Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:6 p.m.50 views

Denial of service in ASP.NET Core

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'...

7.5CVSS2.1AI score0.07614EPSS
Exploits0References7Affected Software11
Github Security Blog
Github Security Blog
added 2022/05/24 4:45 p.m.50 views

golang.org/x/crypto/salsa20/salsa uses insufficiently random values

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...

5.9CVSS6AI score0.03437EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/16 6:13 p.m.50 views

Improper kubeconfig validation allows arbitrary code execution

Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...

9.9CVSS1.7AI score0.01044EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/14 3:52 a.m.50 views

Arbitrary file write in Apache Commons Fileupload

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS5AI score0.12768EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 3:8 a.m.50 views

CodeIgniter Session Fixation Vulnerability

A Session Fixation issue exists in CodeIgniter before 3.1.10 because session.usestrictmode in the Session Library was mishandled...

9.8CVSS9.5AI score0.01254EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.50 views

Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

3.3CVSS6.7AI score0.0035EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:0 a.m.50 views

Sandbox bypass in Script Security Plugin

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

9.9CVSS5AI score0.73854EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 6:3 p.m.50 views

Apache Tomcat XSS Vulnerabilities in Examples Web Application

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS6AI score0.77376EPSS
Exploits1References20Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/14 12:0 a.m.50 views

SQL injection in apache-superset

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue...

9.8CVSS2.8AI score0.02788EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.50 views

Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.5CVSS2.3AI score0.01073EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/01 9:4 p.m.50 views

Possible privilege escalation via bash completion script

The bash completion script for fscrypt through v0.3.2 allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a...

7.3CVSS3.2AI score0.00199EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.50 views

containers/image library Insufficiently Protects Credentials

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

6.4CVSS6.2AI score0.01604EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 1:7 a.m.50 views

Hub Package Arbitrary File Overwrite

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file...

3.6CVSS6.1AI score0.00387EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2022/02/15 12:30 a.m.50 views

Git LFS can execute a Git binary from the current directory on Windows

Impact On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-2795...

10CVSS3.5AI score0.82715EPSS
Exploits14References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/11 11:42 p.m.50 views

Incorrect handling of credential expiry by /nats-io/nats-server

Problem Description NATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled. The NATS accounts system has expiration timestamps on credentials; the library had an API which encouraged misuse and an IsRevoked method which misused its own API....

9.8CVSS9.5AI score0.02054EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:6 p.m.50 views

Injection in Apache Archiva

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users...

5.3CVSS5.9AI score0.08004EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 11:26 p.m.50 views

Memory leak in decoding PNG images

Impact When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling png::CommonFreeDecode&decode. However, several error case in the function...

6.5CVSS1.6AI score0.00992EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/09 12:56 a.m.50 views

Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers

A vulnerability was found in all versions of the deprecated package Keycloak Gatekeeper, where on using lower case HTTP headers via cURL we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in...

7.5CVSS1.6AI score0.0093EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/08 12:43 a.m.50 views

Server-Side Request Forgery in Apache Kylin

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

7.5CVSS0.6AI score0.02557EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/08 12:39 a.m.50 views

Allocation of Resources Without Limits or Throttling in Apache Avro

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...

7.5CVSS5.3AI score0.0296EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 10:30 p.m.50 views

Arbitrary PHP code execution in Drupal

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6, and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing...

9.8CVSS9AI score0.33228EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2021/12/20 6:25 p.m.50 views

Incorrect Permission Assignment for Critical Resource in Singularity

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...

9CVSS1.3AI score0.02127EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/10 7:2 p.m.50 views

ReDOS in IS-SVG

A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...

7.5CVSS4.4AI score0.02813EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/10 5:23 p.m.50 views

Integer Overflow in png-img

An integer overflow in the PngImg::InitStorage function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file...

8.8CVSS8.6AI score0.02216EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/16 12:32 a.m.50 views

Regular expression denial of service vulnerability (ReDoS) in date

Date’s parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected. The fix limits the input length up to 128 bytes by default...

7.5CVSS1.9AI score0.03222EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/13 3:34 p.m.50 views

Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS5.1AI score0.02223EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 8:46 p.m.50 views

Prototype Pollution in object-path

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'. The del function fails to validate which Object properties it deletes. This allows attackers to modify the prototype of Object, causing the modification of default properties like...

