Lucene search
K
GithubMost viewed

33190 matches found

Github Security Blog
Github Security Blog
•added 2021/11/23 6:18 p.m.•46 views

Password exposure in concrete5/core

Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...

7.5CVSS3.3AI score0.01075EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/11/08 5:55 p.m.•46 views

Prototype Pollution in dotty

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...

9.8CVSS2.7AI score0.01242EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/21 5:50 p.m.•46 views

Prototype Pollution in x-assign

This vulnerability affects all versions of package x-assign. The global proto object can be polluted using the proto object...

9.8CVSS4.3AI score0.015EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/21 5:49 p.m.•46 views

Cross-site Scripting in snipe-it

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS6.2AI score0.00764EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/12 6:42 p.m.•46 views

Cross-site Scripting in SilverStripe Framework

SilverStripe Framework through 4.8.1 allows XSS...

6.1CVSS6.3AI score0.00793EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/12 5:51 p.m.•46 views

Cross-site scripting in Unicorn framework

The Unicorn framework through 0.35.3 for Django allows XSS via component.name...

5.4CVSS3.2AI score0.02524EPSS
Exploits4References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/06 5:46 p.m.•46 views

BuddyPress privilege escalation via REST API

Impact It's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the BuddyPress REST API members endpoint. Patches The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitiga...

9CVSS3.4AI score0.13882EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/05 8:24 p.m.•46 views

URL Redirection to Untrusted Site ('Open Redirect') in fastify-static

Impact A redirect vulnerability in the fastify-static module allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e. The issue shows up on all the fastify-static applications that set...

6.1CVSS2.1AI score0.01132EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/05 8:23 p.m.•46 views

Improper escaping of command arguments on Windows leading to command injection

Impact Windows users running Composer to install untrusted dependencies are affected and should definitely upgrade for safety. Other OSs and WSL are not affected. Patches 1.10.23 and 2.1.9 fix the issue Workarounds None...

9.8CVSS3.9AI score0.02904EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/23 11:17 p.m.•46 views

Remote Code Execution in Halibut

In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification...

10CVSS6.5AI score0.0228EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/22 5:34 p.m.•46 views

SQL Injection in Django

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application...

9.8CVSS9.7AI score0.44369EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/20 8:45 p.m.•46 views

Remote code execution in UReport

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code...

9.8CVSS9.4AI score0.01781EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/02 5:17 p.m.•46 views

Path traversal in atlasboard

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. PoC javascript const widget = require"atlasboard/lib/webapp/routes/widget"; // Mock req and res const req = ; const res = sendFile:...

7.5CVSS7.4AI score0.01669EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/02 5:9 p.m.•46 views

Cross-site Request Forgery (CSRF) in joplin

The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery CSRF due to missing CSRF checks in various forms...

8.8CVSS3.7AI score0.00403EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/30 4:23 p.m.•46 views

Cross Site Scripting (XSS) in Quokka

Cross Site Scripting XSS in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'...

6.1CVSS6.5AI score0.01312EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/25 8:45 p.m.•46 views

Null pointer deference in openssl-src

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

7.5CVSS7.4AI score0.53336EPSS
Exploits2References35Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/25 2:49 p.m.•46 views

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

firefly-iii is vulnerable to Cross-Site Request Forgery CSRF...

4.3CVSS5.1AI score0.00405EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/25 2:44 p.m.•46 views

Null pointer dereference in `CompressElement`

Impact It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement: python import tensorflow as tf tf.rawops.CompressElementcomponents= The implementation was accessing the size of a buffer obtained from the return of a separate...

7.7CVSS6.1AI score0.0016EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/08/25 2:44 p.m.•46 views

Integer division by 0 in sparse reshaping

Impact The implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception: python import tensorflow as tf tf.rawops.SparseReshape inputindices = np.ones1,3, inputshape = np.array1,1,0, newshape = np.array1,0 The implementation calls the reshaping functor...

5.5CVSS6.1AI score0.00152EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/08/25 2:43 p.m.•46 views

Null pointer dereference in `MatrixDiagPartOp`

Impact If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first: python import tensorflow as tf tf.rawops.MatrixDiagPartV2...

7.7CVSS7.2AI score0.0016EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/08/25 2:43 p.m.•46 views

Integer overflow due to conversion to unsigned

Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad...

5.5CVSS6.1AI score0.00152EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/08/25 2:42 p.m.•46 views

Reference binding to nullptr in `MatrixDiagV*` ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV: python import tensorflow as tf tf.rawops.MatrixDiagV3 diagonal=1,0, k=, numrows=1,2,3, numcols=4,5, paddingvalue=, align='RIGHTRIGHT' The implementation has...

7.8CVSS7.6AI score0.00167EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/08/25 2:41 p.m.•46 views

Incomplete validation in `MaxPoolGrad`

Impact An attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation: python import tensorflow as tf tf.rawops.MaxPoolGrad originput = tf.constant, shape=3, 0, 0, 2, dtype=tf.float32, origoutput = tf.constant, shape=3, 0, 0, 2,...

5.5CVSS6.5AI score0.00179EPSS
Exploits0References8Affected Software3
Github Security Blog
Github Security Blog
•added 2021/08/05 4:57 p.m.•46 views

Storage corruption due to variables overwritten by re-entrancy locks

Background When attempting to use the v0.2.14 release, @pandadefi discovered an issue using the @nonreentrant decorator. Impact Reentrancy protection storage slots get allocated to the same slots as storage variables, leading to the corruption of storage variables when using the @nonreentrant...

