Lucene search
K
GithubMost viewed

33268 matches found

Github Security Blog
Github Security Blog
added 2023/01/11 6:27 p.m.58 views

gatsby-transformer-remark has possible unsanitized JavaScript code injection

Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when...

8.1CVSS5.8AI score0.00613EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/28 12:30 a.m.58 views

YAML Go package vulnerable to denial of service

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

5.5CVSS4.3AI score0.00415EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.58 views

Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin

CloudBees Docker Hub/Registry Notification Plugin provides several webhook endpoints that can be used to trigger builds when Docker images used by a job have been rebuilt. In CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier, these endpoints can be accessed without authenticatio...

7.5CVSS7.9AI score0.00566EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/31 12:0 a.m.58 views

Sanitize-html Vulnerable To REDoS Attacks

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

7.5CVSS7.4AI score0.0115EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/21 9:38 p.m.58 views

Grails framework Remote Code Execution via Data Binding

Impact A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. Patches Grails framewor...

9.8CVSS9.3AI score0.01746EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/16 11:14 p.m.58 views

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Impact This vulnerability allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames enabled which in turn allows effective access to ipcRenderer. Please note the misleadingly named nodeIntegrationInSubFrames option does not implicitly grant...

9.8CVSS8.8AI score0.00976EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/03 10:19 p.m.58 views

Dev error stack trace leaking into prod in Play Framework

Impact Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its DefaultHttpErrorHandler to do so based on the application mode. In its Scala API Play also provides a static object DefaultHttpErrorHandler...

7.5CVSS7.6AI score0.01233EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2022/06/01 7:56 p.m.58 views

Path Traversal in XWiki Platform

Impact One can ask for any file located in the classloader using the template API and a path with ".." in it. For example template name="../xwiki.hbm.xml"/ To our knownledge none of the available files of the classloader in XWiki Standard contain any strong confidential data, hence the low...

4CVSS4.6AI score0.00998EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/25 12:0 a.m.58 views

Undertow Uncontrolled Resource Consumption

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final a...

5.9CVSS6.3AI score0.01175EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:33 p.m.58 views

Magento SQL Injection vulnerability

Magento versions 2.4.0 and 2.3.5 and earlier are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database...

7.1CVSS7.1AI score0.02273EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:5 p.m.58 views

keycloak vulnerable to unauthorized login via mail server setup

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'...

9.1CVSS3.9AI score0.01718EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:24 a.m.58 views

Apache MyFaces Vulnerable to Path Traversal

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...

5CVSS6.5AI score0.33471EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:5 a.m.58 views

Moodle Authenticated Spelling Binary Remote Code Execution

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...

4.6CVSS7.4AI score0.42566EPSS
Exploits10References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 6:33 p.m.58 views

Apache Tomcat Path Traversal Vulnerability

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag...

3.5CVSS6.7AI score0.39681EPSS
Exploits2References35Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/25 12:0 a.m.58 views

Cross-site Scripting in Pimcore Datahub

Pimcore Datahub prior to 1.2.4 is vulnerable to stored cross-site scripting. An admin user accessing Datahub triggers the attack, which may result in the user's cookie being stolen...

6.5CVSS2.6AI score0.00573EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/16 12:0 a.m.58 views

openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

7.5CVSS7.7AI score0.70561EPSS
Exploits2References38Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.58 views

Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...

6.5CVSS3.6AI score0.00809EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/12 8:7 p.m.58 views

Improper Initialization in Pillow

Pillow is the friendly PIL Python Imaging Library fork. pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

6.5CVSS7.8AI score0.02556EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/20 5:58 p.m.58 views

Open Redirect in OAuth2 Proxy

Impact As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user...

5.8CVSS5.7AI score0.00896EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/12 4:26 p.m.58 views

Prototype pollution in getobject

Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS9.1AI score0.04031EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/28 4:16 p.m.58 views

Improper Authorization in Google OAuth Client

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

9.1CVSS8.5AI score0.01587EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/10 5:54 p.m.58 views

Incorrect Authorization with specially crafted requests

Envoy, which Pomerium is based on, contains two authorization related vulnerabilities: - CVE-2021-32777: incorrectly transform a URL containing a fragment element, causing a mismatch in path-prefix based authorization decisions. - CVE-2021-32779: incorrectly handle duplicate headers, dropping all...

8.6CVSS8.2AI score0.03325EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.58 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04735EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:45 p.m.58 views

Code injection issue for java-spring-cloud-stream-template

The following was initially reported by @jonaslagoni: Given the following command: ag ./dummy.json @asyncapi/java-spring-cloud-stream-template --force-write --output ./output With the following AsyncAPI document: json "asyncapi": "2.0.0", "info": "title": "Streetlight", "version": "1.0.0" ,...

