Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
•added 2021/09/21 6:41 p.m.•55 views

Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Impact Anyone who is using the default presets and/or does not handle the functionality themself. Patches It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not...

9.9CVSS8.4AI score0.01064EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/14 8:24 p.m.•55 views

matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver

Impact A logic error in the room key sharing functionality of matrix-js-sdk before 12.4.1 allows a malicious Matrix homeserver† participating in an encrypted room to steal room encryption keys from affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-en...

5.9CVSS0.1AI score0.00662EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/07 11:9 p.m.•55 views

Incomplete List of Disallowed Inputs in Kubernetes

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

4.9CVSS5.7AI score0.01332EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/02 10:5 p.m.•55 views

Path traversal in elFinder.NetCore

This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...

9.8CVSS3.5AI score0.0167EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/30 4:11 p.m.•55 views

Cachet vulnerable to new line injection during configuration edition

Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...

8.8CVSS9.1AI score0.29172EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/02 4:58 p.m.•55 views

Cross-site Scripting in OWASP AntiSamy

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

6.1CVSS6.2AI score0.01513EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/02 4:56 p.m.•55 views

Improper Handling of Length Parameter Inconsistency in Apache Ant

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives...

5.5CVSS6AI score0.0262EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2021/07/26 9:24 p.m.•55 views

Deserialization of Untrusted Data in msgpack

Withdrawn This advisory was withdrawn by its CNA Snyk. Original advisory All versions of package msgpack are vulnerable to Deserialization of Untrusted Data via the unpack function. This does not affect the similarly named package @msgpack/msgpack...

5.6AI score
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/07/22 7:34 p.m.•55 views

Cross-Site Scripting in Page Preview

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.0 Problem Failing to properly encode Page TSconfig settings, corresponding page preview module WebView is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability...

6.4CVSS2.6AI score0.00603EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
•added 2021/07/01 5:1 p.m.•55 views

Prototype Pollution in think-helper

Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Patches [email protected] patched it, anyone used think-helper should...

7.5CVSS2.5AI score0.01009EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/23 5:18 p.m.•55 views

Privilege Escalation in fscrypt

The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...

6.5CVSS6.3AI score0.00624EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/22 3:25 p.m.•55 views

Cross-site Scripting in yii2cmf

yidashi yii2cmf 2.0 has XSS via the /search q parameter...

6.1CVSS4AI score0.00905EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/21 5:10 p.m.•55 views

Missing Handler in @scandipwa/magento-scripts

Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...

6.2CVSS1.3AI score0.00702EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/16 5:53 p.m.•55 views

Insecure temporary file used in com.squareup:connect

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

4.4CVSS2.2AI score0.00341EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/16 5:43 p.m.•55 views

Uncontrolled Resource Consumption in Apache OpenMeetings server

If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0...

7.5CVSS2.2AI score0.0284EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/15 4:11 p.m.•55 views

Incorrect Permission Assignment for Critical Resource in Plone

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

9.9CVSS4.3AI score0.0204EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/10 5:25 p.m.•55 views

Uncontrolled Resource Consumption in locutus

The package locutus before 2.0.15 is vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...

7.5CVSS7.3AI score0.01936EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/08 11:10 p.m.•55 views

Cross-site scripting in Shopizer

A stored cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customername in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when informati...

4.8CVSS5.1AI score0.0285EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/08 11:8 p.m.•55 views

Cross-site scripting in Shopizer

A reflected cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL...

4.8CVSS4.1AI score0.02916EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/08 6:52 p.m.•55 views

Privilege Context Switching Error in wildlfy

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected...

5.5CVSS7.2AI score0.00575EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/25 6:46 p.m.•55 views

Cross-Site Request Forgery in OpenNMS Horizon

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and...

4.3CVSS3.6AI score0.00633EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
•added 2021/05/24 4:58 p.m.•55 views

Open redirect in direct_mail

The directmail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl...

6.1CVSS2.6AI score0.00781EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 3:59 p.m.•55 views

Command Injection in geojson2kml

All versions up to and including version 0.1.1 of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: js var a =require"geojson2kml"; a"./","& touch JHU",function...

9.8CVSS9.3AI score0.63305EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/07 3:54 p.m.•55 views

Improper Restriction of XML External Entity Reference in MPXJ

"MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components."...

9.8CVSS8.9AI score0.02591EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/07 3:54 p.m.•55 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5...

7.5CVSS3.9AI score0.03759EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 6:26 p.m.•55 views

Prototype Pollution in safe-object2

All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function...

9.8CVSS8.9AI score0.01916EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 5:29 p.m.•55 views

Prototype Pollution in irrelon-path and @irrelon/path

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...

