Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2024/02/05 9:30 p.m.44 views

m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

7.5CVSS6.4AI score0.01727EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/24 6:31 p.m.44 views

Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin

GitLab allows sharing a project with another group. Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group. This allows attackers to configure and share a project, resulting in a crafted Pipeline being...

6.5CVSS6.2AI score0.00458EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/19 8:28 p.m.44 views

JupyterLab vulnerable to potential authentication and CSRF tokens leak

Impact Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server version. Patches JupyterLab 4.1.0b2, 4.0.11, and 3.6.7 were patched. Workarounds No workaround has been identified, however users...

7.6CVSS6.7AI score0.00665EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2024/01/09 4:18 p.m.44 views

Parsing JSON serialized payload without protected field can lead to segfault

Summary Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. Details This seems to also affect other functions that calls Parse internally, like jws.Verify. My understanding of these functions from t...

7.5CVSS7AI score0.00864EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2023/12/11 12:30 a.m.45 views

Header spoofing in caddy-geo-ip

The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...

6.5CVSS6.8AI score0.00655EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/16 6:30 p.m.44 views

Ray OS Command Injection vulnerability

A command injection exists in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication...

9.8CVSS7.7AI score0.7463EPSS
Exploits15References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 9:14 p.m.44 views

XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages

Impact When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this...

9CVSS7.8AI score0.00623EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/10/24 7:20 p.m.44 views

Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF

Summary The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. It is possibl...

8.6CVSS6.7AI score0.00514EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/10/19 4:13 p.m.44 views

Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context

Related issue & discussion: - https://github.com/ArchiveBox/ArchiveBox/issues/239 - https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overviewpublishing - https://github.com/ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archivesecurity-concerns Impact Any users who save untrusted URLs and view...

6.4CVSS6.3AI score0.00674EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/29 6:30 p.m.44 views

Apache Avro Java SDK vulnerable to Improper Input Validation

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.5CVSS7.5AI score0.01772EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/28 4:26 p.m.44 views

PrestaShop allows employee without any access rights to list all installed modules

Impact In BO, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights Patches Fixed on 8.1.2 Workarounds References...

4.3CVSS6.9AI score0.00394EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/21 5:11 p.m.44 views

CefSharp affected by heap buffer overflow in WebP

Google is aware that an exploit for CVE-2023-4863 exists in the wild. Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical References -...

8.8CVSS8.5AI score0.99735EPSS
Exploits9References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/08/18 9:50 p.m.44 views

Puma HTTP Request/Response Smuggling vulnerability

Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: Incorrect parsing of trailing fields in...

9.8CVSS6.9AI score0.00738EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/09 1:18 p.m.44 views

libp2p nodes vulnerable to attack using large RSA keys

Impact A malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extensio...

7.5CVSS6.7AI score0.01084EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/09 1:4 p.m.44 views

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to...

7.5CVSS6.7AI score0.02563EPSS
Exploits0References4Affected Software8
Github Security Blog
Github Security Blog
added 2023/08/05 9:30 a.m.44 views

Apache Airflow Execution with Unnecessary Privileges

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...

8.8CVSS8.8AI score0.0236EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/28 3:34 p.m.44 views

Denial of service from unlimited password lengths

TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities...

7.5CVSS7.2AI score0.01028EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/28 3:30 p.m.44 views

SQL injection in jeecg-boot

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

9.8CVSS8.3AI score0.72043EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/07 6:46 p.m.44 views

Pipelines do not validate child UIDs

Summary Pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. We should add UID to PipelineRun status and validate that child Run status/results only come from Runs...

4.3CVSS6.7AI score0.00376EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/05 9:35 p.m.44 views

MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

Summary A malicious web server can read arbitrary files on the client using a inside HTML form. Details This affects the extremely common pattern of form submission: python b = mechanicalsoup.StatefulBrowser b.selectform... b.submitselected The problem is with the code in...

7.5CVSS6.6AI score0.01082EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/07 3:30 p.m.44 views

Apache Airflow Hive Provider vulnerable to code injection

Apache Software Foundation's Apache Airflow Hive Provider before 6.0.0 is vulnerable to improper control of generation of code...

9.8CVSS9AI score0.02765EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/30 3:30 a.m.44 views

HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File

HashiCorp Vault and Vault Enterprise versions 0.8.0 until 1.13.1 are vulnerable to an SQL injection attack when using the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin, certain parameters are required to establish a connection schema, database, and table are not...

6.7CVSS7.2AI score0.00378EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/15 9:36 p.m.44 views

Possible XSS Security Vulnerability in SafeBuffer#bytesplice

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...

5.3CVSS3.4AI score0.00907EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/17 9:30 p.m.44 views

Moodle Cross-site Scripting vulnerability

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable...

6.1CVSS6.1AI score0.00815EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/17 1:59 p.m.44 views

Uncontrolled Resource Consumption in golang.org/x/image

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service...

