33227 matches found
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Impact Anyone who is using the default presets and/or does not handle the functionality themself. Patches It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not...
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Impact A logic error in the room key sharing functionality of matrix-js-sdk before 12.4.1 allows a malicious Matrix homeserver†participating in an encrypted room to steal room encryption keys from affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-en...
Incomplete List of Disallowed Inputs in Kubernetes
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
Path traversal in elFinder.NetCore
This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...
Cachet vulnerable to new line injection during configuration edition
Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...
Cross-site Scripting in OWASP AntiSamy
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...
Improper Handling of Length Parameter Inconsistency in Apache Ant
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives...
Deserialization of Untrusted Data in msgpack
Withdrawn This advisory was withdrawn by its CNA Snyk. Original advisory All versions of package msgpack are vulnerable to Deserialization of Untrusted Data via the unpack function. This does not affect the similarly named package @msgpack/msgpack...
Cross-Site Scripting in Page Preview
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.0 Problem Failing to properly encode Page TSconfig settings, corresponding page preview module WebView is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability...
Prototype Pollution in think-helper
Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Patches [email protected] patched it, anyone used think-helper should...
Privilege Escalation in fscrypt
The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...
Cross-site Scripting in yii2cmf
yidashi yii2cmf 2.0 has XSS via the /search q parameter...
Missing Handler in @scandipwa/magento-scripts
Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...
Insecure temporary file used in com.squareup:connect
This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...
Uncontrolled Resource Consumption in Apache OpenMeetings server
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0...
Incorrect Permission Assignment for Critical Resource in Plone
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
Uncontrolled Resource Consumption in locutus
The package locutus before 2.0.15 is vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...
Cross-site scripting in Shopizer
A stored cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customername in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when informati...
Cross-site scripting in Shopizer
A reflected cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL...
Privilege Context Switching Error in wildlfy
A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected...
Cross-Site Request Forgery in OpenNMS Horizon
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and...
Open redirect in direct_mail
The directmail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl...
Command Injection in geojson2kml
All versions up to and including version 0.1.1 of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: js var a =require"geojson2kml"; a"./","& touch JHU",function...
Improper Restriction of XML External Entity Reference in MPXJ
"MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components."...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5...
Prototype Pollution in safe-object2
All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function...
Prototype Pollution in irrelon-path and @irrelon/path
The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...
Improper Input Validation in sopel-plugins.channelmgnt
Impact On some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have ...
Improper Access Control in Apache Airflow
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when webserver exposeconfig is set to False in airflow.cfg. This allowed a privilege escalation attack...
ApiKey secret could be revelated on network issue
Impact What kind of vulnerability is it? Who is impacted? Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too Patches Has the problem been patched? What versions should users upgrade to? creharmony/node-etsy-client18 fixes this issu...
Potential sensitive information disclosed in error reports
django-registration is a user-registration application for Django. Impact The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly...
Possible request smuggling in HTTP/2 due missing validation of content-length
Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1 This is a followup of...
Out-of-bounds write in ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300...
OMERO webclient does not validate URL redirects on login or switching group.
Background OMERO.web supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified i...
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the...
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
Impact What kind of vulnerability is it? Who is impacted? Open redirect vulnerability - a maliciously crafted link to the login form and login functionality could redirect the browser to a different website. Patches Has the problem been patched? What versions should users upgrade to? The problem...
vrana/adminer via XSS in the history parameter in SQL command
Impact Users of Adminer versions supporting SQL command most versions, e.g. MySQL using browsers not encoding URL parameters before sending to server likely Edge, not Chrome, not Firefox are affected. Patches Patched by 5c395afc, included in version 4.7.9. Workarounds Use browser which encodes UR...
Code Injection vulnerability in CarrierWave::RMagick
Impact CarrierWave::RMagick has a Code Injection vulnerability. Its manipulate! method inappropriately evals the content of mutation option:read/:write, allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, i...
Arbitrary Code Execution in handlebars
Versions of handlebars prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a previous issue...
Malicious Package in codify
Version 0.3.1 of codify contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.1 of this module is found installed you will want...
Local Privilege Escalation in npm
Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write t...
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7...
Incorrect threshold signature computation in TUF
Impact Metadadata signature verification, as used in tuf.client.updater, counted each of multiple signatures with identical authorized keyids separately towards the threshold. Therefore, an attacker with access to a valid signing key could create multiple valid signatures in order to meet the...
Server-Side Request Forgery in @uppy/companion
The @uppy/companion npm package before versions 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider aka apache/commons-proxy...
Improper Authentication in requests-kerberos
python-requests-Kerberos through 0.5 does not handle mutual authentication...
typed-ast Out-of-bounds Read
typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...
Insufficient Entropy in DotNetNuke
DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy...
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...