Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2023/04/02 3:30 a.m.51 views

RuoYi vulnerable to arbitrary file download

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server...

7.5CVSS7.4AI score0.00337EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/05 9:30 p.m.51 views

Cross-site Scripting in DaSchTour matomo-mediawiki-extension

A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely...

6.1CVSS6AI score0.00614EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/28 12:30 a.m.51 views

AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

4.3CVSS2.6AI score0.00481EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/06 9:30 p.m.51 views

Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in...

7.5CVSS8AI score0.00577EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/01 6:30 a.m.51 views

ff4j is vulnerable to Remote Code Execution (RCE)

ff4j 1.8.1 is vulnerable to Remote Code Execution RCE. This issue has been patched in version 1.9...

9.8CVSS9.3AI score0.0148EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/21 10:18 p.m.51 views

Invalid char to bool conversion when printing a tensor

Impact When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. Patches We have patched the issu...

7.5CVSS7.5AI score0.00389EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.51 views

Unsafe deserialization in Apache MINA SSHD

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

9.8CVSS9AI score0.03571EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2022/11/11 12:3 a.m.51 views

Container build can leak any path on the host into the container

Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime formerly Docker EE, and Docker Desktop. Moby allows for building container images using a set of build...

5.5CVSS0.8AI score0.01336EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/26 7:0 p.m.51 views

Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL

Flume’s JMSSource class can be configured with a providerUrl parameter. A JNDI lookup is performed on this name without performing validation. This could result in untrusted data being deserialized, leading to remote code execution RCE attack when a configuration uses a JMS Source with an unsafe...

9.8CVSS9AI score0.02719EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/18 4:8 p.m.51 views

parse-server crashes when receiving file download request with invalid byte range

Impact Parse Server crashes when a file download request is received with an invalid byte range. Patches Improved parsing of the range parameter to properly handle invalid range requests. Workarounds None References - GHSA-h423-w6qv-2wj3...

7.5CVSS7.3AI score0.00689EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/12 12:0 p.m.51 views

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)

A regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or ta...

7.5CVSS7.2AI score0.0204EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/07 6:16 p.m.51 views

Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API...

8.1CVSS7.7AI score0.01197EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/27 12:0 a.m.51 views

XNIO `notifyReadClosed` method logging message to unexpected end

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS2.1AI score0.01183EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/14 12:0 a.m.51 views

Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on...

7.5CVSS7.3AI score0.01876EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/25 6:9 p.m.51 views

Cross-domain cookie leakage in Guzzle

Impact Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains...

8.1CVSS7.8AI score0.01239EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 8:55 p.m.51 views

Server-Side Request Forgery in charm

We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in...

9.8CVSS8.8AI score0.00745EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:33 p.m.51 views

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin

Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 includes a feature to replace placeholders in pod template and container template fields with environment variable values. This feature allows low-privilege users to access possibly sensitive Jenkins controller environment...

4.3CVSS5.6AI score0.01213EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/20 12:0 a.m.51 views

Authorization bypass in Spring Security

In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

9.8CVSS3.5AI score0.10037EPSS
Exploits6References8Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/17 5:47 a.m.51 views

Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or ...

4.3CVSS4AI score0.01582EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 3:8 a.m.51 views

CodeIgniter Session Fixation Vulnerability

A Session Fixation issue exists in CodeIgniter before 3.1.10 because session.usestrictmode in the Session Library was mishandled...

9.8CVSS9.5AI score0.01254EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:37 a.m.51 views

JBoss RESTEasy vulnerable to Improper Input Validation

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

8.1CVSS7.4AI score0.06179EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:1 a.m.51 views

Improper Authentication in Apache Axis2

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

6.4CVSS6.2AI score0.05089EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 6:32 p.m.51 views

Exposure of Sensitive Information in Apache Tomcat

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...

5CVSS2.6AI score0.62575EPSS
Exploits1References64Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/31 12:0 a.m.51 views

Old sessions not blocked by login enable function in Snipe-IT

Snipe-IT is a FOSS project for asset management in IT Operations. In Snipe-IT versions 5.4.1 and 6.0.0-RC-5 and prior, active sessions are not revoked when a user account is disabled, allowing that user to still access information that they should no longer be able to. Workarounds include using t...

7.4CVSS2.9AI score0.00977EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/28 4:46 p.m.51 views

Unrestricted Upload of File with Dangerous Type in Gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users should upgra...

