Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2023/09/21 5:7 p.m.47 views

Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 2.5-41.0.3 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230908.txt. If you...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/08 12:17 p.m.47 views

Snappy PHAR deserialization vulnerability

Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...

9.8CVSS8.3AI score0.0276EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/01 8:51 p.m.47 views

tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli

Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus N containing small factors less than 2^100 they can interact with other participants in the signing...

6.7AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/16 9:2 p.m.47 views

Woodpecker does not validate webhook before changing any data

Impact An attacker can post malformed webhook data which leads to an update of the repository data that can e.g. allow the takeover of a repository. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. Patches Please use either nex...

8.1CVSS6.3AI score0.00716EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/09 2:37 p.m.47 views

PrestaShop XSS injection through Validate::isCleanHTML method

Impact xss injection through isCleanHTML method Patches 1.7.8.10 8.0.5 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds References...

8.3CVSS7.4AI score0.00445EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/15 4:28 p.m.47 views

snappy-java's Integer Overflow vulnerability in compress leads to DoS

Summary Due to unchecked multiplications, an integer overflow may occur, causing an unrecoverable fatal error. Impact Denial of Service Description The function compresschar...

7.5CVSS7AI score0.01469EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/15 4:13 p.m.47 views

snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

Summary Due to unchecked multiplications, an integer overflow may occur, causing a fatal error. Impact Denial of Service Description The function shuffleint inputhttps://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.javaL107...

7.5CVSS7.2AI score0.01707EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/14 5:8 p.m.47 views

.NET Denial of Service vulnerability

Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

7.5CVSS6.5AI score0.02627EPSS
Exploits0References6Affected Software14
Github Security Blog
Github Security Blog
added 2023/06/14 4:37 p.m.47 views

elFinder vulnerable to path traversal in LocalVolumeDriver connector

Impact Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system. This issue was caused by incomplete validity checking of the supplied request parameters. That problem has been fixed in...

6.5CVSS6.7AI score0.01936EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/06 4:40 p.m.47 views

Synapse has improper checks for deactivated users during login

Impact It may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: JSON Web Tokens are enabled for login via the jwtconfig.enabled configuration setting The local password database is enabled via the...

5.4CVSS6.8AI score0.00752EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/24 5:30 p.m.47 views

nfpm has incorrect default permissions

Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files without extra config for...

7.1CVSS6.7AI score0.00384EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/05/18 5:32 p.m.47 views

swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logical error...

7.5CVSS6.7AI score0.01119EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/25 7:45 p.m.47 views

SQL filter bypass leading to arbitrary write requests using "SQL Manager"

Impact SQL filtering vulnerability, a BO user can write, update and delete in the database, even without having specific rights. Patches PrestaShop 8.0.4 and 1.7.8.9 will contain the patch. Workarounds no References no...

9.9CVSS6AI score0.01692EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/19 9:41 p.m.47 views

Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin

Summary Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. Details Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server....

10CVSS7.1AI score0.76825EPSS
Exploits2References9Affected Software2
Github Security Blog
Github Security Blog
added 2023/04/18 1:14 p.m.47 views

Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list Patches The problem has been fixed with 6.4.20.1 with an improved override...

9.9CVSS8.4AI score0.02083EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/03/27 9:30 p.m.47 views

pgAdmin 4 vulnerable to directory traversal

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...

6.5CVSS6.4AI score0.08826EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/22 6:30 a.m.47 views

Jettison vulnerable to infinite recursion

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...

7.5CVSS7.2AI score0.01009EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/19 12:30 a.m.47 views

jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

7.5CVSS7.2AI score0.01124EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/22 10:59 p.m.47 views

Sequelize vulnerable to SQL Injection via replacements

Impact The SQL injection exploit is related to replacements. Here is such an example: In the following query, some parameters are passed through replacements, and some are passed directly through the where option. typescript User.findAll where: or literal'soundex"firstName" = soundex:firstName',...

10CVSS9.7AI score0.01444EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/06 11:27 p.m.47 views

Kubernetes client-go vulnerable to Sensitive Information Leak via Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.5, = v1.18.13, = v1.17.15, v1.20.0-alpha2...

5.5CVSS6.1AI score0.00512EPSS
Exploits0References11Affected Software2
Github Security Blog
Github Security Blog
added 2023/01/23 10:5 p.m.47 views

Path traversal in spotipy

Summary If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. Details The code Spotipy uses to parse URIs and URLs accepts user data too liberally which allows a malicious user to insert arbitrary characters...

4.3CVSS5.1AI score0.00653EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/12 6:30 a.m.47 views

Java Merge-sort Insecure Temporary File vulnerability

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...

5.5CVSS4.2AI score0.0024EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/10 10:28 p.m.47 views

Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted

If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...

3.5CVSS4.3AI score0.00555EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/27 2:40 p.m.47 views

Hazelcast connection caching

Impact The Connection handler in Hazelcast and Hazelcast Jet allows an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection's identity. The affected Hazelcast versions are through 3.12.12, 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The...

