Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.44 views

Missing Authorization in Jenkins XPath Configuration Viewer Plugin

XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Given appropriate XPath expressions, this page grants access to job configuration XML data...

4.3CVSS4.8AI score0.00557EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/25 7:19 a.m.44 views

CloudCore UDS Server: Malicious Message can crash CloudCore

Impact A malicious message can crash CloudCore by triggering a null-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated...

5.7CVSS5.3AI score0.00614EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/25 12:0 a.m.44 views

Rails::Html::Sanitizer vulnerable to Cross-site Scripting

Versions of Rails::Html::Sanitizer prior to version 1.4.3 are vulnerable to XSS with certain configurations of Rails::Html::Sanitizer which allows an attacker to inject content when the application developer has overridden the sanitizer's allowed tags to allow both select and style elements. Code...

6.1CVSS6.3AI score0.2914EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.44 views

Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...

7.5CVSS7.6AI score0.01478EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/17 10:9 p.m.44 views

Authentication bypass vulnerability in Apple Game Center auth adapter

Impact The certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Patches To prevent this, a new...

8.6CVSS7.4AI score0.00824EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/17 8:51 p.m.44 views

Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0

Impact The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintex...

7.5CVSS7.5AI score0.00634EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/08 12:0 a.m.44 views

Unserialized Pop Chain in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution RCE via an unserialized pop chain in destruct in...

4.1AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/06 10:7 p.m.44 views

containerd CRI plugin: Host memory exhaustion through ExecSync

Impact A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to other...

5.5CVSS6AI score0.00377EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/01 8:25 p.m.44 views

Cross-site Scripting in Filter Stream Converter Application in XWiki Platform

Impact We found a possible XSS vector in the Filter.FilterStreamDescriptorForm wiki page related to pretty much all the form fields printed in the home page of the application. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to...

7.4CVSS5.7AI score0.00921EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:7 p.m.44 views

Missing validation causes denial of service via `Conv3DBackpropFilterV2`

Impact The implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.Conv3DBackpropFilterV2 input=tf.constant.5053710941,...

5.5CVSS6.3AI score0.00317EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/24 10:7 p.m.44 views

Missing validation causes denial of service via `StagePeek`

Impact The implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf index = tf.constant, shape=0, dtype=tf.int32 tf.rawops.StagePeekindex=index,...

5.5CVSS6.3AI score0.00317EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/24 7:20 p.m.44 views

Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption

Chakra Scripting Engine and ChakraCore are vulnerable to memory corruption due to an out-of-bounds write. The Microsoft advisory for CVE-2021-42279 was modified in August 2022 to include Microsoft.ChakraCore as an affected product...

7.5CVSS2.6AI score0.0195EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:2 p.m.44 views

Nokogiri contains libxml Out-of-bounds Write vulnerability

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

8.6CVSS8AI score0.0828EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:39 p.m.44 views

Arbitrary file existence check in file fingerprints in Jenkins

Jenkins provides a feature for jobs to store and track fingerprints of files used during a build. Jenkins 2.274 and earlier, LTS 2.263.1 and earlier provides a REST API to check where a given fingerprint was used by which builds. This endpoint does not fully validate that the provided fingerprint...

4.3CVSS2.9AI score0.01215EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/23 9:13 p.m.44 views

Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v0.7.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be used in...

4.3CVSS1.2AI score0.01051EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/20 12:0 a.m.44 views

gopkg.in/yaml.v3 Denial of Service

An issue in the Unmarshal function in Go-Yaml v3 can cause a program to panic when attempting to deserialize invalid input...

7.5CVSS7.3AI score0.035EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/18 12:0 a.m.44 views

Missing Authorization in Jenkins SSH plugin

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.7AI score0.008EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 5:44 a.m.44 views

Zope Object Database Denial of Service vulnerability

Race condition in ZEO/StorageServer.py in Zope Object Database ZODB before 3.10.0a2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an...

4.3CVSS7.4AI score0.01336EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:17 a.m.44 views

Improper Control of Generation of Code in HawtJNI

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

4.4CVSS4.8AI score0.00594EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:15 a.m.44 views

Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. dot dot in a resource URI...

5CVSS6.3AI score0.25082EPSS
Exploits6References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:13 a.m.44 views

Path Traversal in Eclipse Mojarra

Multiple path traversal flaws where found in Mojarra JSF2 implementation for identifying resources by name or from libraries. An unauthenticated remote attacker can use these flaws to gather otherwise undisclosed information from within an application's root...

5CVSS3.7AI score0.32441EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:25 a.m.44 views

Apache James Privilege Escalation

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...

7.8CVSS7.6AI score0.00759EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:46 a.m.44 views

Django Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...

