04/19 2:54 p.m.64 views

Malicious users could abuse Sydent to control the content of invitation emails

Impact A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. Patches Fixed in 4469d1d, 6b405a8, 65a6e91. Note that these patches include changes to the default email templates. If the...

5.7CVSS2AI score0.00934EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:52 p.m.64 views

Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. -...

6.1CVSS4.4AI score0.00668EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:52 p.m.64 views

Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...

6.5CVSS6.2AI score0.01001EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 5:1 p.m.64 views

Cross-Site Request Forgery (CSRF) in trestle-auth

Impact A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account...

8.1CVSS4.6AI score0.00657EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/24 5:58 p.m.64 views

Path Traversal within joomla/archive zip class

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path...

5.5CVSS3AI score0.01161EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/23 10:47 p.m.64 views

It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro

Impact The wikimacrocontent executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro very often a user which has Programming rights...

7.7CVSS0.4AI score0.00459EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/23 1:53 a.m.64 views

Cleartext storage of session identifier

Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system...

7.5CVSS1.7AI score0.00918EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2021/03/19 9:32 p.m.64 views

total.js Remote Code Execution Vulnerability

total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Remote Code Execution RCE via set. PoC js // To be ru...

9.8CVSS9.3AI score0.04787EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:55 p.m.64 views

Pillow Uncontrolled Resource Consumption

Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large...

7.5CVSS7.2AI score0.04851EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:39 p.m.64 views

html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

5.3CVSS5.8AI score0.02217EPSS
Exploits1References9Affected Software2
Github Security Blog
Github Security Blog
added 2021/03/03 11:1 p.m.64 views

Local Information Disclosure Vulnerability

Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...

4.3CVSS0.6AI score0.00563EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/10 2:32 a.m.64 views

Generation of fake documents via public GET-call

Impact Generation of fake documents via public GET-call Patches We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older...

2.2AI score
Exploits0References5Affected Software1
Total number of security vulnerabilities5000