33255 matches found
vm2 Sandbox Escape vulnerability
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat actor can bypass the sandbox...
.NET Remote Code Execution vulnerability
Microsoft Security Advisory CVE-2023-28260: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...
Withdrawn: SQL injection in Yii 2
Withdrawn Advisory This advisory has been withdrawn because the issue originates from a product built on Yii2, not the Yii2 Framework itself. This link is maintained to preserve external references. Original Description SQL injection vulnerability found in Yii Framework Yii 2 Framework before...
Moodle may allow authenticated users to enumerate other user's names via learning plans page
Authenticated users were able to enumerate other users' names via the learning plans page...
CairoSVG improperly processes SVG files loaded from external resources
SSRF vulnerability Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara, python 3.9 Tested CairoSVG version 2.6.0 Details A specially...
Rack has possible DoS Vulnerability in Multipart MIME parsing
There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 Impact The Multipart MIME parsing code in Rack...
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability
Impact User-provided strings to formula's parser might lead to polynomial execution time. Patches Users should upgrade to 3.0.1+. Workarounds None...
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...
Reflected XSS in Gotify's /docs via import of outdated Swagger UI
Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...
Vercel ms Inefficient Regular Expression Complexity vulnerability
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
vm2 vulnerable to Arbitrary Code Execution
The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...
phpMyFAQ has insecure HTTP cookies
phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9...
Tailscale daemon is vulnerable to information disclosure via CSRF
A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. Affected platforms: All Patched Tailscale client versions: v1.32.3 or later, v1.33.257 or later unstable What happened? In the...
deep-object-diff vulnerable to Prototype Pollution
deep-object-diff before version 1.1.6 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited. This issue was fixed in version 1.1.9...
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
Description Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did n...
Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service ReDoS. This issue is fixed in version 6.0.1. This vulnerability is separate from GHSA-ww39-953v-wcq6...
AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was pre-existing in the memory that wasn't written. In the special case of "in place" encryptio...
openssl-src heap memory corruption with RSA private key operation
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...
Information Disclosure via Export Module
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 4.0 Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have...
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Impact What kind of vulnerability is it? Who is impacted? Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI. Occurrence is further limited to execution contexts where push access to t...
Denial of service binding form from JSON in Play Framework
Impact A denial-of-service vulnerability has been discovered in Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the Formbind method directly on a JSON value. If the JSON data being bound to the form...
Angular vulnerable to Cross-site Scripting
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Impact We found that this vulnerability is present when the developer is implementing an OAuth 1 provider by extension, it means Twitter, which is the only built-in provider using OAuth 1, but upgrading is still recommended. next-auth v3 users before version 3.29.3 are impacted. We recommend...
Numpy Deserialization of Untrusted Data
DISPUTED An issue was discovered in NumPy 1.16.2 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
Cross-site Scripting in Jenkins Rundeck Plugin
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. Rundeck Plugin 3.6.11 sanitizes URLs submitted in Rundeck...
XXE in SabreDAV
SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
Moodle XSS Vulnerability
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability such as administrators/managers can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped whe...
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications...
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)
Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Cross-site Scripting in CKEditor4
Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML bypassing...
Skip the router TLS configuration when the host header is an FQDN
Impact People that configure mTLS between Traefik and clients. For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. - When sending a request using FQDN handled by a router configured with a dedicated TLS...
Out of bounds read in json-smart
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service DOS via a crafted web request...
Integer overflow in TensorFlow
Impact Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. Patches We have patched the issue in GitHub commi...
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
We found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient to save from Regular Expression Denial of Service ReDoS attack. This vulnerability affects to jsx-slack v4.5.1 and earlier versions. Impact If attacker can put a lot of JSX elements into tag with including multibyte...
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource...
Command injection leading to Remote Code Execution in Apache Storm
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
Cross-Site Request Forgery in GilaCMS
A Cross-Site Request Forgery CSRF in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts...
Improper Input Validation and Command Injection in Ansible
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...
Confused Deputy in Kubernetes
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...
merge vulnerable to Prototype Pollution
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
Remote Code Execution in Any23
A Remote Code Execution RCE vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class...
Duplicate Advisory: Session Fixation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h9q8-5gv2-v6mg. This link is maintained to preserve external references. Original Description Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below...
Incomplete List of Disallowed Inputs in Kubernetes
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
User impersonation due to incorrect handling of the login JWT
Impact This allows anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any Bedrock user. Unless credentials are saved in your configuration, online mode is not affected as users are still required to log in separately. If your...
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...
Improper Restriction of XML External Entity Reference in Quokka
XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'...
Cross-site scripting vulnerability in file upload
There is a cross-site scripting vulnerability in file upload on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible...
XStream is vulnerable to an Arbitrary Code Execution attack
Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the...
Improper Handling of Exceptional Conditions in detect-character-encoding
Impact In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. Patches The problem has been patched in detect-character-encoding v0.7.0. CVSS score CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O/RC:C Base Score: 7.5 High Temporal Score: 7....