Lucene search
K
GithubMost viewed

33255 matches found

Github Security Blog
Github Security Blog
added 2023/04/20 2:37 p.m.56 views

vm2 Sandbox Escape vulnerability

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat actor can bypass the sandbox...

10CVSS9.9AI score0.72087EPSS
Exploits5References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/11 10:2 p.m.56 views

.NET Remote Code Execution vulnerability

Microsoft Security Advisory CVE-2023-28260: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

7.8CVSS8.2AI score0.01531EPSS
Exploits0References5Affected Software4
Github Security Blog
Github Security Blog
added 2023/04/04 3:30 p.m.56 views

Withdrawn: SQL injection in Yii 2

Withdrawn Advisory This advisory has been withdrawn because the issue originates from a product built on Yii2, not the Yii2 Framework itself. This link is maintained to preserve external references. Original Description SQL injection vulnerability found in Yii Framework Yii 2 Framework before...

9.8CVSS8.2AI score0.01822EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/23 9:30 p.m.56 views

Moodle may allow authenticated users to enumerate other user's names via learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

4.3CVSS5.2AI score0.00551EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/20 9:27 p.m.56 views

CairoSVG improperly processes SVG files loaded from external resources

SSRF vulnerability Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara, python 3.9 Tested CairoSVG version 2.6.0 Details A specially...

9.9CVSS6.6AI score0.00722EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/08 5:20 p.m.56 views

Rack has possible DoS Vulnerability in Multipart MIME parsing

There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 Impact The Multipart MIME parsing code in Rack...

7.5CVSS7.6AI score0.0183EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/08 10:38 p.m.56 views

@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability

Impact User-provided strings to formula's parser might lead to polynomial execution time. Patches Users should upgrade to 3.0.1+. Workarounds None...

6.5CVSS6.4AI score0.00611EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/21 3:30 p.m.56 views

Command Injection in Apache Airflow and Apache Airflow MySQL Provider

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

9.8CVSS8.8AI score0.11082EPSS
Exploits2References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/01/10 10:48 p.m.56 views

Reflected XSS in Gotify's /docs via import of outdated Swagger UI

Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...

6.1CVSS2.1AI score0.04881EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/05 12:30 p.m.56 views

Vercel ms Inefficient Regular Expression Complexity vulnerability

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

5.3CVSS5.7AI score0.00981EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/21 6:30 a.m.56 views

vm2 vulnerable to Arbitrary Code Execution

The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...

9.8CVSS2.9AI score0.01425EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/11 3:30 p.m.56 views

phpMyFAQ has insecure HTTP cookies

phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9...

7.5CVSS7.3AI score0.00422EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/21 10:34 p.m.56 views

Tailscale daemon is vulnerable to information disclosure via CSRF

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. Affected platforms: All Patched Tailscale client versions: v1.32.3 or later, v1.33.257 or later unstable What happened? In the...

8.8CVSS8.6AI score0.00534EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/04 12:0 p.m.56 views

deep-object-diff vulnerable to Prototype Pollution

deep-object-diff before version 1.1.6 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited. This issue was fixed in version 1.1.9...

5.3CVSS5.4AI score0.00643EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/25 8:22 p.m.56 views

@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

Description Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did n...

5.4CVSS5.3AI score0.00665EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/20 12:0 p.m.56 views

Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...

4.3CVSS5.4AI score0.00604EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/18 5:3 p.m.56 views

glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service

glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service ReDoS. This issue is fixed in version 6.0.1. This vulnerability is separate from GHSA-ww39-953v-wcq6...

7.5CVSS7.6AI score0.01589EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/06 7:57 p.m.56 views

AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was pre-existing in the memory that wasn't written. In the special case of "in place" encryptio...

5.3CVSS1.6AI score0.04425EPSS
Exploits0References21Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/02 12:0 a.m.56 views

openssl-src heap memory corruption with RSA private key operation

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...

10CVSS9.5AI score0.44881EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/17 8:52 p.m.56 views

Information Disclosure via Export Module

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 4.0 Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have...

4.3CVSS5AI score0.00585EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2022/06/09 11:51 p.m.56 views

Exposure of Sensitive Information to an Unauthorized Actor in semantic-release

Impact What kind of vulnerability is it? Who is impacted? Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI. Occurrence is further limited to execution contexts where push access to t...

7.5CVSS7.2AI score0.01607EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/03 10:18 p.m.56 views

Denial of service binding form from JSON in Play Framework

Impact A denial-of-service vulnerability has been discovered in Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the Formbind method directly on a JSON value. If the JSON data being bound to the form...