9.8CVSS8.9AI score0.02821EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
•added 2021/04/09 3:42 p.m.•55 views

Improper Input Validation in sopel-plugins.channelmgnt

Impact On some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have ...

8.1CVSS2.3AI score0.01072EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/07 9:5 p.m.•55 views

Improper Access Control in Apache Airflow

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when webserver exposeconfig is set to False in airflow.cfg. This allowed a privilege escalation attack...

6.5CVSS6.3AI score0.02805EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/06 5:29 p.m.•55 views

ApiKey secret could be revelated on network issue

Impact What kind of vulnerability is it? Who is impacted? Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too Patches Has the problem been patched? What versions should users upgrade to? creharmony/node-etsy-client18 fixes this issu...

8.1CVSS1AI score0.01065EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/06 5:28 p.m.•55 views

Potential sensitive information disclosed in error reports

django-registration is a user-registration application for Django. Impact The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly...

3.7CVSS0.9AI score0.0041EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/30 3:10 p.m.•55 views

Possible request smuggling in HTTP/2 due missing validation of content-length

Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1 This is a followup of...

5.9CVSS0.4AI score0.04935EPSS
Exploits0References61Affected Software3
Github Security Blog
Github Security Blog
•added 2021/03/29 8:58 p.m.•55 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195...

7.6CVSS6AI score0.01934EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:56 p.m.•55 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300...

7.6CVSS2.6AI score0.08673EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/23 3:26 p.m.•55 views

OMERO webclient does not validate URL redirects on login or switching group.

Background OMERO.web supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified i...

5.4CVSS1.3AI score0.00826EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/22 11:29 p.m.•55 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the...

8.6CVSS0.4AI score0.46826EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/08 9:6 p.m.•55 views

URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService

Impact What kind of vulnerability is it? Who is impacted? Open redirect vulnerability - a maliciously crafted link to the login form and login functionality could redirect the browser to a different website. Patches Has the problem been patched? What versions should users upgrade to? The problem...

6.1CVSS2AI score0.08443EPSS
Exploits4References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/02/11 8:42 p.m.•55 views

vrana/adminer via XSS in the history parameter in SQL command

Impact Users of Adminer versions supporting SQL command most versions, e.g. MySQL using browsers not encoding URL parameters before sending to server likely Edge, not Chrome, not Firefox are affected. Patches Patched by 5c395afc, included in version 4.7.9. Workarounds Use browser which encodes UR...

6.1CVSS6.8AI score0.02003EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/02/08 7:16 p.m.•55 views

Code Injection vulnerability in CarrierWave::RMagick

Impact CarrierWave::RMagick has a Code Injection vulnerability. Its manipulate! method inappropriately evals the content of mutation option:read/:write, allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, i...

8.8CVSS1.7AI score0.12678EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/04 3:7 p.m.•55 views

Arbitrary Code Execution in handlebars

Versions of handlebars prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a previous issue...

3.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 7:49 p.m.•55 views

Malicious Package in codify

Version 0.3.1 of codify contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.1 of this module is found installed you will want...

2.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 4:3 p.m.•55 views

Local Privilege Escalation in npm

Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write t...

3.3CVSS3.7AI score0.00372EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/28 9:20 p.m.•55 views

Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7...

7.3CVSS4.1AI score0.01285EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/21 4:25 p.m.•55 views

Incorrect threshold signature computation in TUF

Impact Metadadata signature verification, as used in tuf.client.updater, counted each of multiple signatures with identical authorized keyids separately towards the threshold. Therefore, an attacker with access to a valid signing key could create multiple valid signatures in order to meet the...

9.8CVSS3.2AI score0.00979EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/13 6:54 p.m.•55 views

Server-Side Request Forgery in @uppy/companion

The @uppy/companion npm package before versions 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...

7.5CVSS5.1AI score0.0119EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/10 9:12 p.m.•55 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider aka apache/commons-proxy...

8.8CVSS3.5AI score0.03583EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/10 6:2 p.m.•55 views

Improper Authentication in requests-kerberos

python-requests-Kerberos through 0.5 does not handle mutual authentication...

9.8CVSS9.1AI score0.03615EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2019/12/02 6:2 p.m.•55 views

typed-ast Out-of-bounds Read

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

7.5CVSS7.2AI score0.03255EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2019/07/05 9:8 p.m.•55 views

Insufficient Entropy in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy...

7.5CVSS2.9AI score0.46547EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/17 3:44 p.m.•55 views

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

9.8CVSS4.2AI score0.0809EPSS
Exploits2References11Affected Software1
Total number of security vulnerabilities5000