Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2024/01/31 11:11 p.m.52 views

Privilege Escalation in HashiCorp Consul

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...

6.5CVSS6.5AI score0.01379EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/03 12:30 a.m.52 views

Gila CMS SQL Injection vulnerability

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

3.8CVSS8.6AI score0.00662EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/09 3:30 a.m.52 views

Authorization bypass in Quarkus

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...

9.1CVSS6.7AI score0.00814EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 9:30 p.m.52 views

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx controller. In the...

8.8CVSS8AI score0.56568EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/10 9:31 p.m.52 views

Apache Tomcat Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomc...

5.3CVSS7.4AI score0.05848EPSS
Exploits2References12Affected Software3
Github Security Blog
Github Security Blog
added 2023/10/05 8:56 p.m.52 views

NI MeasurementLink Python Services Improper Access Restriction vulnerability

Impact An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python usin...

8.8CVSS7AI score0.00281EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/06 6:42 p.m.52 views

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

Impact A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandbox and contextIsolation disabled. i.e. sandbox: false and contextIsolation: false in the webPreferences...

9.8CVSS6.7AI score0.00656EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 9:15 p.m.52 views

Apache RocketMQ may have remote code execution vulnerability when using update configuration function

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS7.3AI score0.96604EPSS
Exploits11References11Affected Software3
Github Security Blog
Github Security Blog
added 2023/06/22 7:59 p.m.52 views

XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alertdocument.domain Th...

9.6CVSS6.6AI score0.02081EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/21 9:58 p.m.52 views

php-imap vulnerable to RCE through a directory traversal vulnerability

Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-im...

9.8CVSS8AI score0.03191EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/05/24 4:43 p.m.52 views

Malware in pre-build binaries of bignum

Impact bignum releases from v0.12.2 to v0.13.0 inclusive used node-pre-gyp to optionally download pre-built binary versions of the addon. These binaries were published on a now-expired S3 bucket which has since been claimed by a malicious third party which is now serving binaries containing malwa...

6.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/15 9:30 p.m.52 views

Mailman Core vulnerable to timing attacks

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

6.3CVSS6.4AI score0.00299EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/24 10:6 p.m.52 views

Interactive `run` permission prompt spoofing via improper ANSI neutralization

Summary Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. Details The main entry point comes down to the ability to override what the API control says 40process.js...

8.8CVSS8.7AI score0.01142EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/02/16 8:47 p.m.52 views

Users with any cluster secret update access may update out-of-bounds cluster secrets

Impact All Argo CD versions starting with v2.3.0-rc1 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges potentially controlling...

9.1CVSS8.8AI score0.00671EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/08 10:28 p.m.52 views

openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS7.8AI score0.04494EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/08 10:27 p.m.52 views

openssl-src contains Read Buffer Overflow in X.509 Name Constraint

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

4.9CVSS6.8AI score0.01481EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/08 9:30 p.m.52 views

Deserialization of Untrusted Data in thinkphp

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS9.3AI score0.01232EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/06 6:30 p.m.52 views

Exposure of Sensitive Information in EVE-SRP

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may ...

4.3CVSS4.9AI score0.00666EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/31 6:30 p.m.52 views

Dromara hutool vulnerable to SQL Injection

SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine...

9.8CVSS9.7AI score0.01381EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/13 9:34 p.m.52 views

a12nserver vulnerable to potential SQL Injections via Knex dependency

Impact Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients. Patches The knex...

7.5CVSS1.8AI score0.00847EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/25 5:33 p.m.52 views

.NET Core Elevation of Privilege Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 5.0,...

7.5CVSS1.2AI score0.03858EPSS
Exploits0References5Affected Software23
Github Security Blog
Github Security Blog
added 2022/10/06 11:14 p.m.52 views

etcd has no minimum password length

Vulnerability type Access Control Workarounds The etcdctl and etcd API do not enforce a specific password length during user creation or user password update operations. It is the responsibility of the administrator to enforce these requirements. Detail etcd does not perform any password length...

7.5CVSS7.6AI score0.01342EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 10:28 p.m.52 views

TensorFlow vulnerable to `CHECK` fail in `MaxPool`

Impact When MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf import numpy as np input = np.ones1, 1, 1, 1 ksize = 1, 1, 2, ...

7.5CVSS7.3AI score0.00396EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2022/08/02 6:0 p.m.52 views

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails

Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...

9.1CVSS8.7AI score0.01137EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/02 12:0 a.m.52 views

Regular expression denial of service in scss-tokenizer

All versions of the package scss-tokenizer prior to 0.4.3 are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex...

