Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.53 views

Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...

6.5CVSS6.4AI score0.00605EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.53 views

Cross-site Scripting in Jenkins Maven Metadata Plugin

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00606EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/25 8:15 p.m.53 views

PHP Code Injection by malicious block or filename in Smarty

Impact Template authors could inject php code by choosing a malicous block name or include file name. Sites that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v3 or v4. Workarounds Is there a way for users to fix or remediate t...

8.8CVSS8.3AI score0.0454EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:28 a.m.53 views

Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML...

7.5CVSS7.3AI score0.02947EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:14 a.m.53 views

Sandbox bypass in Jenkins Pipeline: Groovy Plugin

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM...

9.9CVSS5.1AI score0.75594EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/22 12:24 a.m.53 views

Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J

The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...

5.9CVSS2.5AI score0.01756EPSS
Exploits0References37Affected Software2
Github Security Blog
Github Security Blog
added 2022/02/27 12:0 a.m.53 views

Unrestricted Upload of File with Dangerous Type in MODX Revolution

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...

7.2CVSS6.2AI score0.09314EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/22 7:32 p.m.53 views

Cross-site Scripting in Prism

Impact Prism's Command line plugin can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Li...

7.5CVSS0.2AI score0.01479EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/11 11:26 p.m.53 views

Duplicate Advisory: Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jvc-q2x7-pchv. This link is maintained to preserve external references. Original Description Summary The golang AWS S3 Crypto SDK was impacted by an issue that can result in loss of confidentiality. An attacker...

5.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 8:46 p.m.53 views

Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files...

6.5CVSS6.1AI score0.02164EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/28 10:36 p.m.53 views

Cross-site Scripting in phpmyadmin

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

6.1CVSS1.6AI score0.07936EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:37 p.m.53 views

Cross-Site Request Forgery in Jenkins

Jenkins 2.329 and earlier, LTS 2.319.1 and earlier does not require POST requests for the HTTP endpoint handling manual build requests when no security realm is set, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to trigger build of job without...

4.3CVSS5.3AI score0.01779EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/12 10:43 p.m.53 views

Sandbox Escape by math function in smarty

Impact Template authors could run arbitrary PHP code by crafting a malicious math string. If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Patches Please upgrade to 4.0.2 or 3.1.42 or...

8.8CVSS1.6AI score0.01927EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 6:30 p.m.53 views

Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme

Summary In the threshold signature scheme, participants start by dividing secrets into shares using a secret sharing scheme. The Verifiable Secret Sharing scheme generates shares from the user’s IDs but does not properly validate them. Using a malicious ID will make other users reveal their secre...

6.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/09 7:16 p.m.53 views

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS...

8.8CVSS8.6AI score0.05041EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/23 5:57 p.m.53 views

Improper Privilege Management in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...

9.8CVSS8.7AI score0.02445EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/19 8:13 p.m.53 views

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...

8.1CVSS8.6AI score0.05218EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/10 7:1 p.m.53 views

Heap OOB in shape inference for `QuantizeV2`

Impact The shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array: python import tensorflow as tf @tf.function def test: data=tf.rawops.QuantizeV2 input=1.0,1.0, minrange=1.0,10.0, maxrange=1.0,10.0, T=tf.qint32, mode='MINCOMBINED', roundmode='HALFTOEVEN'...

7.1CVSS1.5AI score0.00201EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/10/13 6:54 p.m.53 views

Denial of service in DataCommunicator class in Vaadin 8

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...

4.3CVSS5AI score0.00915EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/12 10:23 p.m.53 views

Out-of-bounds Write in OpenCV

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0 corresponds with OpenCV-Python version 4.1.2.30. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code...

8.8CVSS4.9AI score0.10618EPSS
Exploits1References8Affected Software4
Github Security Blog
Github Security Blog
added 2021/10/04 8:14 p.m.53 views

Insufficiently restricted permissions on plugin directories

Impact A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission...

7.8CVSS2.7AI score0.00482EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 8:57 p.m.53 views

Apprise vulnerable to regex injection with IFTTT Plugin

Impact Anyone publicly hosting the Apprise library and granting them access to the IFTTT notification service. Patches Update to Apprise v0.9.5.1 bash Install Apprise v0.9.5.1 from PyPI pip install apprise==0.9.5.1 The patch to the problem was performed here. Workarounds Alternatively, if upgradi...

7.5CVSS7.4AI score0.01831EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 8:45 p.m.53 views

Infinite loop in Tomcat due to parsing error

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...

7.5CVSS3.5AI score0.07182EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/13 8:5 p.m.53 views

Deserialization of Untrusted Data in parlai

Impact Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. Patches The issue can be patched by upgrading to v1.1.0 or later. It can also be patche...

