33225 matches found
Geth Node Vulnerable to DoS via maliciously crafted p2p message
Impact A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer, via the snap/1 protocol. The crash can be triggered by sending a malicious snap/1 GetTrieNodes package. Details On September 21, 2021, geth-team member Gary Rong @rjl493456442 found a way t...
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
Impact This is a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they don't. Any code calling these functions will be written thinking they would limit the concurrency but they won't. This coul...
Missing Release of Resource after Effective Lifetime in Apache Tomcat
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was...
Insecure random number generation in keypair
Description and Impact A bug in the pseudo-random number generator used by keypair versions up to and including 1.0.3 could allow for weak RSA key generation. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. We recomme...
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Cobbler before 3.3.0 allows authorization bypass for modification of settings...
Cross-site Scripting in shuup
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...
Cross-site Scripting in OpenCRX
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting XSS, due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance...
Improperly Implemented path matching for in-toto-golang
Impact Authenticated attackers posing as functionaries i.e., within a trusted set of users for a layout are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact ...
XML Injection in Any23
An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...
Clearance Gem Open Redirect Vulnerability
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session:returnto. If the value used for returnto contains multiple leading slashes /////example.com the user ends up being redirected to the external domain that comes after...
Unrestricted File Upload in ShowDoc v2.9.5
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'fileurl' parameter in the component AdminUpdateController.class.php'...
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2...
Privilege escalation in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4...
Code Injection in pac-resolver
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer...
Path traversal in ServiceCenter
Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0...
Prototype Pollution in open-graph
This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...
Cross-site scripting in feehicms
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload...
XStream is vulnerable to an Arbitrary Code Execution attack
Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...
Null pointer dereference in `RaggedTensorToTensor`
Impact Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior: python import tensorflow as tf tf.rawops.RaggedTensorToTensor shape=1, values=10, defaultvalue=21, rowpartitiontensors=tf.constant0,0,0,0,...
Arbitrary Command Injection
This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
Prototype Pollution in nedb
This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a proto or constructor.prototype payload...
Apache ActiveMQ Artemis vulnerable to Improper Access Control
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error...
Missing Authorization in jenkins xray-connector
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Cross-site scripting in Centreon
Centreon version 20.10.2 is affected by a cross-site scripting XSS vulnerability. The depdescription Dependency Description and depname Dependency Name parameters are vulnerable to stored XSS. A user has to log in and go to the Configuration Notifications Hosts page...
Invalid session token expiration
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...
Remote Command Execution in reg-keygen-git-hash-plugin
Impact reg-keygen-git-hash-plugin through 0.10.15 allow remote attackers to execute of arbitrary commands. Patches Upgrade to version 0.10.16 or later. For more information If you have any questions or comments about this advisory: - Open an issue in reg-viz/reg-suit...
Crash in `tf.transpose` with complex inputs
Impact Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash: python import tensorflow as tf tf.transposeconjugate=True, a=complex1 Patches We have received a patch for the issue in GitHub commit 1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88...
Division by zero in TFLite's implementation of `OneHot`
Impact The implementation of the OneHot TFLite operator is vulnerable to a division by zero error: cc int prefixdimsize = 1; for int i = 0; i dims-datai; const int suffixdimsize = NumElementsopcontext.indices / prefixdimsize; An attacker can craft a model such that at least one of the dimensions ...
Path traversal in u-root
This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor
Cure53 has discovered that the Harbor web interface does not implement protection mechanisms against Cross-Site Request Forgery CSRF. By luring an authenticated user onto a prepared third-party website, an attacker can execute any action on the platform in the context of the currently authenticat...
Server-Side Request Forgery in Spinnaker Orca
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...
SQL Injection in Apache SkyWalking
Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
Improper Authentication in Apache Shiro
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
Prototype Pollution in gedi
All versions of package gedi up to and including version 1.6.3 are vulnerable to Prototype Pollution via the set function...
Prototype Pollution in deeps
All versions of package deeps up to and including version 1.4.5 are vulnerable to Prototype Pollution via the set function...
Improper exception handling in Aedes
An issue was discovered in MoscaJS Aedes 0.42.0 and fixed in 0.42.1. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream...
Arbitrary command execution in roar-pidusage
This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without inpu...
Improper Authentication in Apache Hadoop
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled...
Incorrect permission enforcement in UmbracoCms
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106, CVE-2019-1107...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...
Out-of-bounds write in Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...
Privilage Escalation in moodle
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3,...
Out-of-bounds Write in Pillow
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...
Prototype pollution in total.js
There is a prototype pollution vulnerability in the package total.js before version 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impa...
OS Command Injection in async-git
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Ensure to sanitize untrusted us...
Prototype pollution in JointJS
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic
Impact This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic. This vulnerability was reported by Naveen Sunkavally at Horizon3.ai. Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x...
Injection/XSS in Redcarpet
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...