Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2022/02/09 10:14 p.m.52 views

Remote code execution in Apache ActiveMQ

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack - A remote client could create a...

9.8CVSS3.8AI score0.51225EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:56 a.m.52 views

Cross-site Scripting in Keycloak

A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks...

6.1CVSS4AI score0.00931EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:56 a.m.52 views

Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle MITM attack...

5.9CVSS6.7AI score0.00905EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/08 12:43 a.m.52 views

SQL Injection in Apache Kylin

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...

6.5CVSS6.8AI score0.01948EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 6:34 p.m.52 views

jsx-slack insufficient patch for CVE-2021-43838 ReDoS

We found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient to save from Regular Expression Denial of Service ReDoS attack. This vulnerability affects to jsx-slack v4.5.1 and earlier versions. Impact If attacker can put a lot of JSX elements into tag with including multibyte...

7.5CVSS1.6AI score0.01916EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 6:30 p.m.52 views

Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme

Summary In the threshold signature scheme, participants start by dividing secrets into shares using a secret sharing scheme. The Verifiable Secret Sharing scheme generates shares from the user’s IDs but does not properly validate them. Using a malicious ID will make other users reveal their secre...

6.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/20 6:25 p.m.52 views

Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity

Impact Insecure permissions on temporary directories used in fakeroot or user namespace container execution. When a Singularity action command run, shell, exec is run with the fakeroot or user namespace option, Singularity will extract a container image to a temporary sandbox directory. Due to...

8.1CVSS8.1AI score0.02014EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/20 4:55 p.m.52 views

Excessive Platform Resource Consumption within a Loop in Kubernetes

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS3.6AI score0.0236EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2021/12/17 8:0 p.m.52 views

Deserialization of Untrusted Data in logback

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

8.5CVSS7.6AI score0.04439EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/07 9:22 p.m.52 views

Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC

Impact In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code responsible for the based namespace setup of containers. In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an...

6CVSS6.2AI score0.01663EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/21 4:50 p.m.52 views

OS Command Injection in ssh2

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted...

10CVSS9.6AI score0.03833EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 8:45 p.m.52 views

Server-Side Request Forgery in UReport

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

5.3CVSS5.5AI score0.0085EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/13 8:6 p.m.52 views

Deserialization of Untrusted Data in ParlAI

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...

9.8CVSS3.7AI score0.17353EPSS
Exploits4References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:17 p.m.52 views

Code injection in nbgitpuller

Impact Due to an unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. Patches 0.10.2 Workarounds None, other than upgrade to 0.10.2 or downgrade to 0.8.x. For more information If you have any questions or comments about this...

9.6CVSS8.9AI score0.0173EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:54 p.m.52 views

openssl-src NULL pointer Dereference in signature_algorithms processing

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

5.9CVSS6.7AI score0.62906EPSS
Exploits3References32Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.52 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04735EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/10 4:8 p.m.52 views

Cross-site Scripting in curly-bracket-parser

This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input...

6.1CVSS2.6AI score0.00793EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/05 5:2 p.m.52 views

URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal

Impact Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like https://example.org is not in the portal. But the url https:example.org without slashes tricks our code and it is considered to be in the portal. When...

6.5CVSS0.3AI score0.01028EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/11 5:43 p.m.52 views

Observable Timing Discrepancy in aaugustin websockets library

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...

5.9CVSS6.2AI score0.02265EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 11:19 p.m.52 views

Cross-site scripting in Plone

Plone through 5.2.4 allows XSS via the inlinediff methods in Products.CMFDiffTool...

5.4CVSS3.5AI score0.00687EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:31 p.m.52 views

Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2

Impact When using SSO with the Argo CD CLI, a malicious SSO provider could have sent specially crafted error message that would result in XSS on the client by means of executing arbitrary JavaScript code. We believe the exploitation of this vulnerability is only be possible when Argo CD is...

4.8CVSS0.4AI score0.00535EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.52 views

Null dereference in Grappler's `TrySimplify`

Impact The implementation of TrySimplify has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs. Patches We have patched the issue in GitHub commit e6340f0665d53716ef3197ada88936c2a5f7a2d3. The fix will be included in TensorFlow...

7.8CVSS1.9AI score0.00206EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.52 views

Division by zero in TFLite's implementation of Split

Impact The implementation of the Split TFLite operator is vulnerable to a division by zero error: cc TFLITEENSUREMSGcontext, inputsize % numsplits == 0, "Not an even split"; const int slicesize = inputsize / numsplits; An attacker can craft a model such that numsplits would be 0. Patches We have...

7.8CVSS2.7AI score0.00209EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/18 6:21 p.m.52 views

Allocation of Resources Without Limits or Throttling in Hashicorp Consul

HashiCorp Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of service. Specific Go Packages Affected github.com/hashicorp/consul/agent/config Fix The vulnerability is fixed in versions 1.6.6 and 1.7.4...

