Lucene search
K
GithubMost viewed

33190 matches found

Github Security Blog
Github Security Blog
added 2024/08/29 7:30 p.m.46 views

CRLF Injection in RestSharp's `RestRequest.AddHeader` method

Summary The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This...

7.8CVSS8.2AI score0.00316EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/05 8:7 p.m.46 views

Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go

Impact This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information. Patches The issue first appeared in 1.64.0 and is patched in 1.64.1 and...

7.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/21 6:31 a.m.46 views

ClassGraph XML External Entity Reference

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...

7.5CVSS6.8AI score0.00556EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/05 4:56 p.m.46 views

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS8.3AI score0.00994EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2024/05/14 10:29 p.m.46 views

Grafana Email addresses and usernames can not be trusted

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...

8.1CVSS7AI score0.0074EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 10:25 p.m.46 views

Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

7.5CVSS6.7AI score0.00964EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/06 2:20 p.m.46 views

Litestar and Starlite vulnerable to Path Traversal

Summary Local File Inclusion via Path Traversal in LiteStar Static File Serving A Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to...

8.2CVSS7.6AI score0.00722EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2024/05/01 10:1 a.m.46 views

Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss

Summary A path traversal vulnerability via the plugin repository name allows an authenticated attacker to delete files on the server leading to unavailability and potentially data loss. Details Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This featur...

8.1CVSS6.9AI score0.01213EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/25 7:50 p.m.46 views

vyper performs multiple eval of `sqrt()` argument built in

Summary Using the sqrt builtin can result in multiple eval evaluation of side effects when the argument has side-effects. The bug is more difficult but not impossible! to trigger as of 0.3.4, when the unique symbol fence was introduced https://github.com/vyperlang/vyper/pull/2914. A contract sear...

5.3CVSS5.4AI score0.00451EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/22 7:7 p.m.46 views

Arbitrary Code Execution in Gitea

The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution...

7.2CVSS7.9AI score0.93691EPSS
Exploits12References14Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/10 6:30 p.m.46 views

Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations

aimhubio/aim is vulnerable to Cross-Site Request Forgery CSRF, allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboar...

8.8CVSS6.8AI score0.00531EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/18 8:39 p.m.46 views

[TagAwareCipher] - Decryption Failure (Regex Match)

Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...

2.6CVSS6.7AI score0.00328EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/07 10:54 p.m.46 views

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size whichever is larger. Thanks to Enze...

4.3CVSS4.5AI score0.01956EPSS
Exploits0References15Affected Software4
Github Security Blog
Github Security Blog
added 2024/03/04 8:43 p.m.46 views

pgx SQL Injection via Protocol Message Size Overflow

Impact SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. Patches The problem is resolved in v4.18....

9.8CVSS7.2AI score0.01109EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2024/02/29 3:33 a.m.46 views

jose4j denial of service via specifically crafted JWE

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

6.5CVSS6.7AI score0.00879EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/26 8:13 p.m.46 views

Connection leaking on idle timeout when TCP congested

Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed ...

7.5CVSS7.3AI score0.01433EPSS
Exploits0References10Affected Software4
Github Security Blog
Github Security Blog
added 2024/02/26 6:30 p.m.46 views

Rack CORS Middleware has Insecure File Permissions

rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...

9.1CVSS7.2AI score0.00771EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/24 6:31 p.m.46 views

Path traversal vulnerability in Jenkins Matrix Project Plugin

Jenkins Matrix Project Plugin 822.v01b8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins...

4.3CVSS4.4AI score0.00691EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/05 6:30 a.m.46 views

PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

5.9CVSS7.2AI score0.00618EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2023/12/19 3:30 p.m.46 views

Pedroetb TTS-API OS Command Injection

A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as...

9.8CVSS7.9AI score0.02042EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/15 3:30 p.m.46 views

Zip slip in mleap

FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...

9.8CVSS7.1AI score0.01186EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/03 6:30 p.m.46 views

Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation

Kubernetes is vulnerable to privilege escalation when a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy...

8.8CVSS8.9AI score0.02864EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/10/16 2:1 p.m.46 views

OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics

Summary This handler wrapper https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.goL63-L65 out of the box adds labels - http.useragent - http.method that have unbound cardinality. It leads to the server...

7.5CVSS7.2AI score0.01364EPSS
Exploits0References11Affected Software7
Github Security Blog
Github Security Blog
added 2023/10/16 9:30 a.m.46 views

Grafana privilege escalation vulnerability

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and...

7.2CVSS6.6AI score0.01074EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/24 3:30 a.m.46 views

kube-apiserver authentication bypass vulnerability

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...

8CVSS7AI score0.01569EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/21 5:7 p.m.46 views

sudo-rs Session File Relative Path Traversal vulnerability

Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...

