Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2023/06/30 10:58 p.m.62 views

Remote Code Execution for 2.4.1 and earlier

Impact OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. Patches Patched in 07c4641471c6f5c2ab5aab615969e97211eb50d9 and further refined in...

9.8CVSS7.5AI score0.16501EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/29 6:31 p.m.62 views

smarty Cross-site Scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

7.1CVSS7AI score0.01025EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/23 9:30 p.m.62 views

Spring Framework vulnerable to denial of service via specially crafted SpEL expression

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...

6.5CVSS6.6AI score0.0097EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/03 6:30 a.m.62 views

phpseclib Infinite Loop vulnerability

Math/PrimeField.php in phpseclib has an infinite loop with composite primefields. This vulnerability was introduced in version 3.0.0, and has been patched in 3.0.19. The CVE for this issue originally identified the the vulnerable version as 2.x, however, the vulnerable functionality was not...

7.5CVSS7.3AI score0.00815EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/10 3:27 a.m.62 views

StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route

Summary When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate any class path resource. Details When computing the relative path to locate the resource, in cas...

5.3CVSS5.7AI score0.00919EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/09 9:56 p.m.62 views

KubePi may allow unauthorized access to system API

Summary Unauthorized access refers to the ability to bypass the system's preset permission settings to access some API interfaces. The attack exploits a flaw in how online applications handle routing permissions. Affected Version = v1.6.3 Patches The vulnerability has been fixed in v1.6.4...

7.5CVSS7.1AI score0.03573EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/06 9:25 p.m.62 views

PHPMailer vulnerable to email header injection

Impact Arbitrary additional email headers can be injected via crafted From or Sender headers. Patches Fixed in 2.2.1 Workarounds Filter user-supplied values prior to using them in From or Sender properties. References https://nvd.nist.gov/vuln/detail/CVE-2012-0796 For more information If you have...

4CVSS3.8AI score0.01677EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/30 4:33 a.m.62 views

matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-android-sdk2 implementing a...

7.5CVSS5.4AI score0.00655EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/13 9:42 p.m.62 views

October CMS upload process vulnerable to RCE via Race Condition

Impact This advisory affects plugins that expose the October\Rain\Database\Attach\File::fromData as a public interface. This vulnerability does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. When the developer allow...

8.1CVSS0.6AI score0.01358EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/07 12:0 a.m.62 views

Code injection in Apache Commons Configuration

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS9.7AI score0.42646EPSS
Exploits3References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/03 10:32 p.m.62 views

Unsanitized JavaScript code injection possible in gatsby-plugin-mdx

Impact The gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present when passing input in both webpack MDX fil...

9.8CVSS0.6AI score0.01865EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:12 p.m.62 views

SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS9.5AI score0.87816EPSS
Exploits1References23Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 2:58 a.m.62 views

Improper Restriction of XML External Entity Reference in Openpyxl

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document...

8.2CVSS7.7AI score0.01159EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:19 a.m.62 views

Improper Input Validation in Microsoft.NETCore.App

Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability...

7.5CVSS4.1AI score0.095EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 11:19 p.m.62 views

Incorrect Authorization in Apache Solr

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all...

4.3CVSS4.5AI score0.0202EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2021/10/27 6:52 p.m.62 views

Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x...

9.8CVSS5.9AI score0.65587EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/06 5:46 p.m.62 views

Deleted Admin Can Sign In to Admin Interface

Impact Assuming an administrator once had previous access to the admin interface, they may still be able to sign in to the backend using October CMS v2.0. Patches The issue has been patched in v2.1.12 Workarounds - Reset the password of the deleted accounts to prevent them from signing in. - Plea...

7.2CVSS1.7AI score0.01056EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2021/10/04 8:12 p.m.62 views

Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...

9.8CVSS1.6AI score0.03214EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/22 8:39 p.m.62 views

Clipboard-based XSS

Impact XSS against the user. Details jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML causing XSS. References The Curious...

8.7CVSS1.4AI score0.01027EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/08 8:14 p.m.62 views

Remote Code Execution in Apache Dubbo

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

8.8CVSS8.4AI score0.02019EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 10:2 p.m.62 views

Remote code execution in Eclipse Theia

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...

8.8CVSS8.2AI score0.00595EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 5:20 p.m.62 views

Layout XML Arbitrary Code Fix

Impact Layout XML enabled admin users to execute arbitrary commands via block methods...

9CVSS5.3AI score0.01971EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/13 3:21 p.m.62 views

Cross-site scripting in Apache Jena Fuseki

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

6.1CVSS4.1AI score0.02881EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/10 4:9 p.m.62 views

Prototype Pollution in deepmergefn

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function...

