Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2021/11/08 5:40 p.m.45 views

Prototype Pollution in json-pointer

This affects versions of package json-pointer up to and including 0.6.1. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays...

9.8CVSS4.8AI score0.01813EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/21 5:46 p.m.45 views

Privilege Defined With Unsafe Actions in Keycloak

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

7.2CVSS4AI score0.01153EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/18 7:44 p.m.45 views

Cross Site Request Forgery in kindeditor

Cross Site Request Forgery CSRF vulnerability exists in KindEditor 4.1.x. First, you upload an html file containing csrf on the website that uses a google editor, you only need to search in google: inurl:/examples/uploadbutton.html and then use the authority of this website to trick users into...

8.8CVSS0.9AI score0.00957EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/06 5:48 p.m.45 views

Improper Input Validation in Jakarta Expression Language

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

5.3CVSS4.5AI score0.02132EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/10/06 5:48 p.m.45 views

Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

9.8CVSS9.6AI score0.02603EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/06 5:47 p.m.45 views

Open Redirect in Apache Superset

Apache Superset prior to 1.1.0 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link...

6.1CVSS2.7AI score0.63768EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2021/09/30 8:50 p.m.45 views

CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

8.8CVSS3.6AI score0.01051EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/22 5:34 p.m.45 views

SQL Injection in Django

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application...

9.8CVSS9.7AI score0.44369EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/09 5:10 p.m.45 views

Cross-Site Request Forgery in sqlite-web

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Reques...

8.8CVSS4.9AI score0.00477EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 5:16 p.m.45 views

OS Command Injection in Centreon

/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabasepath parameter...

9CVSS9AI score0.03826EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 4:51 p.m.45 views

Parse Server crashes with query parameter

Impact Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. Patches Upgrade to Parse Server 4.10.3...

7.5CVSS7.2AI score0.01819EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:25 p.m.45 views

Improper Restriction of XML External Entity Reference in Quokka

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...

9.8CVSS9.5AI score0.02771EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:14 p.m.45 views

Command injection in mail agent settings

Impact Command injection in mail agent settings Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older versions of...

9.8CVSS9.1AI score0.02359EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2021/08/25 2:44 p.m.45 views

Null pointer dereference and heap OOB read in operations restoring tensors

Impact When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer: python import tensorflow as tf tf.rawops.Restore filepattern='/tmp', tensorname=, defaultvalue=21, dt=tf.int, preferredshard=1 The same undefined behavior c...

8.4CVSS7.5AI score0.00173EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/05 4:57 p.m.45 views

Storage corruption due to variables overwritten by re-entrancy locks

Background When attempting to use the v0.2.14 release, @pandadefi discovered an issue using the @nonreentrant decorator. Impact Reentrancy protection storage slots get allocated to the same slots as storage variables, leading to the corruption of storage variables when using the @nonreentrant...

3.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 11:16 p.m.45 views

Prototype pollution vulnerability in js-extend

Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS6.9AI score0.02961EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/01 9:17 p.m.45 views

Improper Verification of Cryptographic Signature in aws-encryption-sdk

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

0.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/01 9:17 p.m.45 views

Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 4:22 p.m.45 views

Import loops in account imports, nats-server DoS

This advisory is canonically Problem Description An export/import cycle between accounts could crash the nats-server, after consuming CPU and memory. This issue was fixed publicly in in November 2020. The need to call this out as a security issue was highlighted by snyk.io and we are grateful for...

7.5CVSS1.3AI score0.03658EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.45 views

Division by zero in TFLite's implementation of `DepthwiseConv`

Impact The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero error: cc int numinputchannels = SizeOfDimensioninput, 3; TFLITEENSUREEQcontext, numfilterchannels % numinputchannels, 0; An attacker can craft a model such that input's fourth dimension would be 0...

5.5CVSS2.5AI score0.00189EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:21 p.m.45 views

Session operations in eager mode lead to null pointer dereferences

Impact In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference: python import tensorflow as tf tf.rawops.GetSessionTensorhandle='\x12\x1a\x07',dtype=4 python import tensorflo...

7.8CVSS1.2AI score0.00201EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/18 9:8 p.m.45 views

Integer overflow in github.com/gorilla/websocket

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

7.5CVSS7.3AI score0.02103EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:47 p.m.45 views

Cross-site scripting in Joplin

Joplin allows XSS via a LINK element in a note...

6.1CVSS5.7AI score0.03027EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:38 p.m.45 views

Duplicate Advisory: "Arbitrary code execution in socket.io-file"

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6495-8jvh-f28x. This link is maintained to preserve external references. Original Description "The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows...

