Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2022/04/26 9:21 p.m.61 views

Keycloak vulnerable to privilege escalation on Token Exchange feature

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...

9.8CVSS3.8AI score0.01299EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/04 12:0 a.m.61 views

Elasticsearch privilege escalation

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “” index permissions access to this index. Users running a cluster on an affected version...

4.3CVSS4.9AI score0.00909EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/14 9:8 p.m.62 views

October/System authenticated file write leads to remote code execution

Impact Assuming an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. Patches Issue has been patched in Build 473 and v1.1.6 Workarounds Apply...

8.8CVSS1.4AI score0.01336EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/08 5:27 p.m.61 views

SQL Injection in Subrion CMS

SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection...

9.8CVSS9.6AI score0.01338EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 10:0 p.m.61 views

Directory Traversal in isomorphic-git

isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository...

5.3CVSS4.2AI score0.02182EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/01 6:32 p.m.61 views

Incorrect Authorization in serverless-offline

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

9.8CVSS9.1AI score0.0146EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:24 p.m.61 views

Injection in MockServer

MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on the MockServer machine. With an overly broad...

9.6CVSS2AI score0.02164EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/10 4:7 p.m.61 views

Open redirect in url-parse

Overview Affected versions of npm url-parse are vulnerable to URL Redirection to Untrusted Site. Impact Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior...

5.3CVSS6.4AI score0.01834EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:44 p.m.61 views

Open Redirect in Flask-User

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple backslashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

6.1CVSS6.5AI score0.01113EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:37 p.m.61 views

Workflow re-write vulnerability using input parameter

Impact Allow end-users to set input parameters, but otherwise expect workflows to be secure. Patches Not yet. Workarounds Set EXPRESSIONTEMPLATES=false for the workflow controller References https://github.com/argoproj/argo-workflows/issues/6441 For more information If you have any questions or...

6.5CVSS6.3AI score0.00963EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/28 5:57 p.m.61 views

Improper Resource Shutdown or Release in HashiCorp Vault

HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2...

7.5CVSS7.2AI score0.01422EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/19 9:21 p.m.61 views

Hashicorp Consul Missing SSL Certificate Validation

HashiCorp Consul before 1.10.1 and Consul Enterprise has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated...

7.5CVSS0.7AI score0.01457EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 6:32 p.m.61 views

Cross-site Scripting in Gogs

Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...

4.3CVSS5.5AI score0.01909EPSS
Exploits3References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/28 4:45 p.m.61 views

XXE vulnerability in Launch import

| Release Date | Affected Projects | Affected Versions | Access Vector| Security Risk | |--------------|-------------------|-------------------|---------------|---------------| | Monday, May 4, 2020| service-api | Every version, starting from 3.1.0 | Remote | Medium | Impact Starting from version...

7.5CVSS1.7AI score0.01349EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 5:20 p.m.61 views

Improper input validation in CNCF Cortex

The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack...

5.5CVSS0.9AI score0.0037EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/22 3:15 p.m.61 views

Form validation can be skipped

Impact By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. We consider the severity low because it is not possible to change any form values since the form state is secured with an HMAC that is still verified. That means that...

6.5CVSS0.4AI score0.01124EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 11:20 p.m.61 views

Cross-site scripting in Plone

Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...

5.4CVSS4AI score0.0065EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/01 9:21 p.m.61 views

Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint

Impact Due to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint cloud.sylabs.io rather than the configured remote endpoint. An attacker may be able...

6.8CVSS2.5AI score0.01415EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 5:0 p.m.61 views

Denial-of-Service within Docker container

Impact If you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. Specific Go Packages Affected ktbs.dev/teler/pkg/errors Patches Upgrade to the = 0.0.1...

7.5CVSS7.2AI score0.01412EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:38 p.m.61 views

Go Ethereum Improper Input Validation

In Go Ethereum aka geth before 1.8.14, TraceChain in eth/apitracer.go does not verify that the end block is after the start block. Specific Go Packages Affected github.com/ethereum/go-ethereum/eth...

7.5CVSS7.3AI score0.01249EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:34 p.m.61 views

golang.org/x/text Infinite loop

Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

7.5CVSS7.4AI score0.01855EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:32 p.m.61 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util

vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype...

4.3CVSS4.3AI score0.01109EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:6 p.m.61 views

Command Injection in onion-oled-js

This affects all versions up to and including version 0.0.2 of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS4.9AI score0.02972EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:54 p.m.61 views

Cross-Site Request Forgery in MAGMI

All versions of MAGMI up to and including version 0.7.24 are vulnerable to CSRF due to the lack of CSRF tokens. RCE via phpcli command is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI...