8.7CVSS7.5AI score0.00877EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 4:47 p.m.58 views

Improper Authentication in Apereo CAS

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

7.5CVSS7.4AI score0.01219EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/30 4:51 p.m.58 views

Resource exhaustion in socket.io-parser

The socket.io-parser npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

7.5CVSS7.2AI score0.02589EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 6:32 p.m.58 views

SQL Injection in gogs.io/gogs

SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues...

7.5CVSS8.3AI score0.04437EPSS
Exploits5References13Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/23 6:3 p.m.58 views

Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings

Impact All versions of Pterodactyl Wings preior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually...

6.5CVSS1.2AI score0.00267EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/15 4:11 p.m.58 views

Server-Side Request Forgery in Plone

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...

4.3CVSS5AI score0.00992EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/15 4:10 p.m.58 views

Duplicate Advisory: Path Traversal in Zope

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references. Original Description Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted...

8.8CVSS7.6AI score0.01843EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/25 6:47 p.m.58 views

Cross-site Scripting in OpenNMS Horizon

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the...

4.8CVSS1.8AI score0.01043EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/25 6:44 p.m.58 views

mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs

Summary runc 1.0.0-rc94 and earlier are vulnerable to a symlink exchange attack whereby an attacker can request a seemingly-innocuous container configuration that actually results in the host filesystem being bind-mounted into the container allowing for a container escape. CVE-2021-30465 has been...

8.5CVSS0.4AI score0.06604EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/25 6:42 p.m.58 views

In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication

Impact Data channel communication was incorrectly allowed with users who have failed DTLS certificate verification. This attack requires Attacker knows the ICE password. Only take place during PeerConnection handshake. This attack can be detected by monitoring PeerConnectionState in all versions ...

5.3CVSS5.4AI score0.00677EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.58 views

Incomplete validation in `SparseAdd`

Impact Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data: python import tensorflow as tf aindices = tf.zeros10, 97, dtype=tf.int64 avalues = tf.zeros10, dtype=tf.int6...

7.8CVSS1.8AI score0.00234EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.58 views

Integer overflow in TFLite memory allocation

Impact The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issue: cc int TfLiteIntArrayGetSizeInBytesint size static TfLiteIntArray dummy; return sizeofdummy + sizeofdummy.data0 size; An attacker can craft a model such that the size multiplier is so large that the...

7.1CVSS2.2AI score0.0022EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/18 9:9 p.m.58 views

Insufficient Session Expiration in Kiali

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the...

8.6CVSS8.1AI score0.01125EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:28 p.m.58 views

Hard coded cryptographic key in Kiali

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alte...

8.6CVSS8.4AI score0.03468EPSS
Exploits2References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 5:33 p.m.58 views

Insecure Permissions in Gogs

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks...

9.8CVSS2.6AI score0.01528EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 9:0 p.m.58 views

Code Injection in mosc

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

8.6CVSS8.7AI score0.01938EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:31 p.m.58 views

Cross-site scripting in SiCKRAGE

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...

5.4CVSS2.9AI score0.0066EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:54 p.m.58 views

SSRF in Sydent due to missing validation of hostnames

Impact Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. Patches...

7.7CVSS0.2AI score0.01194EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:50 p.m.58 views

OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...

8.6CVSS4.1AI score0.02382EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:41 p.m.58 views

Improper Input Validation in klona

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona...

9.8CVSS9.5AI score0.04118EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:22 p.m.58 views

Command injection in corenlp-js-prefab

This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.'...

9.8CVSS9.1AI score0.01571EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/07 8:35 p.m.58 views

Path Traversal in Ansible

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...

4.6CVSS5.9AI score0.00487EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/26 7:53 p.m.58 views

HTML injection in email and account expiry notifications

Impact The notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled ...

6.1CVSS1AI score0.01392EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/24 5:42 p.m.58 views

XSS in CreateQueuedJobTask

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...

6.1CVSS4.7AI score0.00751EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:55 p.m.58 views

Pillow Denial of Service by Uncontrolled Resource Consumption

Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large...

7.5CVSS6.6AI score0.0317EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/11 5:42 p.m.58 views

/user/sessions endpoint allows detecting valid accounts

This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the respons...

0.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/03 2:3 a.m.58 views

Remote code execution via the `pretty` option.

Impact If a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. Patches Upgrad...

9CVSS0.7AI score0.04269EPSS
Exploits1References9Affected Software2
Total number of security vulnerabilities5000