6.1CVSS5.9AI score0.05536EPSS
Exploits6References21Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:36 a.m.44 views

Pimcore CSRF Vulnerability

Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery CSRF attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings Users / Roles" function...

8.8CVSS6.9AI score0.03338EPSS
Exploits5References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:24 a.m.44 views

ChakraCore RCE Vulnerability

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199...

9.3CVSS8.6AI score0.16305EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:36 a.m.44 views

HashiCorp Consul can use cleartext agent-to-agent RPC communication

HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verifyoutgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade...

5.9CVSS6.9AI score0.01223EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:17 a.m.44 views

Directory Traversal in Apache Tomcat

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct...

5CVSS5.5AI score0.18685EPSS
Exploits1References33Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:0 a.m.44 views

Improper Neutralization of Special Elements used in an LDAP Query in Jenkins

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...

9.8CVSS7.6AI score0.96943EPSS
Exploits5References16Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:54 a.m.44 views

ClassLoader manipulation in Apache Struts

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...

7.5CVSS8.8AI score0.98094EPSS
Exploits6References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:38 a.m.44 views

Incorrect Authorization in Undertow

Undertow before versions 1.4.18.SP1 not findable in Maven, 2.0.2.Final, and 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MI...

5.9CVSS3.4AI score0.02049EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:36 a.m.44 views

Deserialization of Untrusted Data in Jenkins

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs SECURITY-383...

8.8CVSS8.8AI score0.06308EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:27 a.m.44 views

Remote code execution due to insecure deserialization

A flaw was found in the way JBoss RichFaces handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization...

7.5CVSS2.7AI score0.12662EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:20 a.m.44 views

ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542,...

7.6CVSS7AI score0.14159EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:19 a.m.44 views

golang.org/x/net/html NULL Pointer Dereference vulnerability

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

7.5CVSS7.3AI score0.0281EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:14 a.m.44 views

Improper Restriction of XML External Entity Reference in Apache Batik

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...

7.9CVSS7.1AI score0.04118EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.44 views

Improper Neutralization of CRLF Sequences in urllib3 library for Python

In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS8.4AI score0.02056EPSS
Exploits1References18Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.44 views

XML Signature/Encryption Not Validated in Apache CXF

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS4.8AI score0.04112EPSS
Exploits1References18Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.44 views

Loop with Unreachable Exit Condition in Apache CXF

The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service infinite loop via a crafted SAML token in the authorization header of a request to a JAX-RS service...

5CVSS6.9AI score0.07177EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:5 a.m.44 views

Improper Authorization in Jenkins Core

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have...

7.2CVSS3.8AI score0.01619EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.44 views

Cross-Site Request Forgery in Spring Framework

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS6.4AI score0.90455EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.44 views

Apache Flex BlazeDS unsafe deserialization

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

9.8CVSS7.7AI score0.21274EPSS
Exploits4References12Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/13 1:1 a.m.44 views

Missing XML Validation in Apache Xerces2

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

7.1CVSS4.7AI score0.24738EPSS
Exploits0References50Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 12:0 a.m.44 views

Allocation of Resources Without Limits or Throttling in Spring Framework

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...

6.5CVSS4.3AI score0.03126EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/05 12:0 a.m.44 views

Microweber vulnerable to cross-site scripting (XSS)

Microweber is a drag and drop website builder and a powerful next generation CMS. Microweber versions 1.2.15 and prior are vulnerable to cross-site scripting. This could lead to injection of arbitrary JaveScript code, defacement of a page, or stealing cookies. A patch is available on the master...

8.8CVSS2.4AI score0.0125EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/05 12:0 a.m.44 views

MyBatis PageHelper vulnerable to time-blind SQL injection via orderBy parameter

MyBatis PageHelper versions 3.5.x through 5.3.x were discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter...

9.8CVSS4.6AI score0.01656EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 2:4 a.m.44 views

Tomcat Vulnerable to Web Cache Poisoning

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

4.3CVSS6.4AI score0.29784EPSS
Exploits4References35Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/08 12:0 a.m.44 views

Insecure temporary file usage in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

9.1CVSS2AI score0.01737EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.44 views

Cross-site Scripting in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS2.3AI score0.00479EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/01 9:47 p.m.44 views

Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4

Impact This vulnerability might allow remote attackers to bypass the CodeIgniter4 CSRF protection mechanism. Patches Upgrade to v4.1.9 or later. Workarounds These are workarounds for this vulnerability, but you will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF...

8.8CVSS0.7AI score0.00557EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/24 1:9 p.m.44 views

Missing server signature validation in OctoberCMS

Impact This advisory affects authors of plugins and themes listed on the October CMS marketplace where an end-user will inadvertently expose authors to potential financial loss by entering their private license key into a compromised server. It has been disclosed that a project fork of October CM...

5.3CVSS5.1AI score0.00634EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000