8.8CVSS8.4AI score0.14725EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:52 p.m.61 views

Command injection in Gerapy

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

9.8CVSS8.9AI score0.01694EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:52 p.m.61 views

SVGlib Vulnerable to XXE Attacks

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call...

9.8CVSS9AI score0.01448EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/29 9:52 p.m.61 views

Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...

8.8CVSS2.4AI score0.04849EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:47 p.m.61 views

Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 Vaadin 14.0.6 through 14.4.3, and 3.0.0 through 4.0.2 Vaadin 15.0.0 through 17.0.10 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

7.5CVSS3.9AI score0.01127EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/16 7:52 p.m.61 views

RSA signature validation vulnerability on maleable encoded message in jsrsasign

Impact Vulnerable jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length must be the same as RSA key length, however such checking was not sufficient. To make crafted...

9.1CVSS8.7AI score0.0096EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/12 7:1 p.m.61 views

Command Injection in macfromip

All versions of npm package macfromip are affected by a command injection vulnerability. The injection point is located in line 66 in macfromip.js...

9.8CVSS9.3AI score0.02046EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/07 9:51 p.m.61 views

Exposure of class information in RESTEasy

A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value...

5.3CVSS2.2AI score0.01439EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/23 3:26 p.m.61 views

OMERO.web exposes some unnecessary session information in the page

Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...

6.5CVSS1AI score0.01457EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/22 4:57 p.m.61 views

Out-of-bounds write in libpng

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function gettoken in pnm2png.c in pnm2png...

8.8CVSS4.4AI score0.03554EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 9:19 p.m.61 views

Command injection in kill-process-on-port

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId...

7.5CVSS7.4AI score0.01929EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 8:30 p.m.61 views

Django Incorrect Default Permissions

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...

7.5CVSS7.5AI score0.0327EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:54 p.m.61 views

Pillow Denial of Service by Uncontrolled Resource Consumption

Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large...

7.5CVSS7.2AI score0.03071EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:27 p.m.61 views

Privilege Escalation Flaw in Elasticsearch

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...

8.8CVSS8.6AI score0.016EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/19 9:16 p.m.61 views

Disabled users able to log in with third party SSO plugin

Impact Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address Patches Upgrade to 2.12.0 or later. Workarounds None. For more information If you have any questions or comments about this advisory: Email us at [email protected]...

8.1CVSS2.2AI score0.01116EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/06 7:27 p.m.61 views

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the URL sanitization logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or APIs. This impacts all users who are...

6.1CVSS6AI score0.01165EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2020/09/14 6:13 p.m.61 views

Sensitive Data Exposure in Apache Ant

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS2.7AI score0.01793EPSS
Exploits0References54Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/10 7:44 p.m.61 views

Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)

There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains. For more details please see: https://invdos.net/ For the paper:...

7.5CVSS1.1AI score0.03411EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/19 4:45 p.m.61 views

Moped Rubygem Data Injection Vulnerability

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...

7.5CVSS6.8AI score0.05661EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/07 10:28 p.m.61 views

Cross-Site Scripting in Prism

Impact The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism =v1.1.0 that use the Previewers plugin =v1.10.0 or the Previewer: Easing plugin...

7.5CVSS3.2AI score0.02041EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/29 5:29 p.m.61 views

Insecure defaults in UmbracoForms

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...

7.5CVSS3.6AI score0.00902EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 10:51 p.m.61 views

Command Injection in Kylin

Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...

9CVSS3.1AI score0.97337EPSS
Exploits2References18Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/03 9:58 p.m.61 views

Reflected XSS when importing CSV in OctoberCMS

Impact A user with the ability to use the import functionality of the ImportExportController behavior could be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Patches Issue has been patched in Build 4...

4.8CVSS0.2AI score0.00909EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/12 11:37 p.m.61 views

XSS/Script injection vulnerability in matestack

matestack-ui-core RubyGem before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4...

7.7CVSS3.5AI score0.00627EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:6 p.m.61 views

Arbitrary File Write in iobroker.js-controller

Versions of iobroker.controller prior to 2.0.25 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended /adapter/ folder, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to perform the...

7.5CVSS4.8AI score0.02158EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/01 7:18 p.m.61 views

Deserialization of untrusted data in FasterXML jackson-databind

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2, 2.8.11.4, and 2.7.9.6 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...

9.8CVSS9.5AI score0.08045EPSS
Exploits0References62Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 12:5 a.m.61 views

Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS6.9AI score0.09149EPSS
Exploits1References43Affected Software1
Total number of security vulnerabilities5000