7.5CVSS7.1AI score0.02851EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 3:38 p.m.52 views

Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c92w-72c5-9x59. This link is maintained to preserve external references. Original Description A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0...

7.3AI score
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/13 8:23 p.m.52 views

Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic

Impact Passing either 'infinity', 'inf' or float'inf' or their negatives to datetime or date fields causes validation to run forever with 100% CPU usage on one CPU. Patches Pydantic is be patched with fixes available in the following versions: v1.8.2 v1.7.4 v1.6.2 All these versions are available...

7.5CVSS7.2AI score0.00967EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 7:17 p.m.52 views

Prototype Pollution in doc-path

This affects the package doc-path before 2.1.2...

10CVSS9AI score0.02741EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:38 p.m.52 views

Server-Side Request Forgery in phantomjs-seo

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack...

8.2CVSS7.8AI score0.01386EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 3:59 p.m.52 views

Command injection in get-git-data

get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data...

9.8CVSS9.2AI score0.02121EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:5 p.m.52 views

Buffer overflow in canvas

A buffer overflow is present in canvas versions before 1.6.11, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image...

8.8CVSS8.9AI score0.02323EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 3:52 p.m.52 views

SQL Injection in odata4j

odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE, this product is apparently discontinued...

9.8CVSS3AI score0.01365EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/06 5:29 p.m.52 views

Prototype Pollution in nis-utils

All versions of package nis-utils up to and including 0.6.10 are vulnerable to Prototype Pollution via the setValue function...

9.8CVSS9AI score0.01933EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/30 5:27 p.m.52 views

LinkedIn Oncall vulnerable to Cross-Site Scripting

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar...

6.1CVSS5.9AI score0.03203EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:47 p.m.52 views

Timing side channel vulnerability in endpoint request handler in Vaadin 15-19

Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 Vaadin 15.0.0 through 18.0.6, and com.vaadin:fusion-endpoint version 6.0.0 Vaadin 19.0.0 allows attacker to guess a security token for Fusion endpoints via timing attack....

4CVSS3.6AI score0.00211EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:32 p.m.52 views

OS Command Injection in curling

npm package curling before version 1.1.0 is vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization...

10CVSS4.9AI score0.04872EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:56 p.m.52 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300...

7.6CVSS2.6AI score0.08673EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:42 p.m.52 views

SQL Injection in moodle

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10...

6.5CVSS6.3AI score0.01329EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:27 p.m.52 views

Privilege Context Switching Error in Elasticsearch

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

3.5CVSS4.8AI score0.00999EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 11:0 p.m.52 views

Code injection in nobelprizeparser

Code injection through use of eval...

3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/11 5:42 p.m.52 views

/user/sessions endpoint allows detecting valid accounts

This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the respons...

5.3CVSS0.7AI score0.00507EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/08 3:49 p.m.52 views

botframework-connector vulnerable to Improper Authentication

Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see the...

5.5CVSS5.5AI score0.01057EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/11 9:36 p.m.52 views

Token verification bug in next-auth

Impact Implementations using the Prisma database adapter with the Email provider are impacted. Implementations using the Prisma database adapter that are not using the Email provider are not impacted. Implementations using the default database adapter TypeORM with the Email provider are not...

6.1CVSS0.9AI score0.01667EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/11 8:47 p.m.52 views

Command injection in samba-client

The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec...

9.8CVSS3.1AI score0.04831EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/05 8:43 p.m.52 views

Open redirect in Slashify

The package is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, or a...

6.1CVSS0.5AI score0.00526EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/02 6:50 p.m.52 views

Command Injection Vulnerability in Mechanize

This security advisory has been created for public disclosure of a Command Injection vulnerability that was responsibly reported by @kyoshidajp Katsuhiko YOSHIDA. Impact Mechanize = v2.0, v2.7.7 allows for OS commands to be injected using several classes' methods which implicitly use Ruby's...

8.3CVSS8.1AI score0.03507EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/18 6:23 p.m.53 views

Code Injection in mquery

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5.3CVSS5.9AI score0.01028EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/13 5:28 p.m.52 views

Vulnerability in RPKI manifest validation

A vulnerability in RPKI manifest validation exists when objects on the manifest are hidden, or expired objects are replayed. An attacker successfully exploiting this vulnerability could prevent new ROAs from being received or selectively hide ROAs, causing routes to become INVALID. To exploit thi...

1.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/11 3:54 p.m.52 views

malicious SVG attachment causing stored XSS vulnerability

Impact An attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Patches Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 ha...

8.7CVSS1.4AI score0.01725EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.52 views

Out of bounds write in tensorflow-lite

Impact In TensorFlow Lite models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor:...

8.1CVSS1.1AI score0.00556EPSS
Exploits1References12Affected Software3
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.52 views

Integer truncation in Shard API usage

Impact The Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/util/worksharder.hL59-L60 However, there are several places in TensorFlo...

9CVSS1.1AI score0.01235EPSS
Exploits1References10Affected Software3
Total number of security vulnerabilities5000