3.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/29 9:25 p.m.•46 views

Cross-site scripting in Dutchcoders transfer.sh

Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view...

6.1CVSS4.2AI score0.01009EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/29 9:13 p.m.•46 views

Denial of service in geth

Impact Denial-of-service crash during block processing Details Affected versions suffer from a vulnerability which can be exploited through the MULMOD operation, by specifying a modulo of 0: mulmoda,b,0, causing a panic in the underlying library. The crash was in the uint256 library, where a buff...

7.5CVSS7.5AI score0.01462EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
•added 2021/06/21 5:9 p.m.•46 views

Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

Impact If a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room m.room.create...

6.5CVSS0.6AI score0.00936EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/16 5:11 p.m.•46 views

Missing Authorization in Jenkins Kubernetes CLI Plugin

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.9AI score0.0164EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/15 4:10 p.m.•46 views

Insufficiently random values in Ansible

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords a...

5.5CVSS2.4AI score0.00435EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/07 9:47 p.m.•46 views

Reflected cross-site scripting issue in Datasette

Impact The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as...

7.2CVSS0.2AI score0.0096EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/01 9:18 p.m.•46 views

Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

0.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/24 4:58 p.m.•46 views

Denial of service in direct_mail

The directmail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries...

5.3CVSS3.6AI score0.01279EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/21 4:26 p.m.•46 views

RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

Impact A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumericint and CryptoRandomAlphaNumericint are not as random as they should be. Small values of int in the functions above will return a smaller subs...

9.1CVSS5.3AI score0.01319EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/21 2:28 p.m.•46 views

Stack overflow in `ParseAttrValue` with nested tensors

Impact The implementation of ParseAttrValue can be tricked into stack overflow due to recursion by giving in a specially crafted input. Patches We have patched the issue in GitHub commit e07e1c3d26492c06f078c7e5bf2d138043e199c1. The fix will be included in TensorFlow 2.5.0. We will also cherrypic...

5.5CVSS4.2AI score0.00204EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/21 2:27 p.m.•46 views

Division by zero in TFLite's implementation of `EmbeddingLookup`

The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero error: cc const int rowsize = SizeOfDimensionvalue, 0; const int rowbytes = value-bytes / rowsize; An attacker can craft a model such that the first dimension of the value input is 0. Patches We have...

7.8CVSS3.9AI score0.00201EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/21 2:26 p.m.•46 views

Null pointer dereference in TFLite's `Reshape` operator

Impact The fix for CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability allowed passing a null-buffer-backed tensor with a 1D shape: cc if tensor-data.raw == nullptr && tensor-bytes 0 if...

7.8CVSS0.6AI score0.008EPSS
Exploits2References8Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/21 2:26 p.m.•46 views

Division by zero in TFLite's implementation of `TransposeConv`

Impact The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error: cc int heightcol = height + padt + padb - filterh / strideh + 1; int widthcol = width + padl + padr - filterw / stridew + 1; An attacker can craft a model such that strideh,w values...

7.8CVSS1.2AI score0.00201EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/18 6:36 p.m.•46 views

XWiki users registered with email verification can self re-activate their disabled accounts

Impact A user disabled on a wiki using email verification for registration can re-activate himself by using the activation link provided for his registration. Patches The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. Workarounds It's possible to...

8.8CVSS0.6AI score0.01132EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 6:38 p.m.•46 views

Prototype Pollution in simpl-schema

This affects the package simpl-schema before 1.10.2. Attacker controlled input into a schema could result in remote code execution within the scope of the surrounding application...

7.5CVSS7.8AI score0.01512EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 6:37 p.m.•46 views

Arbitrary Code Execution in shiba

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load of the package js-yaml instead of its secure replacement , safeLoad...

8.3CVSS8.3AI score0.01552EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 6:37 p.m.•46 views

Prototype Pollution in bmoor

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...

9.8CVSS8.9AI score0.01469EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 3:18 p.m.•46 views

Server-Side Request Forgery in Apache Solr

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

9.8CVSS3.5AI score0.93053EPSS
Exploits5References14Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/07 3:53 p.m.•46 views

Improper Authentication in Apache Shiro

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS9AI score0.24163EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/07 3:52 p.m.•46 views

SQL Injection in odata4j

odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued...

9.8CVSS3AI score0.01365EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
•added 2021/05/06 6:12 p.m.•46 views

Prototype Pollution in node-oojs

All versions of package node-oojs up to and including version 1.4.0 are vulnerable to Prototype Pollution via the setPath function...

9.8CVSS9AI score0.01916EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 6:12 p.m.•46 views

Prototype Pollution in locutus

All versions of package locutus prior to version 2.0.12 are vulnerable to Prototype Pollution via the php.strings.parsestr function...

9.8CVSS9AI score0.02753EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 6:12 p.m.•46 views

Prototype Pollution in dot-notes

All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function...

9.8CVSS9AI score0.01916EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/30 5:29 p.m.•46 views

Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...

6.5CVSS6.7AI score0.10214EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/19 2:46 p.m.•46 views

Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...

8.6CVSS4.2AI score0.02382EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/16 7:52 p.m.•46 views

JavaScript execution via malicious molfiles (XSS)

Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...

6.1CVSS2.5AI score0.00566EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000