Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2022/02/19 12:1 a.m.44 views

Server Side Template Injection in MCMS

MCMS v5.2.5 was discovered to contain a Server Side Template Injection SSTI vulnerability via the Template Management module...

9.1CVSS3.2AI score0.02731EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/18 12:0 a.m.44 views

url-parse Incorrectly parses URLs that include an '@'

A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, url-parse will return the incorrect href. In particular, js parse"http://@/127.0.0.1" Will return: yaml slashes: true, protocol: 'http:', hash: '', query: '', pathname: '/127.0.0.1', auth:...

6.5CVSS6.7AI score0.01535EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/17 12:0 a.m.44 views

Improper Certificate Validation in Hutool

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...

9.8CVSS1.3AI score0.01301EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.44 views

Denial of service in Grafana

The snapshot feature in Grafana before 7.4.2 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. Specific Go Packages Affected github.com/grafana/grafana/pkg/middleware...

7.5CVSS7.5AI score0.83042EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:46 p.m.44 views

Improper file handling in matrix-react-sdk

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

7.8CVSS2.2AI score0.00373EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:45 p.m.44 views

Withdrawn Advisory: OS Command Injection in effect

Withdrawn Advisory This advisory has been withdrawn because the npm package effect, for which alerts were issued, does not correspond with https://github.com/Javascipt/effect, the repository with the vulnerable code. https://github.com/Javascipt/effect is not in any supported ecosystem...

9.8CVSS9.9AI score0.04118EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 12:34 a.m.44 views

`CHECK`-failures in `TensorByteSize` in Tensorflow

Impact A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. cc int64t TensorByteSizeconst TensorProto& t // numelements returns -1 if shape is not fully defined. int64t numelems = TensorShapet.tensorshape.numelements; retur...

6.5CVSS3.7AI score0.00783EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/09 11:55 p.m.44 views

Reachable Assertion in Tensorflow

Impact When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. Patches We have patched the issue in GitHub...

6.5CVSS1.4AI score0.00469EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/09 10:45 p.m.44 views

Prototype Pollution in js-data

All versions of package js-data prior to 3.0.10 are vulnerable to Prototype Pollution via the deepFillIn function...

9.8CVSS8.9AI score0.01959EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 10:37 p.m.44 views

Improper privilege handling in Apache Accumulo

Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and...

8.1CVSS7.8AI score0.03655EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/01 12:51 a.m.44 views

Prototype Pollution in keyget

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...

9.8CVSS5.1AI score0.01678EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/28 11:6 p.m.44 views

Cross-site Scripting in livehelperchat

Stored XSS is found in SettingsLive help configurationPersonal Themestatic content. Under the NAME field put a payload constructor.constructor'alert1' while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed...

7.1CVSS1.1AI score0.00766EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/28 10:8 p.m.44 views

SQL injection in Moodle

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data...

9.8CVSS4.3AI score0.44918EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/27 6:32 p.m.44 views

Server Side Twig Template Injection

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds...

9.8CVSS5.2AI score0.01786EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/26 8:22 p.m.44 views

Cross-Site Request Forgery (CSRF) in livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...

6.5CVSS2.7AI score0.00512EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/14 9:9 p.m.44 views

Improper Privilege Management in shelljs

Impact Output from the synchronous version of shell.exec may be visible to other users on the same system. You may be affected if you execute shell.exec in multi-user Mac, Linux, or WSL environments, or if you execute shell.exec as the root user. Other shelljs functions including the asynchronous...

3.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/13 8:10 p.m.44 views

Cross-site Scripting in django-cms

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

5.4CVSS2.6AI score0.00617EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/13 12:1 a.m.44 views

Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin

Jenkins Credentials Binding Plugin prior to 1.27.1 and 1.24.1 does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file. Credentials...

4.3CVSS4.8AI score0.00852EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/13 12:0 a.m.44 views

CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

4.3CVSS4.7AI score0.26546EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/08 12:43 a.m.44 views

Use of Hard-coded Credentials in Apache Kylin

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

7.5CVSS2.8AI score0.0208EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 9:12 p.m.44 views

Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman

A flaw was found in podman. The podman machine function used to create and manage Podman virtual machine containing a Podman process spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall...

6.5CVSS0.6AI score0.01057EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 8:35 p.m.44 views

Server-side request forgery (SSRF) in Apache Batik

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS3AI score0.13635EPSS
Exploits0References20Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 8:35 p.m.44 views

Cross-site scripting in Apache NiFi

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers...

6.1CVSS5.7AI score0.02813EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 6:37 p.m.44 views

Infinite loop in Apache CFX

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior ...

7.5CVSS4.3AI score0.07024EPSS
Exploits0References17Affected Software2
Github Security Blog
Github Security Blog
added 2021/12/16 3:27 p.m.44 views

Cross Site Request Forgery in mailman

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request using that token to set a new admin password or make other changes...

8.8CVSS2.4AI score0.0073EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/10 8:23 p.m.44 views

Deserialization of Untrusted Data in topthink/framework

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php...

9.8CVSS9AI score0.01841EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/09 7:14 p.m.44 views

Code Injection in jackson-databind

This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...

8.1CVSS8.7AI score0.09346EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/06 6:17 p.m.44 views

Code injection in FreeIPA

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...

8.8CVSS4.5AI score0.06329EPSS
Exploits0References12Affected Software2
Github Security Blog
Github Security Blog
added 2021/11/16 11:40 p.m.44 views

Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.

