Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
•added 2021/05/18 9:9 p.m.•50 views

miekg/dns insecurely generates random numbers

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

5.9CVSS6.1AI score0.02066EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 8:33 p.m.•50 views

Insecure Permissions in Gogs

In Gogs 0.11.91, MakeEmailPrimary in models/usermail.go lacks a "not the owner of the email" check...

6.5CVSS2.8AI score0.0093EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 6:38 p.m.•50 views

Server-Side Request Forgery in node-pdf-generator

This affects all versions of package node-pdf-generator up to and including 0.0.6. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...

8.2CVSS7.8AI score0.02044EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/20 2:2 p.m.•50 views

Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields

Impact When saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with javascript: URLs...

6.1CVSS5.4AI score0.00626EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/19 3:11 p.m.•50 views

VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption

Background @tjayrush reported a data handling issue with certain Web3 libraries using Vyper-deploy forwarder proxy contracts using our Vyper's built-in createforwarderto function prior to our change to support EIP-1167 style forwarder proxies. Impact If you are an end user of a forwarder-style...

0.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:30 p.m.•50 views

Command injection in spritesheet-js

This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package...

9.8CVSS9.1AI score0.02472EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:29 p.m.•50 views

Denial of Service (DoS) via the unsetByPath function in jsjoints

The package jointjs before 3.3.0 are vulnerable to Denial of Service DoS via the unsetByPath function...

7.5CVSS7.3AI score0.02047EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:25 p.m.•50 views

Path Traversal in jsreport-chrome-pdf

This affects the package jsreport-chrome-pdf before 1.10.0...

6.5CVSS6.3AI score0.01601EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:24 p.m.•50 views

Arbitrary code execution in djv

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

10CVSS9.1AI score0.02996EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:23 p.m.•50 views

OS Command Injection in rpi

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

9.8CVSS4AI score0.02688EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/07 9:47 p.m.•50 views

Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

4.7CVSS6AI score0.00374EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/07 9:13 p.m.•50 views

SSRF attacks via tracebacks in Plone

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature only available to the Manager role...

8.8CVSS8.3AI score0.01066EPSS
Exploits0References6Affected Software5
Github Security Blog
Github Security Blog
•added 2021/04/07 8:56 p.m.•50 views

Improper Certificate Validation in phpseclib

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS1 v1.5 signature verification...

7.5CVSS3.7AI score0.01055EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/06 5:20 p.m.•50 views

Mautic vulnerable to secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...

5.8CVSS0.5AI score0.00345EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 9:0 p.m.•50 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...

7.6CVSS2.6AI score0.09215EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:59 p.m.•50 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917...

7.6CVSS2.6AI score0.09215EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/12 11:9 p.m.•50 views

Authenticated remote code execution

Impact Authenticated remote code execution using plugin manager without ACL permissions. Patches We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview...

3.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/01 7:34 p.m.•50 views

Denial of service attack via .well-known lookups

Impact A malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which...

6.5CVSS3.4AI score0.02164EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/18 6:23 p.m.•50 views

Command Injection in corenlp-js-interface

All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function...

9.8CVSS9.3AI score0.01963EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/17 9:0 p.m.•50 views

Command injection in connection-tester

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. Affected versions of this package are vulnerable to Command Injection...

9.8CVSS9.5AI score0.01966EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/09 4:27 p.m.•50 views

user-readable api tokens in systemd units for JupyterHub

Impact user API tokens issued to single-user servers are specified in the environment of systemd units, which are accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. Patches Patched in jupyterhub-systemdspawner v0.15 Workarounds No...

7.9CVSS3.2AI score0.00471EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/08 9:42 p.m.•50 views

Denial of service in fast-csv

Impact Possible ReDoS Regular Expression Denial of Service when using ignoreEmpty option when parsing. Patches This has been patched in v4.3.6 Workarounds You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is recommended that you upgrade to t...

6.5CVSS4.4AI score0.01518EPSS
Exploits1References10Affected Software2
Github Security Blog
Github Security Blog
•added 2020/11/23 7:47 p.m.•50 views

Privilege escalation by backend users assigned to the default "Publisher" system role

Impact Backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Patches Issue has been patched in...

4.6CVSS1.1AI score0.00309EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/09 2:21 p.m.•50 views

Cross-Site Scripting in scratch-svg-renderer

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

9.6CVSS3.8AI score0.06074EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/06 6:6 p.m.•50 views

Arbitrary File Read in phantom-html-to-pdf

This affects the package phantom-html-to-pdf before 0.6.1. PoC js var fs = require'fs' var conversion = require"phantom-html-to-pdf"; conversion.allowLocalFilesAccess = false conversion html: "document.writewindow.location='c:/windows/win.ini'" , functionerr, pdf var output =...

7.5CVSS7.3AI score0.01598EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/10/27 7:15 p.m.•50 views

receiving subscription objects with deleted session

Original Message: Hi, I create objects with one client with an ACL of all users with a specific column value. Thats working so far. Then I deleted the session object from one user to look if he can receive subscription objects and he can receive them. The client with the deleted session cant crea...

