Lucene search
K
GithubMost viewed

33254 matches found

Github Security Blog
Github Security Blog
•added 2021/05/24 6:13 p.m.•56 views

Improper Certificate Validation in EM-HTTP-Request

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

7.4CVSS5AI score0.00905EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/21 4:22 p.m.•56 views

Nil dereference in NATS JWT causing DoS of nats-server

This advisory is canonically Problem Description The NATS account system has an Operator trusted by the servers, which signs Accounts, and each Account can then create and sign Users within their account. The Operator should be able to safely issue Accounts to other entities which it does not ful...

7.5CVSS7.5AI score0.0209EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/21 2:28 p.m.•56 views

Heap buffer overflow in `BandedTriangularSolve`

Impact An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve: python import tensorflow as tf import numpy as np matrixarray = np.array matrixtensor = tf.converttotensornp.reshapematrixarray,0,1,dtype=tf.float32 rhsarray = np.array1,1 rhstensor =...

7.8CVSS2.5AI score0.00287EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/21 2:24 p.m.•56 views

Heap buffer overflow in `RaggedTensorToTensor`

Impact An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor: python import tensorflow as tf shape = tf.constant10, 10, shape=2, dtype=tf.int64 values = tf.constant0, shape=1, dtype=tf.int64 defaultvalue = tf.constant0, dtype=tf.int64 l = 849, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...

7.1CVSS1AI score0.00208EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/18 8:31 p.m.•56 views

github.com/unknwon/cae Path Traversal vulnerability

The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

7.5CVSS7.2AI score0.01332EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 6:36 p.m.•56 views

Script injection without script or programming rights through Gadget titles

Impact A user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. Patches The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1. Workarounds There's no easy workaround for this issue, it is recommended to upgrade...

8.8CVSS8.9AI score0.02102EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 6:34 p.m.•56 views

Information Disclosure in go.elastic.co/apm

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it...

2.7CVSS0.2AI score0.00521EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 6:21 p.m.•56 views

Information Disclosure in HashiCorp Vault

HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1.4.2, insert Sensitive Information into a Log File. The vulnerability is affecting github.com/hashicorp/vault/command Go package...

7.5CVSS7.5AI score0.01233EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 3:32 p.m.•56 views

Out-of-bounds read in Apache Thrift

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

7.5CVSS2.8AI score0.06793EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/17 9:1 p.m.•56 views

Cross-site scripting in jspdf

Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method...

6.1CVSS6AI score0.00968EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/17 8:58 p.m.•56 views

Insecure template handling in Squirrelly

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8.8CVSS8.9AI score0.59844EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/13 8:23 p.m.•56 views

Prevent user enumeration using Guard or the new Authenticator-based Security

Description ----------- The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an...

5.3CVSS1.3AI score0.01712EPSS
Exploits0References20Affected Software7
Github Security Blog
Github Security Blog
•added 2021/05/13 8:22 p.m.•56 views

Denial of service attack via push rule patterns in matrix-synapse

Impact "Push rules" can specify conditions under which they will match, including eventmatch, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length...

5.3CVSS0.5AI score0.01647EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 7:16 p.m.•56 views

Regular expression deinal of service in express-validators

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

5.3CVSS5.5AI score0.01621EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 3:23 p.m.•56 views

Infinite loop in Apache Tika

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later...

5.5CVSS3.1AI score0.02752EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 5:28 p.m.•56 views

Prototype Pollution in phpjs

All versions of phpjs up to and including 1.3.2 are vulnerable to Prototype Pollution via parsestr. phpjs is no longer maintained and users are advised to use Locutus as a replacement https://github.com/locutusjs/locutus...

9.8CVSS8.9AI score0.01916EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/30 5:32 p.m.•56 views

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS5.4AI score0.02406EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/27 3:54 p.m.•56 views

Pgsync Contains Cleartext Transmission of Sensitive Information

pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used...

7.5CVSS7AI score0.00731EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/20 4:44 p.m.•56 views

Path Traversal in Ansible

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS5.5AI score0.00358EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/19 3:14 p.m.•56 views

Any logged in user could edit any other logged in user.

Impact Everyone who is running a12n-server. A new HAL-Form was added to allow editing users. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patches Patched in v0.18.2...

8.1CVSS3.8AI score0.00781EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:54 p.m.•56 views

Out-of-bounds Write in Chakra

Chakra Scripting Engine Memory Corruption Vulnerability...

7.5CVSS7.3AI score0.01946EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/07 9:1 p.m.•56 views

Logic error in authentication in proxy.py

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

7.5CVSS3.3AI score0.01673EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/07 8:30 p.m.•56 views

Exposure of Sensitive Information to an Unauthorized Actor in Ansible

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from...

3.9CVSS6.1AI score0.00358EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/06 5:25 p.m.•56 views

Command injection vulnerability in @prisma/sdk in getPackedPackage function

Impact As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the...

