Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2022/05/19 12:0 a.m.49 views

SQL injection in moodle

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria...

9.8CVSS9.7AI score0.01288EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:47 a.m.49 views

Deserialization of Untrusted Data in Apache Tomcat

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...

7.5CVSS3.7AI score0.07199EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/16 6:13 p.m.49 views

Improper kubeconfig validation allows arbitrary code execution

Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...

9.9CVSS1.7AI score0.01044EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/14 3:44 a.m.49 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt

jasypt before 1.9.2 allows a timing attack against the password hash comparison...

7.5CVSS8AI score0.02432EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:49 a.m.49 views

Improper Access Control in Elasticsearch

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

9.8CVSS9AI score0.99906EPSS
Exploits19References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:39 a.m.49 views

PHPMailer susceptible to arbitrary code execution

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

10CVSS6.1AI score0.54003EPSS
Exploits15References13Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:6 a.m.49 views

ChakraCore vulnerable to remote code execution

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

7.6CVSS7.6AI score0.6546EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.49 views

Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

3.3CVSS6.7AI score0.0035EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.49 views

Improper Limitation of a Pathname to a Restricted Directory in Spring Framework

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL...

5CVSS8.6AI score0.06215EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:1 a.m.49 views

Prototype Pollution in convict

This affects the package convict before 6.2.3. This is a bypass of CVE-2022-22143. The fix introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with proto or this.constructor.prototype. To bypass this check it's...

9.8CVSS2.9AI score0.03802EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:21 a.m.49 views

Nokogiri vulnerable to libxslt protection mechanism bypass

A dependency of Nokogiri, libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...

9.8CVSS3.5AI score0.05089EPSS
Exploits0References26Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:1 a.m.49 views

Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS5.3AI score0.00894EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2022/04/12 9:27 p.m.49 views

Session fixation

Impact The use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability. Workarounds Call...

6.5CVSS5.7AI score0.0077EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/08 9:53 p.m.49 views

Unauthenticated user can retrieve the list of users through uorgsuggest.vm

A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem...

5.3CVSS2.8AI score0.03282EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/04 12:0 a.m.49 views

Remote code injection in dompdf/dompdf

Dompdf is an HTML to PDF converter. Dompdf before 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS9.3AI score0.82438EPSS
Exploits8References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/05 12:0 a.m.49 views

Cross Site Request Forgery in intelliants/subrion

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...

8.8CVSS8.6AI score0.0219EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/03 8:28 p.m.49 views

Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. The impact of this heap corruption ranges from Information...

9.8CVSS2.9AI score0.0145EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.49 views

Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 2.0 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS4.8AI score0.00655EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/11 11:19 p.m.49 views

Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header

Summary There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache...

6.1CVSS0.3AI score0.08011EPSS
Exploits0References10Affected Software8
Github Security Blog
Github Security Blog
added 2022/02/10 10:23 p.m.49 views

Zip slip in Microweber

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...

7.2CVSS7.7AI score0.16611EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 8:55 p.m.49 views

Gadget chain attack in Nippy

A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface...

7.8CVSS7.6AI score0.01114EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 11:7 p.m.49 views

Path Traversal in Crafter CMS Crafter Studio

In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE...

9.8CVSS9AI score0.02006EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/28 11:8 p.m.49 views

Cross-site Scripting when rendering error messages in laminas-form

Impact When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in vulnerable versions of laminas-form, the value was not being escaped for HTML contexts, which can potentially lead to a...

6.1CVSS0.6AI score0.00989EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 10:52 p.m.49 views

Deserialization of Untrusted Data in Codeigniter4

Impact Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection...

9.8CVSS3.6AI score0.37671EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/14 9:19 p.m.49 views

actionpack Open Redirect in Host Authorization Middleware

Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. For example, configuration files...

6.1CVSS6.4AI score0.04182EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/10 8:24 p.m.49 views

Cross-site Scripting in Apereo CAS

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

6.1CVSS3.2AI score0.08064EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/23 10:3 p.m.49 views

Arbitrary file reading vulnerability in Aim

Impact A path traversal attack aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and...