9.1CVSS8.8AI score0.01021EPSS
Exploits0References4Affected Software4
Github Security Blog
Github Security Blog
added 2022/12/06 6:30 p.m.47 views

Thinkphp has a code logic error

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

8.8CVSS8.6AI score0.02906EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/21 10:36 p.m.47 views

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui

Impact Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The URL...

9.9CVSS8.9AI score0.0119EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.47 views

Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

8.1CVSS8.2AI score0.01328EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/01 5:45 p.m.47 views

X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS8.1AI score0.92488EPSS
Exploits2References49Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/01 12:0 p.m.47 views

Apache Tomcat may reject request containing invalid Content-Length header

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

7.5CVSS7.5AI score0.01448EPSS
Exploits0References11Affected Software2
Github Security Blog
Github Security Blog
added 2022/10/31 10:42 p.m.47 views

acryl-datahub missing JWT signature check

Missing JWT signature check GHSL-2022-078 The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...

9.9CVSS9AI score0.00851EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/21 8:50 p.m.47 views

.NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....

7.5CVSS1AI score0.05041EPSS
Exploits0References11Affected Software12
Github Security Blog
Github Security Blog
added 2022/09/23 12:0 a.m.47 views

HashiCorp Vault vulnerable to incorrect metadata access

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checkin...

9.1CVSS8.7AI score0.00781EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 5:22 p.m.47 views

XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability

Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request URL parameter using the XWikiServerClassSheet if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a...

9.9CVSS8.8AI score0.7589EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 5:21 p.m.47 views

Talos worker join token can be used to get elevated access level to the Talos API

Impact Talos worker nodes use a join token to get accepted into the Talos cluster. A misconfigured Kubernetes environment may allow workloads to access the join token of the worker node. A malicious workload could then use the join token to construct a Talos CSR certificate signing request. Due t...

8.8CVSS8.1AI score0.00533EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/15 3:35 a.m.47 views

Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)

Impact Denial of Service Details OPC UA specification describes a concept named Subscriptions. Subscriptions monitor a set of Monitored Items for Notifications and return them to the Client in response to Publish requests. The server notifies the client about changes only in case the value is...

7.5CVSS0.5AI score0.01018EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.47 views

Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfbf and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content...

6.5CVSS6.7AI score0.00674EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/15 7:41 p.m.47 views

jackson-databind vulnerable to unsafe deserialization

The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class ignite-jta...

8.1CVSS7.8AI score0.03301EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/12 10:15 p.m.47 views

UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance()

Overview Affected versions have no limit to using unsafe-accessor. Can be ignored if SecurityCheck.AccessLimiter not setup Details If UA was loaded as a named module, the internal data of UA will be protected by JVM and others can only access UA via UA's standard api. Main application can setup...

7.5CVSS7.3AI score0.01091EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/12 10:5 p.m.47 views

Argo CD certificate verification is skipped for connections to OIDC providers

Impact All versions of Argo CD starting with v0.4.0 are vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OIDC provider. Note: external OIDC provider support was added in v0.11.0. Before that version, the notes below app...

9.6CVSS8.8AI score0.00763EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.47 views

Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...

6.1CVSS0.7AI score0.00854EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.47 views

Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests. This is basically the...

4.3CVSS4.7AI score0.00516EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/15 12:0 a.m.47 views

Regular expression denial of service in Delight Nashorn Sandbox

An issue was discovered in Delight Nashorn Sandbox. There is an ReDoS vulnerability that can be exploited to launching a denial of service DoS attack...

7.5CVSS2.8AI score0.0097EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/11 12:0 a.m.47 views

Unsafe deserialization in com.alibaba:fastjson

The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...

9.8CVSS6.1AI score0.17767EPSS
Exploits5References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/07 12:0 a.m.47 views

Improper Check for Unusual or Exceptional Conditions in Elasticsearch

A Denial of Service flaw was discovered in Elasticsearch 8.0.0 through 8.2.0. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. Version 8.2.1 contains a patch...

7.5CVSS4.1AI score0.074EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/26 12:1 a.m.47 views

Buffer over-flow in Pillow

When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow. Opening an image...

9.8CVSS8.9AI score0.01923EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 9:14 p.m.47 views

Access to Unix domain socket can lead to privileges escalation in Cilium

Impact Users with host file system access on a node and the privileges to run as group ID 1000 can gain access to the per node API of Cilium via Unix domain socket on the host where Cilium is running. If a malicious user is able to gain unprivileged access to a user corresponding to this group,...

8.8CVSS8.1AI score0.00285EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:25 p.m.47 views

Jenkins Cross-Site Scripting vulnerability in help icons

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values. This results in a stored cross-site scripting XSS vulnerability. Jenkins 2.252, LTS 2.235.4 escapes the...

5.4CVSS5.3AI score0.06765EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.47 views

Wildfly Unsafe Deserialization Vulnerability

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application BeansEJB due to lack of validation/filtering capabilities in wildfly...

7.5CVSS6.9AI score0.0172EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:46 p.m.47 views

Deserialization of Untrusted Data in Hazelcast

In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...

8.1CVSS4.2AI score0.03711EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:59 a.m.47 views

Path Traversal in Eclipse Mojarra

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...

7.5CVSS5.1AI score0.04425EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000