7.8CVSS7.9AI score0.02096EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:37 p.m.45 views

OS Command Injection in pomelo-monitor

pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params...

9.8CVSS9.5AI score0.02121EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 3:36 p.m.45 views

Command Injection in @theia/messages

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.1CVSS2.1AI score0.00776EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 3:18 p.m.45 views

Server-Side Request Forgery in Apache Solr

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

9.8CVSS3.5AI score0.93053EPSS
Exploits5References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 3:53 p.m.45 views

Missing Release of Memory after Effective Lifetime in Apache Tika

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade ...

5.5CVSS6.6AI score0.0255EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 4:10 p.m.45 views

Path traversal in url-parse

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

5.3CVSS1.6AI score0.01964EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 3:45 p.m.45 views

Options structure open to Cross-site Scripting if passed unfiltered

Impact In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. Especially when using the useHTML flag, HTML string options would be...

7.6CVSS5.5AI score0.00867EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 3:27 p.m.45 views

Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 Vaadin 14.0.3 through Vaadin 14.5.2, 3.0 prior to 6.0 Vaadin 15 prior to 19, and 6.0.0 through 6.0.5 Vaadin 19.0.0 through 19.0.4 allows local users to inject malicious code...

7.8CVSS1.7AI score0.00231EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:25 p.m.45 views

Cross-site scripting in SocksJS-node

htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c aka callback parameter...

6.1CVSS5.8AI score0.01886EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:24 p.m.45 views

Code Injection in script-manager

An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...

9.8CVSS9.4AI score0.02943EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:23 p.m.45 views

Uncontrolled Resource Consumption in rdf-graph-array

rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype...

5.3CVSS2.3AI score0.01045EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:21 p.m.45 views

Exposure of Resource to Wrong Sphere in valib

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

7.5CVSS1.7AI score0.01404EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:17 p.m.45 views

OS Command Injection in lsof

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

9.8CVSS4AI score0.02642EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:42 p.m.46 views

Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

5.4CVSS2.8AI score0.01277EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 11:47 p.m.45 views

Null characters not escaped

Impact Anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a null character into the payload. For example on Windows: javascript const cp = require"childprocess"; const shescape = require"shescape"; const nullCh...

7.8CVSS2.2AI score0.00573EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/03 2:23 a.m.45 views

User content sandbox can be confused into opening arbitrary documents

Impact The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets. Patches This has bee...

4.3CVSS1.9AI score0.00922EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/13 6:26 p.m.45 views

Persistent XSS in shopping worlds

Impact Persistent XSS in shopping worlds Patches We recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/27 8:30 p.m.45 views

systeminformation command injection vulnerability

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.27.11 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite References Are there any links use...

8.8CVSS8.6AI score0.05708EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/02 4:33 p.m.45 views

Potential access control security issue in apollo-adminservice

Impact If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have built-in access control. Malicious hackers may access apollo-adminservice apis directly to access/edit...

7CVSS2.6AI score0.01315EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 9:12 p.m.45 views

Denial of Service in mongodb

Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application. Recommendation Upgrade to version 3.1.13 or later...

3.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 9:18 p.m.45 views

Missing Origin Validation in browserify-hmr

Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

7.5CVSS4.7AI score0.01691EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 3:25 p.m.45 views

Cross-Site Scripting in dojo

Affected versions of dojo are susceptible to a cross-site scripting vulnerability in the dijit.Editor and textarea components, which execute their contents as Javascript, even when sanitized. Recommendation Update to version 1.1.0 or later...

4.3CVSS5.8AI score0.01082EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/05 2:53 p.m.45 views

Prototype Pollution in express-fileupload

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution...

9.8CVSS3.9AI score0.04762EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/29 6:7 p.m.45 views

Remote code execution in turn extension for TYPO3

The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution...

8.8CVSS3.1AI score0.01924EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 9:52 p.m.45 views

Buffer overflow in Pillow

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c...

7.8CVSS7.5AI score0.01129EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/24 8:10 p.m.45 views

Improper Input Validation in sails-hook-sockets

Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...

7.5CVSS4.8AI score0.01769EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/30 4:5 p.m.45 views

ECDSA signature vulnerability of Minerva timing attack in jsrsasign

Impact ECDSA side-channel attack named Minerava have been found and it was found that it affects to jsrsasign. Execution time of thousands signature generation have been observed then EC private key which is scalar value may be recovered since point and scalar multiplication time depends on bits ...

1.7AI score
Exploits0References8Affected Software1
Total number of security vulnerabilities5000