8.6CVSS1AI score0.01846EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/16 5:4 p.m.49 views

Cross-site scripting (XSS) from writer field content in the site frontend

Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting XSS attacks, otherwise the formatting would be lost. Cross-site scripting XSS is a type of vulnerability that...

7.3CVSS0.2AI score0.00898EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/19 3:28 p.m.49 views

Specification non-compliance in JUMPI

Impact In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Patches This is a high severity security advisory if you use evm crate for...

9.8CVSS9.4AI score0.00995EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/14 9:19 p.m.49 views

Inconsistent input sanitisation leads to XSS vectors

Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...

9.8CVSS2.1AI score0.01006EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2021/10/06 5:48 p.m.49 views

Weak Password Recovery Mechanism for Forgotten Password in Strapi

In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password...

8.1CVSS3.9AI score0.0128EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/15 8:23 p.m.49 views

Cross-site Scripting in Beego

Cross Site Scripting XSS vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page...

6.1CVSS5.8AI score0.00795EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/14 8:25 p.m.49 views

Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

3.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/13 8:5 p.m.49 views

Infinite Loop in rencode

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...

7.5CVSS4.8AI score0.05566EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/08 8:14 p.m.49 views

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2...

6.5CVSS6.9AI score0.01523EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 11:8 p.m.49 views

Cross-site Scripting in file-upload-with-preview

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

6.1CVSS2.2AI score0.00893EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:22 p.m.49 views

Improper Restriction of Rendered UI Layers or Frames in yourls

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames...

8.8CVSS8.4AI score0.00405EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:15 p.m.49 views

Ethereum Contains Consensus Flaw During Block Processing

Impact A vulnerability in the Geth EVM could cause a node to reject the canonical chain. Description A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead...

7.5CVSS7AI score0.01527EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:52 p.m.49 views

Integer Overflow in openssl-src

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS8AI score0.50732EPSS
Exploits0References22Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/23 7:42 p.m.49 views

Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML.

Affected packages The vulnerability has been discovered in Fake Objects plugin. All plugins with Fake Objects plugin dependency are affected: Fake Objects Link Flash Iframe Forms Page Break Impact A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability...

7.3CVSS6.1AI score0.01324EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/11 3:18 p.m.49 views

Improper Access Control in Dolibarr

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint...

4.3CVSS5AI score0.00702EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/10 4:2 p.m.49 views

jszip Vulnerable to Prototype Pollution

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...

5.3CVSS5.8AI score0.03307EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:22 p.m.49 views

qiita-markdown Cross-site Scripting vulnerability

Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796...

6.1CVSS3.3AI score0.00739EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/28 4:57 p.m.49 views

Creation of order credits was not validated by acl in admin orders

Impact Creation of order credits was not validated by ACL in admin orders Patches We recommend updating to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workaroun...

4.9CVSS2.3AI score0.00626EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/23 5:23 p.m.49 views

Authentication Bypass in tyk-identity-broker

The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data...

9.1CVSS4.8AI score0.01011EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:29 p.m.49 views

Missing Authorization in Jenkins P4 plugin

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password. Jenkins P4 Plugin 1.11.5 requires...

4.3CVSS5AI score0.01301EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:21 p.m.49 views

Uncontrolled Resource Consumption in JPA Server in HAPI FHIR

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...

5.3CVSS3.4AI score0.01587EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 6:45 p.m.49 views

Remote Code Execution via traversal in TAL expressions

This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Impact Most Python modules are not available for using in TAL expressions that you can add...

8.8CVSS7.4AI score0.01574EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/01 9:20 p.m.49 views

Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

0.5AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/21 2:27 p.m.49 views

Division by zero in TFLite's convolution code

Impact TFLite's convolution code has multiple division where the divisor is controlled by the user and not checked to be non-zero. For example: cc const int inputsize = NumElementsinput / SizeOfDimensioninput, 0; Patches We have patched the issue in GitHub commit...

7.8CVSS1.8AI score0.00201EPSS
Exploits1References8Affected Software3
Total number of security vulnerabilities5000