33227 matches found
Incomplete validation in `SparseReshape`
Impact Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. python import tensorflow as tf inputindices = tf.constant41, shape=1, 1, dtype=tf.int64 inputshape = tf.zeros11, dtype=tf.int64 newshape = tf.zeros1, dtype=tf.int64...
Heap out of bounds read in `RaggedCross`
Impact An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross: python import tensorflow as tf raggedvalues = raggedrowsplits = sparseindices = sparsevalues = sparseshape = denseinputselem = tf.constant, shape=92, 0,...
Path Traversal in github.com/unknwon/cae/zip
The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. Specific Go Packages Affected github.com/unknwon/cae/zip...
Improper Input Validation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. Specific Go Packages Affected github.com/hashicorp/consul/agent...
Improper Input Validation in libseccomp-golang
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...
Cross-site scripting in TileServer GL
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS...
Path Traversal in browserless-chrome
This affects all versions of browserless-chrome before 1.43.0. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...
Cross-site Scripting in lightning-server
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller...
Privilege escalation in spring security
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...
Infinite Loop in Apache Tika
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23...
Prototype Pollution in confucious
All versions of package confucious up to and including version 0.0.12 are vulnerable to Prototype Pollution via the set function...
Prototype Pollution in connie-lang
The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie...
Prototype Pollution in decal
This affects all versions of package decal. The vulnerability is in the extend function...
Improper Neutralization of Input in Theia console
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
Regular expression Denial of Service in multiple packages
Impact A regular expression denial of service ReDoS vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using...
Potential XSS injection in the newsletter conditions field
Impact An employee can inject javascript in the newsletter condition field that will then be executed on the front office Patches The issue has been fixed in 2.6.1...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300...
Verification flaw in Solid identity-token-verifier
Impact Severity Any Pod on a Solid server using a vulnerable version of the identity-token-verifier library is at risk of a spoofed Demonstration of Proof-of-Possession DPoP token binding. This vulnerability could give total and complete access to a targeted Pod. Summary A verification flaw in th...
Docsify XSS Vulnerability
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...
Path traversal in Node-Red
Impact This vulnerability allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via the Projects API. Patches The issue has been patched in Node-RED 1.2.8 Workarounds The vulnerability applies only...
Processing untrusted theming resources might execute arbitrary code (ACE)
Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
Impact An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as...
XXE in petl
Impact Information Disclosure Summary petl is a Python library that provides functions for extraction, transformation, and loading ETL of data. petl before 1.68, in some configurations, allows resolution of entities in XML input. An attacker who is able to submit XML input to an application using...
Prototype Pollution in systeminformation
Impact command injection vulnerability by prototype pollution Patches Problem was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. Please upgrade to version = 4.30.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are...
Exploitable inventory component chaining in PocketMine-MP
Impact Specially crafted InventoryTransactionPackets sent by malicious clients were able to exploit the behaviour of InventoryTransaction-findResultItem and cause it to take an abnormally long time to execute causing an apparent server freeze. The affected code is intended to compact conflicting...
Man-in-the-middle attack in Apache Axis
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or...
Malicious Package in malicious-do-not-install
All versions of malicious-do-not-install contain malicious code. The package copies the contents of /etc/passwd and /etc/shadow to files in the local /tmp/ folder. Recommendation Remove the package from your environment and rotate affected credentials...
Cross-Site Scripting in wangeditor
All versions of wangeditor are vulnerable to Cross-Site Scripting. The package fails to properly encode output, allowing arbitrary JavaScript to be inserted in links and executed by browsers. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...
Denial of Service in markdown-it-toc-and-anchor
All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...
Malicious Package in boogeyman
All versions of boogeyman are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users .npmrc and send them to a private pastebin account. Recommendation This package was published to the npm Registry for a very short period ...
Content Injection in remarkable
Versions 1.4.0 and earlier of remarkable are affected by a cross-site scripting vulnerability. This occurs because vulnerable versions of remarkable did not properly whitelist link protocols, and consequently allowed javascript: to be used. Proof of Concept Markdown Source: link Rendered HTML: li...
Cross Site Scripting in baserCMS
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js Tested...
Observable Timing Discrepancy in OpenMage LTS
Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...
Out-of-bounds read in Pillow
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...
Stored XSS in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI...
Denial of service due to reference expansion in versions earlier than 4.0
Impact The CBOR library supports optional tags that enable CBOR objects to contain references to objects within them. Versions earlier than 4.0 resolved those references automatically. While this by itself doesn't cause much of a security problem, a denial of service can happen if those reference...
Information Exposure in Netty
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
JHipster Kotlin is using an insecure source of randomness to generate all of its random values. JHipster Kotlin relies upon apache commons lang3 RandomStringUtils. From the documentation: Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically...
Information disclosure in JBoss Weld
Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state...
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
VVE-2020-0001 Earlier today, we received a responsible disclosure of a potential issue from @montyly security researcher at @trailofbits for Vyper users who make assumptions about what values certain interface types can return. Impact We determined the issue to be mild and unlikely to be exploite...
Denial of Service in Apache Commons Compress
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress...
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...
Bleach URI Scheme Restriction Bypass
An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...
Improper Input Validation in org.wildfly:wildfly-undertow
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files...
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
Versions of jackson-dataformat-xml prior to 2.7.8 and prior to 2.8.4 allow remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...
Apache Tomcat information exposure vulnerability
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...
Deserialization of Untrusted Data in Bouncy castle
Legion of the Bouncy Castle Java Cryptography APIs starting in version 1.57 and prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an...
Denial of service in django
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...
Plone and Zope2 affected by Race Condition
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...