9.9CVSS8.7AI score0.65237EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/16 11:54 p.m.51 views

Embedded Malicious Code in node-ipc

The package node-ipc versions 10.1.1 and 10.1.2 are vulnerable to embedded malicious code that was introduced by the maintainer. The malicious code was intended to overwrite arbitrary files dependent upon the geo-location of the user IP address. The maintainer removed the malicious code in versio...

10CVSS3.3AI score0.04194EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.51 views

containers/image library Insufficiently Protects Credentials

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

6.4CVSS6.2AI score0.01604EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 8:34 p.m.51 views

Cross-site scripting in @atlaskit/editor-core

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in link targets...

5.4CVSS4.4AI score0.01126EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 11:26 p.m.51 views

Memory leak in decoding PNG images

Impact When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling png::CommonFreeDecode&decode. However, several error case in the function...

6.5CVSS1.6AI score0.00992EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/09 11:8 p.m.51 views

XML Injection in Crafter CMS Crafter Studio 3.0.1

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity XXE. An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band...

8.6CVSS8.3AI score0.01655EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/27 2:51 p.m.51 views

Mustache remote code injection vulnerability

In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...

8.8CVSS3.3AI score0.00691EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/08 12:43 a.m.51 views

Server-Side Request Forgery in Apache Kylin

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

7.5CVSS0.6AI score0.02557EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 10:30 p.m.51 views

Arbitrary PHP code execution in Drupal

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6, and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing...

9.8CVSS9AI score0.33228EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2022/01/06 9:32 p.m.51 views

Apache Solr Improper Input Validation and Path Traversal

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

9.8CVSS3.8AI score0.05087EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/09 7:15 p.m.51 views

Serialization gadgets exploit in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource...

8.1CVSS8.6AI score0.07694EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/22 4:24 p.m.51 views

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content...

6.1CVSS6AI score0.01066EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2021/09/23 11:14 p.m.51 views

Regular Expression Denial of Service in Leo Editor

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...

7.5CVSS7.2AI score0.01193EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 11:10 p.m.51 views

Unsafe defaults in `remark-html`

Impact The documentation of remark-html has mentioned that it was safe by default. In practise the default was never safe and had to be opted into. This means arbitrary HTML can be passed through leading to potential XSS attacks. Patches The problem has been patched in 13.0.2 and 14.0.1:...

10CVSS5.9AI score0.01075EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 10:0 p.m.51 views

Path traversal in Grafana Loki

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...

5.3CVSS5.4AI score0.01489EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/01 6:37 p.m.51 views

Prototype Pollution in object-path

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

8.6CVSS8.8AI score0.01902EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/31 4:5 p.m.51 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.6CVSS7.1AI score0.0185EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:50 p.m.51 views

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

firefly-iii is vulnerable to Cross-Site Request Forgery CSRF...

6.5CVSS6.3AI score0.00475EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:49 p.m.51 views

SafeCurl before 0.9.2 has a DNS rebinding vulnerability.

SafeCurl before 0.9.2 has a DNS rebinding vulnerability...

9.8CVSS8.9AI score0.01804EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.51 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04735EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 4:56 p.m.51 views

Improper Handling of Length Parameter Inconsistency in Apache Ant

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected...

5.5CVSS5.9AI score0.02511EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/21 5:11 p.m.51 views

Denial of service in Valine

Valine is a fast, simple & powerful comment system. Valine 1.4.14 allows remote attackers to cause a denial of service application outage by supplying a ua aka User-Agent value that only specifies the product and version...

5.3CVSS5.4AI score0.01721EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:29 p.m.51 views

Missing Authorization in Jenkins S3 publisher Plugin

Jenkins S3 publisher Plugin prior to 0.11.7 and 0.11.5.1 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to obtain the list of configured profiles. S3 publisher Plugin 0.11.7 and 0.11.5.1 performs permission checks when providing a list ...

4.3CVSS4.7AI score0.00733EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 8:10 p.m.51 views

Cross-site Scripting (XSS) in baserCMS

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

5.4CVSS5.3AI score0.00731EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 6:49 p.m.51 views

Uncontrolled Resource Consumption in Pillow

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

7.5CVSS1.9AI score0.02293EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 6:49 p.m.51 views

Pillow denial of service

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load...

5.5CVSS6.9AI score0.0096EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities5000