7.7CVSS1.2AI score0.02073EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/06 5:22 p.m.•56 views

[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values

Impact Potential for arbitrary code execution in gpg-tagged property values only if decrypt: true option is enabled Patches A fix has already been released as v0.4.0 Workarounds By default, EGF parse functions do NOT attempt to decrypt values since GPG is only available in non-browser env. Howeve...

8.8CVSS2.5AI score0.01339EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:59 p.m.•56 views

Chakra Scripting Engine Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS6.7AI score0.0256EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:57 p.m.•56 views

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196...

7.6CVSS7.4AI score0.01883EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:56 p.m.•56 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195...

7.6CVSS6AI score0.01934EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/22 11:29 p.m.•56 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

9.1CVSS1.4AI score0.82136EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/19 9:21 p.m.•56 views

Command injection in node-ps

This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js...

9.8CVSS9.2AI score0.02472EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/19 9:1 p.m.•56 views

Prototype pollution in set-in

Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS9.1AI score0.03878EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/19 8:14 p.m.•56 views

Regular Expression Denial-of-Service in npm schema-inspector

Impact What kind of vulnerability is it? Who is impacted? Email address validation is vulnerable to a denial-of-service attack where some input for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. will freeze the program or web browser page...

7.5CVSS7.4AI score0.0209EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/12 11:4 p.m.•56 views

Vulnerability allowing for reading internal HTTP resources

Impact The vulnerability allows for reading and outputting files served by other services on the internal network in which the export server is hosted. If the export server is exposed to the internet, this potentially allows a malicious user to gain read access to internal web-resources. The impa...

1.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/10 9:51 p.m.•56 views

Execution of untrusted code through config file

Impact It is possible to run arbitrary commands through the yaml.load method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. Workarounds Manually adjust yaml.load to yaml.safeload For mo...

8.6CVSS3.7AI score0.00452EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/02/08 5:44 p.m.•56 views

Prototype Pollution in Dynamoose

Impact In Dynamoose versions 2.0.0-2.6.0 there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being...

9.8CVSS1.3AI score0.01894EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/01/29 9:51 p.m.•56 views

CKEditor 5 Markdown plugin Regular expression Denial of Service

Impact A regular expression denial of service ReDoS vulnerability has been discovered in the CKEditor 5 Markdown plugin code. The vulnerability allowed to abuse a link recognition regular expression, which could cause a significant performance drop resulting in a browser tab freeze. It affects al...

6.5CVSS2.9AI score0.01792EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/24 11:48 p.m.•56 views

Template injection in cron-utils

Impact A Template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution RCE vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron...

8.1CVSS2.9AI score0.04204EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/10 7:19 p.m.•56 views

Users with SCRIPT right can execute arbitrary code in XWiki

Impact Any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. Patches It has been patched in both version XWi...

6.6CVSS1.3AI score0.01341EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/04 3:7 p.m.•56 views

Arbitrary Code Execution in handlebars

Versions of handlebars prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a previous issue...

3.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/29 6:8 p.m.•56 views

Server side template injection in Apache Camel

Server-Side Template Injection and arbitrary file disclosure on Camel templating components...

7.5CVSS2.5AI score0.04491EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/07 6:56 p.m.•56 views

npm CLI exposing sensitive information through logs

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files...

4.4CVSS1.5AI score0.00417EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/18 2:44 p.m.•56 views

Deserialization of untrusted data in Jackson Databind

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory aka org.jsecurity...

8.1CVSS3.2AI score0.04511EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/03 9:58 p.m.•56 views

Potential CSV Injection vector in OctoberCMS

Impact Any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following...

5.1CVSS0.5AI score0.01002EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/29 5:12 p.m.•56 views

Depth counting error in guard() leading to multiple potential security issues in aioxmpp

Impact Possible remote Denial of Service or Data Injection. Patches Patches are available in https://github.com/horazont/aioxmpp/pull/268. They have been backported to the 0.10 release series and 0.10.3 is the first release to contain the fix. Workarounds To make the bug exploitable, an error...

7.4CVSS7.4AI score0.0116EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2019/12/02 6:2 p.m.•56 views

typed-ast Out-of-bounds Read

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

7.5CVSS7.2AI score0.03255EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2019/01/17 1:56 p.m.•56 views

Improper Input Validation in Apache Thrift

Apache Thrift Java client library versions 0.5.0 prior to 0.9.3-1 and 0.10.0 prior to 0.12.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in...

7.5CVSS3.8AI score0.08188EPSS
Exploits0References32Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/17 4:33 p.m.•56 views

Apache Tomcat Race Condition vulnerability

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not...

5.9CVSS6.4AI score0.12058EPSS
Exploits0References46Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/17 4:32 p.m.•56 views

The host name verification missing in Apache Tomcat

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS3.3AI score0.213EPSS
Exploits0References65Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/17 12:5 a.m.•56 views

Improper certificate validation in org.apache.httpcomponents:httpclient

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

4.3CVSS6.1AI score0.05844EPSS
Exploits0References24Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/16 11:13 p.m.•56 views

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks

Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various...

9.8CVSS9.5AI score0.10604EPSS
Exploits1References23Affected Software1
Total number of security vulnerabilities5000