Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
•added 2021/05/21 2:28 p.m.•51 views

Incomplete validation in `SparseReshape`

Impact Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. python import tensorflow as tf inputindices = tf.constant41, shape=1, 1, dtype=tf.int64 inputshape = tf.zeros11, dtype=tf.int64 newshape = tf.zeros1, dtype=tf.int64...

5.5CVSS3.5AI score0.00202EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/21 2:22 p.m.•51 views

Heap out of bounds read in `RaggedCross`

Impact An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross: python import tensorflow as tf raggedvalues = raggedrowsplits = sparseindices = sparsevalues = sparseshape = denseinputselem = tf.constant, shape=92, 0,...

7.1CVSS0.9AI score0.00198EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/18 8:31 p.m.•51 views

Path Traversal in github.com/unknwon/cae/zip

The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. Specific Go Packages Affected github.com/unknwon/cae/zip...

7.5CVSS7.2AI score0.01419EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 6:21 p.m.•51 views

Improper Input Validation in HashiCorp Consul

HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. Specific Go Packages Affected github.com/hashicorp/consul/agent...

7.5CVSS7.1AI score0.01725EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 3:44 p.m.•51 views

Improper Input Validation in libseccomp-golang

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

7.5CVSS7.5AI score0.0245EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/17 9:1 p.m.•51 views

Cross-site scripting in TileServer GL

An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS...

6.1CVSS0.6AI score0.12224EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 6:46 p.m.•51 views

Path Traversal in browserless-chrome

This affects all versions of browserless-chrome before 1.43.0. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...

7.5CVSS7.3AI score0.02151EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 6:39 p.m.•51 views

Cross-site Scripting in lightning-server

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller...

6.3CVSS6.3AI score0.0085EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 3:22 p.m.•51 views

Privilege escalation in spring security

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...

9CVSS3AI score0.03197EPSS
Exploits0References19Affected Software2
Github Security Blog
Github Security Blog
•added 2021/05/07 3:54 p.m.•51 views

Infinite Loop in Apache Tika

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23...

5.5CVSS5.9AI score0.02834EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 6:12 p.m.•51 views

Prototype Pollution in confucious

All versions of package confucious up to and including version 0.0.12 are vulnerable to Prototype Pollution via the set function...

9.8CVSS9AI score0.01916EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 5:29 p.m.•51 views

Prototype Pollution in connie-lang

The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie...

9.8CVSS8.9AI score0.028EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:20 p.m.•51 views

Prototype Pollution in decal

This affects all versions of package decal. The vulnerability is in the extend function...

8.6CVSS8.3AI score0.0176EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:18 p.m.•51 views

Improper Neutralization of Input in Theia console

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

6.1CVSS2.4AI score0.00708EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/06 5:28 p.m.•51 views

Regular expression Denial of Service in multiple packages

Impact A regular expression denial of service ReDoS vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using...

6.5CVSS3.5AI score0.01667EPSS
Exploits0References12Affected Software8
Github Security Blog
Github Security Blog
•added 2021/04/06 5:24 p.m.•51 views

Potential XSS injection in the newsletter conditions field

Impact An employee can inject javascript in the newsletter condition field that will then be executed on the front office Patches The issue has been fixed in 2.6.1...

5.4CVSS2.3AI score0.00786EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 9:0 p.m.•51 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...

7.6CVSS2.6AI score0.09215EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:56 p.m.•51 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300...

7.6CVSS2.6AI score0.08673EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/12 10:39 p.m.•51 views

Verification flaw in Solid identity-token-verifier

Impact Severity Any Pod on a Solid server using a vulnerable version of the identity-token-verifier library is at risk of a spoofed Demonstration of Proof-of-Possession DPoP token binding. This vulnerability could give total and complete access to a targeted Pod. Summary A verification flaw in th...

1AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/01 7:44 p.m.•51 views

Docsify XSS Vulnerability

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

8.6CVSS6.4AI score0.01657EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/02/26 4:31 p.m.•51 views

Path traversal in Node-Red

Impact This vulnerability allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via the Projects API. Patches The issue has been patched in Node-RED 1.2.8 Workarounds The vulnerability applies only...

6.5CVSS3.8AI score0.01177EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/01/29 8:51 p.m.•51 views

Processing untrusted theming resources might execute arbitrary code (ACE)

Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...

7.8CVSS0.2AI score0.00988EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/01/19 9:16 p.m.•51 views

Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID

Impact An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as...

7.5CVSS7.2AI score0.01177EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/02 6:28 p.m.•51 views

XXE in petl

Impact Information Disclosure Summary petl is a Python library that provides functions for extraction, transformation, and loading ETL of data. petl before 1.68, in some configurations, allows resolution of entities in XML input. An attacker who is able to submit XML input to an application using...

9.8CVSS0.5AI score0.02275EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/27 4:7 p.m.•51 views

Prototype Pollution in systeminformation

Impact command injection vulnerability by prototype pollution Patches Problem was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. Please upgrade to version = 4.30.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are...

9.8CVSS3.2AI score0.01925EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/11 9:38 p.m.•51 views

Exploitable inventory component chaining in PocketMine-MP

Impact Specially crafted InventoryTransactionPackets sent by malicious clients were able to exploit the behaviour of InventoryTransaction-findResultItem and cause it to take an abnormally long time to execute causing an apparent server freeze. The affected code is intended to compact conflicting...