7.5CVSS7.3AI score0.01573EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/27 12:1 a.m.56 views

Angular vulnerable to Cross-site Scripting

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

5.4CVSS5.1AI score0.01053EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:3 p.m.56 views

URL Redirection to Untrusted Site ('Open Redirect') in next-auth

Impact We found that this vulnerability is present when the developer is implementing an OAuth 1 provider by extension, it means Twitter, which is the only built-in provider using OAuth 1, but upgrading is still recommended. next-auth v3 users before version 3.29.3 are impacted. We recommend...

6.1CVSS6.1AI score0.00612EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.56 views

Numpy Deserialization of Untrusted Data

DISPUTED An issue was discovered in NumPy 1.16.2 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...

9.8CVSS7.5AI score0.17078EPSS
Exploits2References17Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/18 12:0 a.m.56 views

Cross-site Scripting in Jenkins Rundeck Plugin

Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. Rundeck Plugin 3.6.11 sanitizes URLs submitted in Rundeck...

5.4CVSS5.2AI score0.71943EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:42 a.m.56 views

XXE in SabreDAV

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

7.5CVSS7.2AI score0.02228EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:5 a.m.56 views

Moodle XSS Vulnerability

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability such as administrators/managers can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped whe...

5.4CVSS6.8AI score0.02266EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.56 views

Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications...

9.1CVSS3.5AI score0.10303EPSS
Exploits5References49Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/01 11:38 p.m.56 views

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS4.2AI score0.02537EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/16 10:47 p.m.56 views

Cross-site Scripting in CKEditor4

Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML bypassing...

5.4CVSS0.7AI score0.01162EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 10:30 p.m.56 views

Skip the router TLS configuration when the host header is an FQDN

Impact People that configure mTLS between Traefik and clients. For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. - When sending a request using FQDN handled by a router configured with a dedicated TLS...

7.5CVSS7.4AI score0.01714EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 10:46 p.m.56 views

Out of bounds read in json-smart

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service DOS via a crafted web request...

7.5CVSS4AI score0.023EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 11:27 p.m.56 views

Integer overflow in TensorFlow

Impact Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. Patches We have patched the issue in GitHub commi...

9.8CVSS2.4AI score0.00888EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2022/01/06 6:34 p.m.56 views

jsx-slack insufficient patch for CVE-2021-43838 ReDoS

We found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient to save from Regular Expression Denial of Service ReDoS attack. This vulnerability affects to jsx-slack v4.5.1 and earlier versions. Impact If attacker can put a lot of JSX elements into tag with including multibyte...

7.5CVSS1.6AI score0.01916EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/09 7:16 p.m.56 views

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource...

8.8CVSS8.6AI score0.10379EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/27 6:51 p.m.56 views

Command injection leading to Remote Code Execution in Apache Storm

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...

9.8CVSS9.6AI score0.84489EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/30 5:13 p.m.56 views

Cross-Site Request Forgery in GilaCMS

A Cross-Site Request Forgery CSRF in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts...

8.8CVSS8.3AI score0.00678EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/23 11:16 p.m.56 views

Improper Input Validation and Command Injection in Ansible

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...

7.1CVSS7.1AI score0.00854EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/21 6:28 p.m.56 views

Confused Deputy in Kubernetes

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

4.1CVSS4.9AI score0.01953EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/13 8:16 p.m.56 views

merge vulnerable to Prototype Pollution

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

9.8CVSS8.9AI score0.01429EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/13 8:6 p.m.56 views

Remote Code Execution in Any23

A Remote Code Execution RCE vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class...

10CVSS5.9AI score0.05685EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/08 6:0 p.m.56 views

Duplicate Advisory: Session Fixation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h9q8-5gv2-v6mg. This link is maintained to preserve external references. Original Description Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below...

7.5CVSS7.1AI score0.00877EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 11:9 p.m.56 views

Incomplete List of Disallowed Inputs in Kubernetes

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

4.9CVSS5.7AI score0.01332EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 11:4 p.m.56 views

User impersonation due to incorrect handling of the login JWT

Impact This allows anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any Bedrock user. Unless credentials are saved in your configuration, online mode is not affected as users are still required to log in separately. If your...

9.8CVSS8.9AI score0.01431EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 5:10 p.m.56 views

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...

9CVSS8.7AI score0.02224EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:23 p.m.56 views

Improper Restriction of XML External Entity Reference in Quokka

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'...

9.8CVSS9.5AI score0.02771EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:18 p.m.56 views

Cross-site scripting vulnerability in file upload

There is a cross-site scripting vulnerability in file upload on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible...

8.7CVSS5.3AI score0.00929EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:46 p.m.56 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the...

8.5CVSS8.8AI score0.04457EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:44 p.m.56 views

Improper Handling of Exceptional Conditions in detect-character-encoding

Impact In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. Patches The problem has been patched in detect-character-encoding v0.7.0. CVSS score CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O/RC:C Base Score: 7.5 High Temporal Score: 7....

7.5CVSS7.2AI score0.02068EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities5000