5.5CVSS5.6AI score0.00309EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/28 1:17 a.m.44 views

Improper neutralization of `noscript` element content may allow XSS in Sanitize

Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize = 5.0.0, = 6.0.1 always removes noscript elements and their contents, even when noscript is in the allowlist. Workarounds Users who are unable to upgrade can prevent this issue by using one of...

6.1CVSS5.6AI score0.00525EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/25 7:36 p.m.44 views

Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster

Impact An issue was discovered in Rancher where an authorization logic flaw allows an authenticated user on any downstream cluster to 1 open a shell pod in the Rancher local cluster and 2 have limited kubectl access to it. The expected behavior is that a user does not have such access in the...

8.8CVSS0.3AI score0.0047EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/09 2:10 p.m.44 views

Luxon Inefficient Regular Expression Complexity vulnerability

Impact Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to ReDoS attacks. This is the same bug as Moment's...

7.5CVSS7.5AI score0.01707EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/30 6:3 p.m.44 views

Path Traversal In MeterSpere leads to upload file to any path

Summary MeterSphere allow users to upload file, but not check the file name, may lead to upload file to any path if the file name in upload request is falsified. Details Metersphere's FileUtils.java didn't check the filePath. java public static void createFileString filePath, byte fileBytes File...

8.8CVSS8.5AI score0.00717EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/26 9:30 a.m.44 views

php-mod/curl allows Cross-site Scripting

php-mod/curl a wrapper of the PHP cURL extension before 2.3.2 allows XSS via the postfilepathupload.php key parameter and the POST data to postmultidimensional.php...

6.1CVSS3.5AI score0.01261EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/22 12:30 p.m.44 views

Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...

9.8CVSS9.3AI score0.01388EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/22 3:33 a.m.45 views

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

Overview Versions =8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm...

6.3CVSS1.9AI score0.00753EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/22 3:32 a.m.44 views

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

Overview In versions =8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Am I affected? You will be affected if all the followi...

7.6CVSS7AI score0.00532EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/15 9:30 p.m.44 views

FeehiCMS Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...

5.4CVSS5.4AI score0.00506EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/13 5:51 p.m.44 views

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This is due to an incomplete fix of CVE-2022-32209. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of...

6.1CVSS6.3AI score0.2914EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/23 9:30 p.m.44 views

Password exposure in H2 Database

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS7.3AI score0.00301EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/22 9:30 p.m.44 views

Code injection in quarkus dev ui config editor

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

9.8CVSS9.3AI score0.32516EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/14 12:0 p.m.44 views

Pillow subject to DoS via SAMPLESPERPIXEL tag

Pillow starting with 9.2.0 and prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when setting up the context for image decoding. This issue has been patched in version 9.3.0...

7.5CVSS7.2AI score0.01102EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/25 7:56 p.m.44 views

Improper Control of Generation of Code ('Code Injection') in Azure CLI

Description In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. For example: Application X is a web application wi...

9.8CVSS10AI score0.03207EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/26 12:0 a.m.44 views

Dompdf allows remote file inclusion because URI validation failure does not halt font registration

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.3AI score0.04173EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/23 12:0 a.m.44 views

Apache Batik Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...

5.3CVSS6.3AI score0.02017EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2022/09/21 9:33 p.m.44 views

python-jwt vulnerable to token forgery with new claims

Impact An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Patches Users should upgrade to version...

9.1CVSS8.6AI score0.0366EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 10:12 p.m.44 views

TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp`

Impact The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. python import numpy as np import tensorflow as tf id is not scalar tf.rawops.UnbatchGradoriginalinput= tf.constant1,batchindex=tf.constant0,0,0 ...

7.5CVSS7.5AI score0.00558EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2022/09/16 5:17 p.m.44 views

nftables binding to an already bound chain

Impact An issue was discovered in net/netfilter/nftablesapi.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain. Affected by this vulnerability is the function nftverdictinit of the file net/netfilter/nftablesapi.c. The manipulation with an unknown input...

5.5CVSS0.7AI score0.00308EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 5:17 p.m.44 views

Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM

Impact A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing ...

7CVSS0.3AI score0.002EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/15 3:34 a.m.44 views

Netmaker vulnerable to Insufficient Granularity of Access Control

Impact Improper Authorization functions leads to non-privileged users running privileged API calls. If you have added users to your Netmaker platform who whould not have admin privileges, they could use their auth token to run admin-level functions via the API. In addition, differing response cod...

8.8CVSS8.2AI score0.00702EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/30 8:54 p.m.44 views

Broken Authorization in ZITADEL Actions

Impact Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions, for example, allow creating authorizations user grants on...

8.8CVSS8.4AI score0.00788EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/29 5:34 p.m.44 views

Cross-site scripting from dynamic options in the multiselect field

Introduction Cross-site scripting XSS is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such...

5.9CVSS5.8AI score0.00694EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/18 7:2 p.m.44 views

Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type

Impact = [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await...

5.3CVSS6.3AI score0.01203EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/11 2:49 p.m.44 views

Django vulnerable to Reflected File Download attack

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...

8.8CVSS8.4AI score0.00657EPSS
Exploits0References14Affected Software1
Total number of security vulnerabilities5000