2.2AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/10/07 5:51 p.m.•51 views

Man-in-the-middle attack in Apache Axis

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or...

5.8CVSS4AI score0.05722EPSS
Exploits1References16Affected Software2
Github Security Blog
Github Security Blog
•added 2020/09/03 5:20 p.m.•51 views

Malicious Package in malicious-do-not-install

All versions of malicious-do-not-install contain malicious code. The package copies the contents of /etc/passwd and /etc/shadow to files in the local /tmp/ folder. Recommendation Remove the package from your environment and rotate affected credentials...

4.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/02 9:20 p.m.•51 views

Cross-Site Scripting in wangeditor

All versions of wangeditor are vulnerable to Cross-Site Scripting. The package fails to properly encode output, allowing arbitrary JavaScript to be inserted in links and executed by browsers. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...

4.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 9:26 p.m.•51 views

Denial of Service in markdown-it-toc-and-anchor

All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

4.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 9:7 p.m.•51 views

Malicious Package in boogeyman

All versions of boogeyman are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users .npmrc and send them to a private pastebin account. Recommendation This package was published to the npm Registry for a very short period ...

2.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/31 10:56 p.m.•51 views

Content Injection in remarkable

Versions 1.4.0 and earlier of remarkable are affected by a cross-site scripting vulnerability. This occurs because vulnerable versions of remarkable did not properly whitelist link protocols, and consequently allowed javascript: to be used. Proof of Concept Markdown Source: link Rendered HTML: li...

6.1CVSS5.7AI score0.00973EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/28 8:48 p.m.•51 views

Cross Site Scripting in baserCMS

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js Tested...

7.3CVSS2.2AI score0.01011EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/19 6:2 p.m.•51 views

Observable Timing Discrepancy in OpenMage LTS

Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...

8CVSS2.5AI score0.00931EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/27 9:52 p.m.•51 views

Out-of-bounds read in Pillow

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...

8.1CVSS3.6AI score0.02514EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/27 4:57 p.m.•51 views

Stored XSS in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI...

6.1CVSS3.5AI score0.01965EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/07 4:45 p.m.•51 views

Denial of service due to reference expansion in versions earlier than 4.0

Impact The CBOR library supports optional tags that enable CBOR objects to contain references to objects within them. Versions earlier than 4.0 resolved those references automatically. While this by itself doesn't cause much of a security problem, a denial of service can happen if those reference...

0.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/30 9:1 p.m.•51 views

Information Exposure in Netty

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.3AI score0.05434EPSS
Exploits0References18Affected Software3
Github Security Blog
Github Security Blog
•added 2020/06/26 4:48 p.m.•51 views

JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0

JHipster Kotlin is using an insecure source of randomness to generate all of its random values. JHipster Kotlin relies upon apache commons lang3 RandomStringUtils. From the documentation: Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically...

9.8CVSS0.2AI score0.03673EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/10 8:54 p.m.•51 views

Information disclosure in JBoss Weld

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state...

4.3CVSS6.9AI score0.02051EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/25 6:20 p.m.•51 views

Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used

VVE-2020-0001 Earlier today, we received a responsible disclosure of a potential issue from @montyly security researcher at @trailofbits for Vyper users who make assumptions about what values certain interface types can return. Impact We determined the issue to be mild and unlikely to be exploite...

6.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2019/10/11 6:41 p.m.•51 views

Denial of Service in Apache Commons Compress

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress...

7.5CVSS3.5AI score0.16157EPSS
Exploits0References33Affected Software2
Github Security Blog
Github Security Blog
•added 2019/01/04 7:6 p.m.•51 views

Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...

9.8CVSS9.3AI score0.10599EPSS
Exploits0References39Affected Software1
Github Security Blog
Github Security Blog
•added 2019/01/04 5:46 p.m.•51 views

Bleach URI Scheme Restriction Bypass

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...

9.8CVSS8.8AI score0.02229EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/19 4:55 p.m.•51 views

Improper Input Validation in org.wildfly:wildfly-undertow

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files...

5.5CVSS2.9AI score0.00489EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/18 5:43 p.m.•51 views

jackson-dataformat-xml vulnerable to server side request forgery (SSRF)

Versions of jackson-dataformat-xml prior to 2.7.8 and prior to 2.8.4 allow remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...

8.6CVSS6.3AI score0.02356EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/17 4:31 p.m.•51 views

Apache Tomcat information exposure vulnerability

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

6.5CVSS6.5AI score0.14737EPSS
Exploits2References60Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/17 4:23 p.m.•51 views

Deserialization of Untrusted Data in Bouncy castle

Legion of the Bouncy Castle Java Cryptography APIs starting in version 1.57 and prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an...

9.8CVSS8.8AI score0.04767EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
•added 2018/07/23 7:51 p.m.•51 views

Denial of service in django

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

5CVSS7.5AI score0.03024EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2018/07/23 7:51 p.m.•51 views

Plone and Zope2 affected by Race Condition

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

4.3CVSS6.3AI score0.00933EPSS
Exploits0References9Affected Software2
Total number of security vulnerabilities5000