8.8CVSS8.7AI score0.01794EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/10 5:54 p.m.53 views

Excessive CPU usage

Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. Impact This can result in a DoS condition. Patches Pomerium versions 0.14.8 and 0.15.1 contain an upgraded...

7.5CVSS7.4AI score0.01662EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/08 5:42 p.m.53 views

HTTP header injection in Sonatype Nexus Repository

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...

8.2CVSS0.7AI score0.02322EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:50 p.m.53 views

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

firefly-iii is vulnerable to Cross-Site Request Forgery CSRF...

6.5CVSS6.3AI score0.00501EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.53 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

8.5CVSS8.3AI score0.03437EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.53 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04735EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:44 p.m.53 views

Heap out of bounds access in sparse reduction operations

Impact The implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data: python import tensorflow as tf x = tf.SparseTensor indices=773, 773, 773, 773, 773, 773, values=1, 1, denseshape=337, 337, 337 tf.sparse.reducesumx, 1 The...

7.3CVSS7.3AI score0.00167EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/25 2:42 p.m.53 views

Reference binding to nullptr in `MatrixSetDiagV*` ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV: python import tensorflow as tf tf.rawops.MatrixSetDiagV3 input=1,2,3, diagonal=1,1, k=, align='RIGHTLEFT' The implementation has incomplete validation that t...

7.8CVSS7.6AI score0.00167EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/25 2:40 p.m.53 views

Heap OOB in TFLite's `Gather*` implementations

Impact TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in indices. Similar issue exists in Gather implementation. python impor...

5.5CVSS6AI score0.00191EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2021/07/22 7:37 p.m.53 views

Cross-Site Scripting in Backend Grid View

Problem Failing to properly encode settings for backend layouts, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Solution Update to TYPO3 versions 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the...

6.4CVSS2.9AI score0.00603EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/29 9:34 p.m.53 views

Improper Authenication in Pion DTLS

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...

9.8CVSS5.5AI score0.02938EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 9:23 p.m.53 views

Go Ethereum Denial of Service

cmd/evm/runner.go in Go Ethereum aka geth allows attackers to cause a denial of service SEGV via crafted bytecode. Specific Go Packages Affected github.com/ethereum/go-ethereum/cmd/evm...

7.5CVSS7AI score0.0151EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 5:53 p.m.53 views

Denial of service in GJSON

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector...

7.5CVSS7.2AI score0.01662EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 5:14 p.m.53 views

Integer Overflow in go-jose

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...

7.5CVSS4.5AI score0.02149EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:32 p.m.53 views

Origin Validation Error in Apache Maven

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

9.1CVSS0.1AI score0.08691EPSS
Exploits2References51Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/16 5:23 p.m.53 views

Improper Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

9.1CVSS4.6AI score0.00951EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:18 p.m.53 views

Injection in Apache Syncope

Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution RCE was discovered...

9.8CVSS9.7AI score0.04645EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/15 3:49 p.m.53 views

The Fuck Arbitrary File Deletion via Path Traversal

The thefuck aka The Fuck is app that corrects errors in previous console commands. The Fuck python package before 3.31 allows Path Traversal that leads to arbitrary file deletion via the undo archive operation feature...

9.1CVSS8.8AI score0.01847EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/10 3:54 p.m.53 views

Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions of...

7.8CVSS4.3AI score0.00273EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 11:20 p.m.53 views

Cross-site scripting in Plone

Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...

5.4CVSS1.1AI score0.0069EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 6:48 p.m.53 views

Potential infinite loop in Pillow

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

7.5CVSS2.8AI score0.02453EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/07 10:9 p.m.53 views

Prototype pollution in Merge-deep

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

9.8CVSS3AI score0.01901EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/01 9:38 p.m.53 views

Improper rate limiting in Koel

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier...

7.5CVSS2.7AI score0.00794EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/25 6:39 p.m.53 views

github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)

Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size ...

7.5CVSS7.6AI score0.01438EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 6:13 p.m.53 views

Improper Certificate Validation in EM-HTTP-Request

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

7.4CVSS5AI score0.00905EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:58 p.m.53 views

Authenticated users can exploit an enumeration vulnerability in Harbor

Impact Hidde Smit from Cyber Eagle has discovered an User Enumeration flaw in Harbor. The issue is present in the "/users" api endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained via the "search"...

4.3CVSS1AI score0.01266EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 4:11 p.m.53 views

Incorrect handling of credential expiry by /nats-io/nats-server

This advisory is canonically https://advisories.nats.io/CVE/CVE-2020-26892.txt Problem Description NATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled. The NATS accounts system has expiration timestamps on credentials; the library had an...

9.8CVSS9.1AI score0.02054EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000