33225 matches found
Improper Input Validation in Apache ActiveMQ
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...
Apache Tomcat affected by vulnerability in TLS and SSL protocol
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
Apache Tomcat Directory Traversal vulnerability
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...
Improper Input Validation in Apache Struts
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
Keycloak is vulnerable to IDN homograph attack
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges...
Nokogiri is vulnerable to XML External Entity (XXE) attack
Nokogiri before 1.5.4 is vulnerable to XXE attacks...
SQL injection in blazer
Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run...
SQL Injection in elide-datastore-aggregation
Impact When leveraging the following together: - Elide Aggregation Data Store for Analytic Queries - Parameterized Columns A column that requires a client provided parameter - A parameterized column of type TEXT There is the potential for a hacker to provide a carefully crafted query that would...
Sandbox bypass leading to arbitrary code execution in Deno
Impact The versions of Deno between release 1.18.0 and 1.20.2 inclusive are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass permission checks and execute arbitrary shell code. There is no evidence that this vulnerability has been...
Improper Input Validation in GoGo Protobuf
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue...
Improper Verification of Cryptographic Signature in node-forge
Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...
Cross Site Request Forgery in intelliants/subrion
Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...
Vulnerable dependencies in Nokogiri
Summary Nokogiri v1.13.2 upgrades two of its packaged dependencies: - vendored libxml2 from v2.9.12 to v2.9.13 - vendored libxslt from v1.1.34 to v1.1.35 Those library versions address the following upstream CVEs: - libxslt: CVE-2021-30560 CVSS 8.8, High severity - libxml2: CVE-2022-23308...
Incorrect Authorization in runc
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Impact If no TLS configuration is provided by the user, the websocket package constructs its own TLS configuration using recommended defaults. When looking up a WSS endpoint using the DNS TXT record method described in XEP-0156: Discovering Alternative XMPP Connection Methods the ServerName field...
Privilege Escalation in Kubernetes
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...
Symlink Attack in Libcontainer and Docker Engine
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image...
Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)
Impact Sean Wright from Secureworks has discovered an enumeration vulnerability. An attacker can make use of the Harbor API to make unauthenticated calls to the Harbor instance. Based on the HTTP status code in the response, an attacker is then able to work out which resources exist, and which do...
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Impact Matt Hamilton from Soluble has discovered a limited Server-Side Request Forgery SSRF that allowed Harbor project owners to scan the TCP ports of hosts on the Harbor server's internal network. The vulnerability was immediately fixed by the Harbor team. Issue The “Test Endpoint” API, part of...
Cross-site Scripting in vmd
vmd through 1.34.0 allows div class="markdown-body" XSS, as demonstrated by Electron remote code execution via require'childprocess'.execSync'calc.exe' on Windows and a similar attack on macOS...
Prototype Pollution in safetydance
All versions of package safetydance are vulnerable to Prototype Pollution via the set function...
Path Traversal in Eclipse Vert
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0-milestone1, 4.0.0-milestone2, 4.0.0-milestone3, 4.0.0-milestone4, 4.0.0-milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the...
Out-of-bounds Write in Play Framework
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...
Cross-site Scripting in keycloak
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirecturi parameter. This flaw allows an attacker to perform a Cross-site scripting attack...
UltraJSON vulnerable to Out-of-bounds Write
UltraJSON aka ujson 1.34 through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode...
october/system arbitrary code execution
Impact Assuming an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates. Patches Issue has been patched in Build 473 and v1.1.6 Workarounds Apply...
Cross-site Scripting in Scratch-Svg-Renderer
A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...
bookstack is vulnerable to Improper Access Control
bookstack is vulnerable to Improper Access Control...
Command injection in itext7-core
iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...
Files Accessible to External Parties in Opencast
Opencast before version 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Impact Before Opencast 10.6, Opencast would open and include local files during...
Server-Side Request Forgery in Concrete CMS
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
Impact What kind of vulnerability is it? Who is impacted? It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What...
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write
Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...
Missing Release of Resource after Effective Lifetime in Apache Tomcat
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was...
Email relay in Apache Traffic Control
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address...
Validity check missing in Frontier
Impact In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block...
Cross-site scripting in Unicorn framework
The Unicorn framework through 0.35.3 for Django allows XSS via component.name...
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Cobbler before 3.3.0 allows authorization bypass for modification of settings...
Cobbler before 3.3.0 allows log poisoning
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection...
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
Cross-site scripting in application/controllers/dropbox.php in JustWriting
Cross-site scripting XSS vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter...
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...
Confused Deputy in Kubernetes
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack...
Remote code execution in UReport
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code...
Cross-site Scripting in peertube
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'. It was found that one could upload a SVG image and then send the url of that to other users and when they open the link we can get their complete session keys as the session keys stored i...
UUPSUpgradeable vulnerability in @openzeppelin/contracts
Impact Upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon. Patches A fix is included in version 4.3.2 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeabl...
Regular Expression Denial of Service in flask-restx
Flask RESTX contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service in emailregex...
Imporoper path validation in elFinder.NetCore
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
Insecure direct object reference of log files of the Import/Export feature
Impact Insecure direct object reference of log files of the Import/Export feature Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6...
Integer Overflow in openssl-src
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...