7.5CVSS5.2AI score0.01949EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/17 9:44 p.m.52 views

Security Update for the OPC UA .NET Standard Stack

A vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully crafted message sent during secure channel creation...

7.5CVSS7.1AI score0.01466EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/17 12:1 a.m.52 views

XML External Entity Reference in drools

drools =7.59.x is affected by an XML External Entity XXE vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability...

9.8CVSS2.4AI score0.01193EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/09 11:47 p.m.52 views

Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect

Summary Mechanize rubygem Cookies do not provide isolation by port. If a cookie is readable by a service running on one port, the cookie is also readable by a service running on another port of the same server. If a cookie is writable by a service on one port, the cookie is also writable by a...

7.5CVSS7.2AI score0.01392EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/03 12:1 a.m.52 views

Regular expression denial of service in devcert

An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...

7.5CVSS4.3AI score0.006EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 8:55 p.m.52 views

Server-Side Request Forgery in charm

We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in...

9.8CVSS8.8AI score0.00745EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:43 p.m.53 views

qcubed PHP object injection

A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...

9.8CVSS7.9AI score0.0545EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:6 p.m.52 views

Remote code execution in Microsoft.WindowsDesktop.App.Ref

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'...

9.3CVSS4.1AI score0.17263EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/24 4:59 p.m.52 views

Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials

Jenkins Dynatrace Application Monitoring Plugin prior to 2.1.4 stores credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. NOTE: This plugin is marked as DEPRECATED...

7.8CVSS3.8AI score0.00333EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:16 a.m.52 views

ZendXml and Zend Framework contain XXE and XEE Vulnerabilities

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS6.9AI score0.09911EPSS
Exploits7References20Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/14 3:16 a.m.52 views

Apache NiFi JMS Deserialization issue

Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release...

7.5CVSS4.1AI score0.03176EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:57 a.m.52 views

Arbitrary code execution in Apache Struts 2

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "$" and "%" sequences, which causes the OGNL code to be evaluated twice...

9.3CVSS8AI score0.13828EPSS
Exploits0References17Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/14 1:27 a.m.52 views

Injection in Jolokia agent

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

8.1CVSS6.1AI score0.73566EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:10 a.m.52 views

Integer Overflow or Wraparound in Apache Tomcat

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunke...

5CVSS7.9AI score0.2006EPSS
Exploits1References60Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/13 1:53 a.m.52 views

Missing Authentication for Critical Function in Apache Cassandra

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...

9.8CVSS3.2AI score0.02289EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:38 a.m.52 views

RubyGems may allow a maliciously crafted gem to overwrite files

RubyGems versions 2.6.12 and earlier fail to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

7.5CVSS4.9AI score0.29442EPSS
Exploits2References17Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:34 a.m.52 views

JSON-Patch Out-of-bounds Write vulnerability

An out of bound write can occur when patching an Openshift object using the oc patch functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

7.7CVSS2.9AI score0.01952EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:14 a.m.52 views

Code injection in Apache Struts

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within...

9.8CVSS2AI score0.99998EPSS
Exploits18References17Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.52 views

Cross-Site Request Forgery in Spring Framework

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

6.8CVSS6.5AI score0.91354EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/23 12:3 a.m.52 views

Disputed: OS Command injection in github.com/kardianos/service

servicewindows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. The validity of this vulnerability has been questioned and the reporter has requested that the CVE be disputed...

7.8CVSS7.4AI score0.00306EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/18 11:11 p.m.52 views

Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

Impact The gradio library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these...

8.8CVSS1.6AI score0.01248EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.52 views

Improper Authentication in FreeTAKServer

FreeTAKServer is an open source, lightweight Server for connect TAK clients. An access control issue in the component /ManageRoute/postRoute of FreeTAKServer version 1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create...

7.5CVSS4.6AI score0.01019EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/08 9:25 p.m.52 views

Possible code injection vulnerability in Rails / Active Storage

The Active Storage module of Rails starting with version 5.2.0 is possibly vulnerable to code injection. This issue was patched in versions 5.2.6.3, 6.0.4.7, 6.1.4.7, and 7.0.2.3. To work around this issue, applications should implement a strict allow-list on accepted transformation methods or...

9.8CVSS3.1AI score0.02742EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 10:42 p.m.52 views

Cross-Site Request Forgery in xwiki-platform

Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which usernames is actually tight to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it's quite easy to perform a lot of those...

7.5CVSS0.1AI score0.00964EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 8:20 p.m.52 views

OS Command Injection and Command Injection in kill-port-process

The kill-port-process package prior to version 2.2.0 is vulnerable to a Command Injection...

10CVSS8.4AI score0.03905EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 10:54 p.m.52 views

Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

4CVSS4.6AI score0.00957EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000