9.8CVSS5AI score0.01083EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 4:38 p.m.62 views

Incorrect Access Control in Nacos

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...

5.3CVSS5.5AI score0.0142EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/28 5:52 p.m.62 views

Improper Input Validation in Centreon Web

Centreon Web 19.04.4 allows Remote Code Execution by an administrator who can modify Macro Expression location settings...

9CVSS3.8AI score0.27002EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/22 7:36 p.m.62 views

Cross-Site Scripting in Query Generator & Query View

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.5 Problem Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileg...

6.4CVSS1.7AI score0.00598EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/28 5:16 p.m.63 views

Improper Verification of Cryptographic Signature

Impact The verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature of a SHA-512 hash matching the SHA-512 hash of the message even if the signature is invalid. Patches Upgrade to v7.0.3 immediately to resolve this issue. Since the vulnerability lies within the...

9.8CVSS5.6AI score0.00658EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 5:52 p.m.62 views

Incorrect Permission Assignment for Critical Resource in Hashicorp Consul

HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. Specific Go Packages Affected github.com/hashicorp/consul/agent/structs...

5.3CVSS5.5AI score0.01552EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 5:13 p.m.62 views

github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip)

The CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading .. which leads in file extraction outside of the current directory. Note, the fixing commit was applied to all affected versions which were re-released...

7.5CVSS7.3AI score0.01602EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/22 3:23 p.m.62 views

Command Injection in Centreon

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabasestatuspath via a main.get.php request and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page...

9CVSS8.3AI score0.05415EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 8:12 p.m.62 views

SQL Injection in t3/dce

The dce aka Dynamic Content Element extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account...

4.9CVSS5.3AI score0.01406EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/07 10:10 p.m.62 views

Regular expression denial of service in forms

The package forms before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

5.3CVSS3.5AI score0.0165EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/04 7:9 p.m.62 views

Script injection

Impact A malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is...

8.1CVSS0.1AI score0.01269EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:57 p.m.62 views

Repository index file allows for duplicates of the same chart entry in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs...

4CVSS5.2AI score0.00883EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/18 6:20 p.m.62 views

Improper Input Validation in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 in Go package github.com/hashicorp/vault-plugin-secrets-gcp/plugin has Incorrect Access Control...

9.8CVSS9AI score0.01522EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/13 10:31 p.m.62 views

Reflected Cross-site Scripting (XSS) in ACS Commons

ACS Commons version 4.9.2 and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content...

6.1CVSS2.6AI score0.03337EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:6 p.m.62 views

Path Traversal in marked-tree

This affects all versions up to and including version 0.8.1 of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js...

7.5CVSS7.3AI score0.01738EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:54 p.m.62 views

Cross-site Scripting in OpenCart

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section...

5.4CVSS4.3AI score0.02671EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:26 p.m.62 views

Prototype Pollution in promisehelpers

All versions of package promisehelpers up to and including version 0.0.5 are vulnerable to Prototype Pollution via the insert function...

9.8CVSS8.9AI score0.01916EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/30 5:29 p.m.62 views

Improper Input Validation in Spring Framework

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

8.7CVSS7.7AI score0.10736EPSS
Exploits1References26Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/30 5:29 p.m.62 views

Gon gem lack of escaping certain input when outputting as JSON

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...

6.1CVSS6.2AI score0.01376EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:51 p.m.62 views

Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 Vaadin 7.0.0 through 7.7.23, and 8.0.0 through 8.12.2 Vaadin 8.0.0 through 8.12.2 allows attacker to guess a security token via timing attack -...

4CVSS3.9AI score0.00306EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/04/12 6:59 p.m.62 views

Denial of Service (DoS) in restify-paginate

The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception...

7.5CVSS7.2AI score0.02589EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 4:35 p.m.62 views

Out of bounds read in Pillow

An issue was discovered in Pillow before 8.2.0. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries...

7.5CVSS7.9AI score0.01425EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 4:5 p.m.62 views

Prototype Pollution in y18n

Overview The npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. POC js const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true Recommendation Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later...

9.8CVSS8.4AI score0.69062EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/22 11:28 p.m.62 views

XStream is vulnerable to a Remote Command Execution attack

Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

9.9CVSS0.6AI score0.72324EPSS
Exploits1References18Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 8:30 p.m.62 views

Django Incorrect Default Permissions

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

7.5CVSS7.4AI score0.03969EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/08 7:41 p.m.62 views

Regular Expression Denial of Service (REDoS) in httplib2

Impact A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said server. Patches Version 0.19.0 contains new implementation of auth headers parsing, using...

7.5CVSS7.4AI score0.03876EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/02 3:46 p.m.62 views

Denial of Service in uap-core

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to = v0.11...

5.3CVSS4AI score0.02517EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities5000