7.5CVSS7.9AI score0.0203EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 7:53 p.m.50 views

Partial path traversal in sharpcompress

SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent extraction outside the destination directory the destinationFileName path is verified to begin with fullDestinationDirectoryPath. However it is not...

4.3CVSS5.4AI score0.01192EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 11:9 p.m.50 views

objection.js Prototype Pollution vulnerability

objection.js prior to version 2.2.16 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'. This issue is patched in version 2.2.16...

9.8CVSS8.7AI score0.0147EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 11:2 p.m.50 views

OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values

Any CA issuer in the RPKI can trick OctoRPKI prior to https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. Impact An attacker can use this to disable RPKI Origin Validation in a vict...

7.5CVSS7.4AI score0.01216EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 5:20 p.m.50 views

Data Flow Sanitation Issue Fix

Impact Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server...

7.2CVSS5.8AI score0.01311EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:54 p.m.50 views

Certificate check bypass in openssl-src

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.6AI score0.18339EPSS
Exploits1References27Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:52 p.m.50 views

Integer Overflow in openssl-src

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS8AI score0.50732EPSS
Exploits0References22Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:43 p.m.50 views

Headers containing newline characters can split messages in hyper

Serializing of headers to the socket did not filter the values for newline bytes \r or \n, which allowed for header values to split a request or response. People would not likely include newlines in the headers in their own applications, so the way for most people to exploit this is if an...

5.3CVSS5.4AI score0.01033EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:46 p.m.50 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

8.5CVSS8.3AI score0.11468EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:43 p.m.50 views

Null pointer dereference in `SparseTensorSliceDataset`

Impact When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer: python import tensorflow as tf tf.rawops.SparseTensorSliceDataset indices=,,, values=1,2,3, denseshape=3,3 The...

7.7CVSS6AI score0.0016EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/19 3:53 p.m.50 views

Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS1.1AI score0.00727EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2021/08/13 3:21 p.m.50 views

XML External Entity Reference

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...

7.5CVSS2.8AI score0.01349EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/10 4:9 p.m.50 views

Cross-site Scripting in video.js

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

6.5CVSS2.6AI score0.02587EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:38 p.m.50 views

Cross Site Scripting in LavaLite CMS

Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...

4.8CVSS5.1AI score0.00624EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/03 4:48 p.m.50 views

Improperly Controlled Modification of Object Prototype Attributes

Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Patches [email protected] patched it, anyone used think-config should...

1.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:30 p.m.50 views

Path Traversal in elFinder.Net.Core

This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path...

7.5CVSS3.3AI score0.01997EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:23 p.m.50 views

Cross-Site Scripting in Qiita-Markdown

Increments Qiita-Markdown before 0.33.0 allows XSS in transformers...

6.1CVSS5.8AI score0.00774EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:11 p.m.50 views

Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

8.2CVSS9.1AI score0.01461EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/15 3:56 p.m.50 views

Open redirect in Flask-Unchained

This affects the package Flask-Unchained before 0.9.0. When using the the validateredirecturl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only exploitable if an...

5.8CVSS2.4AI score0.00716EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 8:12 p.m.50 views

Server-Side Request Forgery in Feehi CMS

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

9.1CVSS1.3AI score0.01109EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 6:49 p.m.50 views

Pillow Out-of-bounds Read vulnerability

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi. This dates to Pillow 2.4.0...

9.1CVSS8.9AI score0.02876EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/28 3:53 p.m.50 views

Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build

Impact If you are using the esbuild target or command you are at risk of code/option injection. Attackers can use the command line option to maliciously change your settings in order to damage your project. Patches The problem has been patched in v1.0.0 as it uses a proper method to pass configs ...

3.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.50 views

Heap OOB read in TFLite

Impact A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of SplitV: cc const int inputsize = SizeOfDimensioninput, axisvalue; If axisvalue is not a value between 0 and NumDimensionsinput, then the SizeOfDimension function will access data outside the...

7.8CVSS1AI score0.00215EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/20 4:50 p.m.50 views

Local directory executable lookup in sops (Windows-only)

Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...

0.4AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities5000