8.1CVSS7.7AI score0.00571EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.46 views

Apache Superset Deserialization of Untrusted Data vulnerability

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by t...

6.6CVSS7.1AI score0.29226EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/23 6:30 p.m.46 views

Apache Airflow denial of service vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

8.1CVSS7.8AI score0.01488EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/15 4:13 p.m.46 views

snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

Summary Due to unchecked multiplications, an integer overflow may occur, causing a fatal error. Impact Denial of Service Description The function shuffleint inputhttps://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.javaL107...

7.5CVSS7.2AI score0.01707EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/09 10:41 p.m.46 views

rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS6.2AI score0.00632EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/06 4:40 p.m.46 views

Synapse has improper checks for deactivated users during login

Impact It may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: JSON Web Tokens are enabled for login via the jwtconfig.enabled configuration setting The local password database is enabled via the...

5.4CVSS6.8AI score0.00752EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/06 2:13 p.m.46 views

avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields

Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...

7.3CVSS6.9AI score0.00563EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/12 8:42 p.m.46 views

vm2 Sandbox Escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat...

10CVSS9.7AI score0.03852EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/24 10:4 p.m.46 views

Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/

Summary The vulnerability resides on the Nginx config file: https://github.com/heartexlabs/label-studio/blob/53944e6bcede75ca5c102d655013f2e5238e85e6/deploy/default.confL119 The pattern on location /static indicates a popular misconfiguration on Nginx servers presented in 2018 originally by Orang...

6.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/22 9:23 p.m.46 views

crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

Our use of flate.NewReader does not limit the size of the input. The user could pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possib...

7.5CVSS7.2AI score0.00957EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/22 6:30 a.m.46 views

Jettison vulnerable to infinite recursion

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...

7.5CVSS7.2AI score0.01009EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/06 9:30 p.m.46 views

Moodle vulnerable to Server-Side Request Forgery

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk...

7.5CVSS7.5AI score0.01427EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/03 9:30 p.m.46 views

Opencontainers runc Incorrect Authorization vulnerability

runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue...

7CVSS6.8AI score0.00448EPSS
Exploits1References19Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/01 7:19 p.m.46 views

teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload

Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Versions prior to v0.1.1 are vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...

6.5CVSS6.1AI score0.00536EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/23 9:30 p.m.46 views

Undertow client not checking server identity presented by server certificate in https connections

The undertow client is not checking the server identity presented by the server certificate in https connections. This should be performed by default in https and in http/2...

7.5CVSS7.5AI score0.00596EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/15 3:36 p.m.46 views

High resource usage when parsing multipart form data with many fields

Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form,...

7.5CVSS7.2AI score0.0142EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/20 5:30 p.m.46 views

CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection

Impact The Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. Patches This issue has been fixed in 4.2.12, 4.3.11, 4.4.10 Workarounds Using CakePHP's Pagination library will mitigate this issue, as will...

9.8CVSS9.8AI score0.00858EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/01/06 5:37 p.m.46 views

KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys

Summary The jwt authentication function of kubepi = v1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Details session.go, the use of...

9.8CVSS9.1AI score0.69667EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/30 12:30 p.m.46 views

Apache Kylin vulnerable to Command injection by Useless configuration

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

8.8CVSS8.9AI score0.56844EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/22 6:30 a.m.46 views

liquidjs may leak properties of a prototype

The package liquidjs before 10.0.0 is vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided...

5.3CVSS3.1AI score0.00811EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/06 9:13 p.m.46 views

Passeo uses insecure random number generator

Impact Everyone below v1.0.5 is impacted by this flaw, of confidentiality being at risk due to the passwords being easily able to be guessed with Passeo's use of the random library. It is recommended to change any passwords made with Passeo before v1.0.5 and upgrade to v1.0.5, and v1.0.5 patches...

7.5CVSS7.3AI score0.00791EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/21 11:59 p.m.46 views

Silverstipe CMS Stored XSS in custom meta tags

A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut. This requires CMS access to exploit...

5.4CVSS5.8AI score0.00529EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/21 10:35 p.m.46 views

Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui

Impact Any user logged in or not with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. Patches The problem has been patched in XWiki 13.10.7, 14.5R...

8.2CVSS7.8AI score0.00816EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.46 views

Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

8.1CVSS8.2AI score0.01328EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/09 10:7 p.m.46 views

Istio may allow identity impersonation if user has localhost access

Impact User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Patches 1.15.3 Workarounds No. If using 1.15.2 please upgrade to 1.15.3 or later. References None at this time. For more information If you have any questions or...

7.6CVSS4.7AI score0.00455EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities5000