Withdrawn This advisory has been withdrawn after the maintainers of Laravel noted this issue is not a security vulnerability with Laravel itself, but rather a userland issue. Original CVE based description Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP...

9.8CVSS1.1AI score0.1981EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/10 7:36 p.m.44 views

Crash in `tf.math.segment_*` operations

Impact The implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. python import tensorflow as tf tf.math.segmentmaxdata=np.ones1,10,1, segmentids=1676240524292489355 tf.math.segmentmindata=np.ones1,10,1,...

5.5CVSS1.5AI score0.00205EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2021/10/28 11:14 p.m.44 views

Cross-Site Request Forgery in firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery CSRF...

6.5CVSS6.3AI score0.00512EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/18 7:4 p.m.44 views

CSV Injection Vulnerability

Impact In some circumstances, it was possible to export data in CSV format that could trigger a payload in old versions of Excel. If you are accepting user input from untrusted sources and will be exporting that data in CSV format from element index pages and there is a chance users will open tha...

8.8CVSS0.6AI score0.01329EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/06 5:47 p.m.44 views

Cross-site Scripting in Froala Editor

Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...

6.1CVSS2AI score0.01051EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/06 12:23 a.m.44 views

ASP.NET Core Denial of Service Vulnerability

Withdrawn This advisory was initially published and mapped incorrectly to nuget Microsoft.NETCore.App.Ref. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package. Thus we have withdrawn this advisory. The underlying ASP.NET Core Denial of Service...

7.5CVSS0.4AI score0.05138EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/10 5:54 p.m.44 views

Incorrect handling of H2 GOAWAY + SETTINGS frames

Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. Impact This can lead to a DoS in the presence of untrusted upstream servers. Patches 0.15.1 contains an upgraded envoy binary with this vulnerability patched...

8.6CVSS7.6AI score0.01638EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/08 5:26 p.m.44 views

Arbitrary file upload in Fork CMS

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel...

8.8CVSS5.3AI score0.0121EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 10:0 p.m.44 views

Improper Authentication

Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERRBADSSLCLIENTAUTHCERT should have occurred...

7.5CVSS1.2AI score0.01557EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/01 6:24 p.m.44 views

XSS in Image Optimization API for Next.js

Impact - Affected: All of the following must be true to be affected - Next.js between version 10.0.0 and 11.1.0 - The next.config.js file has images.domains array assigned - The image host assigned in images.domains allows user-provided SVG - Not affected: The next.config.js file has images.loade...

7.5CVSS6.6AI score0.01139EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 5:22 p.m.44 views

Improper Resource Shutdown or Release in TYPO3 extension

Wrong usage of the TYPO3 FAL API results in copies of processed files being saved to the /var/transient/ folder of a TYPO3 website on every frontend request. This can result in Denial of Service, since the webspace may be filled up with image files simply by crafting a large amount of requests to...

7.5CVSS7.2AI score0.00961EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:25 p.m.44 views

Cross-site scripting in imgURL

imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header...

5.4CVSS5.3AI score0.00527EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:16 p.m.44 views

Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20

Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 Vaadin 12.0.0 prior to 14.0.0, 2.0.0 prior to 3.0.0 Vaadin 14.0.0 prior to 14.5.0, 3.0.0 through 4.0.1 Vaadin 15.0.0 through 17.0.11, 14.5.0 through 14.6.7 Vaadin 14.5.0 through 14.6.7, and 18.0.0...

4.3CVSS5AI score0.00594EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:13 p.m.44 views

Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

Impact Data Object CSV import allows formular injection. Patches Problem is patched in 10.1.1 Workarounds Apply https://github.com/pimcore/pimcore/pull/9992.patch References https://cwe.mitre.org/data/definitions/1236.html...

8.8CVSS8.7AI score0.0106EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:57 p.m.44 views

Memory corruption in array-tools

An issue was discovered in the array-tools crate before 0.3.2 for Rust. Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone panics in FixedCapacityDequeLike::clone. This causes memory corruption...

9.8CVSS9AI score0.01119EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:53 p.m.44 views

Uninitialized buffer use in marc

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialize...

7.5CVSS7.2AI score0.01498EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/23 7:42 p.m.44 views

Authenticated server-side request forgery in file upload via URL.

Impact Authenticated server-side request forgery in file upload via URL. Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workaround...

8.8CVSS8.5AI score0.01058EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2021/08/23 7:41 p.m.44 views

Privilege escalation via form generator

Impact It is possible for untrusted users to gain administrator rights with the form generator. Installations are only affected if there are untrusted back end users with access to the form generator. Patches Update to Contao 4.4.56, 4.9.18 or 4.11.7. Workarounds Disable the form generator or...

8CVSS6.9AI score0.01023EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/08/23 7:40 p.m.44 views

JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

Impact Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook. Patches Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21. References OWASP Page on Restricting Form Submissions For more information If you have...

9.6CVSS1AI score0.02638EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/08/05 4:56 p.m.44 views

Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode

TCR is temporarily miscalculated in the batchLiquidateTroves function during Recovery Mode. The bug lies in batchLiquidateTroves of TroveManager. When calculating system's entire collateral, we should also exclude the liquidated trove's surplus collateral, since liquidation closes the trove and...

0.2AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:23 p.m.44 views

Command injection in gitlogplus

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

9.8CVSS6.1AI score0.04025EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:20 p.m.44 views

Incorrect Authorization in TeamPass

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...

7.5CVSS2.7AI score0.01803EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000