Lucene search
K
GithubMost viewed

33268 matches found

Github Security Blog
Github Security Blog
added 2022/05/02 3:13 a.m.57 views

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in multiple products. The Apache XML Security Java is affected by the vulnerability published in US-Cert VU 466161. See: http://www.kb.cert.org/vuls/id/466161 for more information. This bug can allow ...

5CVSS0.5AI score0.06348EPSS
Exploits0References29Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/27 9:25 p.m.57 views

ECP SAML binding bypasses authentication flows

Description A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's...

6.8CVSS7.6AI score0.00874EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/11 9:18 p.m.57 views

Nokogiri Inefficient Regular Expression Complexity

Summary Nokogiri = 1.13.4. Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.1. References CWE-1333 Inefficient Regular Expression Complexity Credit This vulnerability was reported by HackerOne user oooooooq ななおく...

7.5CVSS7.5AI score0.03549EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/11 11:53 p.m.57 views

Command injection in Parse Server through prototype pollution

Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...

10CVSS0.1AI score0.49081EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 12:41 a.m.57 views

Arbitrary Code Execution in Docker

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

7.5CVSS7.2AI score0.04909EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:36 p.m.57 views

OS Command Injection in strong-nginx-controller

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...

9.8CVSS9.3AI score0.02941EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/07 12:21 a.m.57 views

OS Command Injection in diskusage-ng

diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument...

9.8CVSS9.3AI score0.03857EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/02 2:50 p.m.57 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

9.8CVSS2.6AI score0.97399EPSS
Exploits15References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/21 5:49 p.m.57 views

Exposure of Sensitive Information to an Unauthorized Actor in Moodle

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10...

5.3CVSS5.7AI score0.01519EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/21 6:28 p.m.57 views

Confused Deputy in Kubernetes

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

4.1CVSS4.9AI score0.01953EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 10:56 p.m.57 views

Authentication bypass in Apache Zeppelin

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions...

7.5CVSS5.5AI score0.03258EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 5:22 p.m.57 views

HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0...

4.4CVSS5.4AI score0.00271EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:48 p.m.57 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04065EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/13 3:21 p.m.57 views

Improper Handling of Exceptional Conditions in Apache Tomcat

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once ...

7.5CVSS2.3AI score0.06889EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:43 p.m.57 views

XML External Entity Reference in Glances

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

9.8CVSS5.5AI score0.01639EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:39 p.m.57 views

Code injection in topthink/think

A remote code execution RCE vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code...

9.8CVSS9.8AI score0.02474EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:35 p.m.57 views

Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results fr...

7.5CVSS7.2AI score0.0258EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 4:59 p.m.57 views

Prototype Pollution in GraphHopper

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

5.4CVSS4.5AI score0.01401EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/28 6:57 p.m.57 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827,...

7.6CVSS2.5AI score0.09363EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:34 p.m.57 views

Missing Authorization in TYPO3 extension

The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...

4.3CVSS3.5AI score0.00778EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/01 5:0 p.m.57 views

Cross site scripting in the system log

Impact It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end. Patches Update to Contao 4.9.16 or 4.11.5. Workarounds Disable the system log module in the back end for all users especially admin users. References...

6.1CVSS6.2AI score0.0074EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/24 8:28 p.m.57 views

Improper network isolation in Hashicorp Nomad

HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1...

6.5CVSS3.5AI score0.00512EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 5:27 p.m.57 views

Control character injection in console output in github.com/ipfs/go-ipfs

Impact Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. Patches - Patched via https://github.com/ipfs/go-ipfs/pull/7831 in v0.8.0 For more information If you have any questions...

8.8CVSS8.3AI score0.01501EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/21 5:18 p.m.57 views

Prototype pollution in safe-obj

Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS6.8AI score0.03327EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:37 p.m.57 views

Improper Restriction of Recursive Entity References in Apache XMLBeans

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

9.1CVSS4.2AI score0.06215EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:28 p.m.57 views

CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not require POST requests for a connection test method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified...