4.3CVSS0.9AI score0.01151EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/10/06 2:24 p.m.•50 views

Unpreventable top-level navigation

Impact The will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. Patches 11.0.0-beta.1 10.0.1 9.3.0 8.5.1 Workarounds Sandbox all your iframes using the...

7.5CVSS2.3AI score0.01351EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/25 6:28 p.m.•50 views

Null pointer dereference in tensorflow-lite

Impact A crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a...

5.9CVSS1AI score0.008EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
•added 2020/09/25 6:28 p.m.•50 views

Heap buffer overflow in Tensorflow

Impact The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed in parallel:...

5.8CVSS1.4AI score0.00537EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
•added 2020/09/04 2:57 p.m.•50 views

Arbitrary Code Execution in handlebars

Versions of handlebars prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server...

3.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/03 5:20 p.m.•50 views

Malicious Package in malicious-do-not-install

All versions of malicious-do-not-install contain malicious code. The package copies the contents of /etc/passwd and /etc/shadow to files in the local /tmp/ folder. Recommendation Remove the package from your environment and rotate affected credentials...

4.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 9:21 p.m.•50 views

Malicious Package in flatmap-stream

Version 0.1.1 of flatmap-stream is considered malicious. This module runs an encrypted payload targeting a very specific application, copay and because they shared the same description it would have likely worked for copay-dash. The injected code: - Read in AES encrypted data from a file disguise...

1.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 9:7 p.m.•50 views

Malicious Package in boogeyman

All versions of boogeyman are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users .npmrc and send them to a private pastebin account. Recommendation This package was published to the npm Registry for a very short period ...

2.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 3:30 p.m.•50 views

Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document. Proof of Concept The vulnerable object structure is: "definitions": "arbitraryVal": "properties": "": "LoremIpsum" Malicious JSON documents can be loaded...

6.1CVSS2.6AI score0.01028EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/26 6:55 p.m.•50 views

XSS due to lack of CSRF validation for replying/publishing

Impact Due to lack of CSRF validation, a logged in user is potentially vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. Patches Upgrade to the latest version v0.7.0 Workarounds You can cherry-pick the following commit:...

8.1CVSS2.3AI score0.00612EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/11 7:40 p.m.•50 views

Cross-Site Scripting in @progress/kendo-angular-editor

Kendo UI for Angular Editor Component npm package @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor valu...

4.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/04 10:17 p.m.•50 views

Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS0.1AI score0.00896EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2020/07/27 9:52 p.m.•50 views

Out-of-bounds read in Pillow

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...

8.1CVSS3.6AI score0.02514EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/25 6:20 p.m.•50 views

Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used

VVE-2020-0001 Earlier today, we received a responsible disclosure of a potential issue from @montyly security researcher at @trailofbits for Vyper users who make assumptions about what values certain interface types can return. Impact We determined the issue to be mild and unlikely to be exploite...

6.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2019/11/06 5:6 p.m.•50 views

Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...

4.9CVSS2.4AI score0.0113EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2019/07/05 9:8 p.m.•50 views

Inadequate Encryption Strength in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...

7.5CVSS4.3AI score0.74048EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
•added 2019/06/13 8:18 p.m.•50 views

Open Redirect in Spring Security OAuth

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...

5.8CVSS3.1AI score0.08906EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
•added 2019/04/09 7:44 p.m.•50 views

Materialize-css vulnerable to Cross-site Scripting in autocomplete component

All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available...

6.1CVSS6.5AI score0.00788EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
•added 2019/02/18 11:47 p.m.•50 views

Downloads Resources over HTTP in haxe-dev

Affected versions of haxe-dev insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

9.3CVSS5AI score0.01752EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2018/12/21 5:50 p.m.•50 views

Arbitrary Command Execution in Hadoop

In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user...

9CVSS2.4AI score0.03244EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/19 4:50 p.m.•50 views

Improper Input Validation in async-http-client

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS2.1AI score0.03046EPSS
Exploits0References30Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/19 4:42 p.m.•50 views

Improper Certificate Validation in Apache activemq-client

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default...

7.4CVSS2.6AI score0.0699EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/19 4:15 p.m.•50 views

Eclipse Jetty Server generates error message containing sensitive information

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS7.2AI score0.04328EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/17 8:7 p.m.•50 views

Path Traversal in org.springframework:spring-core

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

5.9CVSS3.5AI score0.35681EPSS
Exploits1References21Affected Software1
Github Security Blog
Github Security Blog
•added 2018/07/18 6:27 p.m.•50 views

Code Execution through IIFE in node-serialize

Affected versions of node-serialize can be abused to execute arbitrary code via an immediately invoked function expression IIFE if untrusted user input is passed into unserialize. Recommendation There is no direct patch for this issue. The package author has reviewed this advisory, and provided t...

9.8CVSS5AI score0.61025EPSS
Exploits5References8Affected Software1
Total number of security vulnerabilities5000