7.1CVSS6.5AI score0.00642EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:17 p.m.57 views

Command injection in Apache Unomi

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

7.5CVSS5.1AI score0.02283EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/15 4:5 p.m.57 views

Cross-site scripting in RESTEasy

A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

6.1CVSS1.7AI score0.01394EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/24 6:12 p.m.57 views

Improper certificate validation in em-imap

em-imap 0.5 and earlier use the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

7.4CVSS6.9AI score0.00751EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 5:0 p.m.57 views

Redirect URL matching ignores character casing

Impact Before version v0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match: 1. Registering a client with allowed redirect URL...

6.1CVSS0.5AI score0.00833EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:32 p.m.57 views

Privilege escalation in rbac

Impact Using a carefully crafted request or malicious proxy, a user with UserWrite permissions could create another user with higher privileges than their own due to insufficient checks on the allowed set of permissions. The event would be captured in the Event Log. Patches The issue has been fix...

8.8CVSS2.3AI score0.00718EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 9:8 p.m.57 views

gopkg.in/macaron.v1 Open Redirect vulnerability

macaron before 1.3.7 has an open redirect in the static handler. Due to improper request santization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...

6.1CVSS6AI score0.01375EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 7:15 p.m.57 views

Go JOSE Signature Validation Bypass

Go JOSE before 1.1.0 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the...

7.5CVSS7.2AI score0.01967EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:27 p.m.57 views

SQL Injection in Cloud Native Computing Foundation Harbor

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform...

4.9CVSS4.1AI score0.01424EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 8:53 p.m.57 views

Lack of protection against cookie tossing attacks in fastify-csrf

Impact Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Patches Version 3.1.0 of the fastify-csrf fixes it. See https://github.com/fastify/fastify-csrf/pull/51 and...

6.5CVSS0.2AI score0.00829EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 7:8 p.m.57 views

Regular expression denial of service in npm-user-validate

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

7.5CVSS8.4AI score0.0344EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:51 p.m.57 views

Flask-Cors Directory Traversal vulnerability

An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

7.5CVSS7.2AI score0.04017EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:26 p.m.57 views

Prototype Pollution in nodee-utils

All versions of package nodee-utils below version 1.2.3 are vulnerable to Prototype Pollution via the deepSet function...

9.8CVSS8.9AI score0.01916EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:15 p.m.57 views

Cross-site Scripting in GwtUpload

The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename...

6.1CVSS5.6AI score0.0074EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:25 p.m.57 views

Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport

An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...

9.8CVSS9.7AI score0.02692EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:22 p.m.57 views

OS Command Injection in enpeem

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

9.8CVSS4.1AI score0.02767EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:20 p.m.57 views

Code injection in port-killer

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

8.8CVSS4.9AI score0.01654EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/06 5:22 p.m.57 views

Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate

Versions of isolated-vm before v4.0.0, and especially before v3.0.0, have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an...

9.6CVSS4.4AI score0.00713EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/30 4:23 p.m.57 views

Netflix/Priam: Temporary Directory Information Disclosure

Impact When File.createTempFile creates a file, the permissions on that file are -rw-r--r--. This means that other users can read the contents of these files after they are written, although they can not modify the contents. This allows for local information disclosure if these files contain...

5.5CVSS0.5AI score0.00259EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:55 p.m.57 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366...

7.6CVSS2.6AI score0.09509EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 4:35 p.m.57 views

Out of bounds read in Pillow

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c...

7.5CVSS2.5AI score0.01601EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 11:4 p.m.57 views

Vulnerability allowing for reading internal HTTP resources

Impact The vulnerability allows for reading and outputting files served by other services on the internal network in which the export server is hosted. If the export server is exposed to the internet, this potentially allows a malicious user to gain read access to internal web-resources. The impa...

1.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/29 6:13 p.m.57 views

Command Injection in @graphql-tools/git-loader

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

8.8CVSS4.4AI score0.02814EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/20 9:20 p.m.57 views

Deserialization of untrusted data in jackson-databind

A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.3CVSS8.4AI score0.07483EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/19 8:50 p.m.57 views

Mautic users able to download any files from server using filemanager

Impact Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session must be logged into Mautic to use the Filemanager to download any file from the server that the web user has access to. Patches Update to 2.12.0 or later. Workarounds None For more information If y...

6.5CVSS3AI score0.01403EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities5000