Lucene search
K
GithubMost viewed

33181 matches found

Github Security Blog
Github Security Blog
•added 2022/07/28 12:0 a.m.•43 views

Missing permission check in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS6.5AI score0.00668EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/11 9:4 p.m.•43 views

KubeEdge CloudCore Router memory exhaustion vulnerability

Impact The CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes ...

6.5CVSS6.1AI score0.00652EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/07 8:55 p.m.•43 views

Jetty invalid URI parsing may produce invalid HttpURI.authority

Description URI use within Jetty's HttpURI class can parse invalid URIs such as http://localhost;/path as having an authority with a host of localhost;. A URIs of the type http://localhost;/path should be interpreted to be either invalid or as localhost; to be the userinfo and no host. However,...

4CVSS5.5AI score0.01173EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/28 12:0 a.m.•43 views

Apache Tika contains incomplete fix for regex DoS

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1...

3.3CVSS5.6AI score0.01892EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/25 7:21 a.m.•44 views

Salt's PAM auth fails to reject locked accounts

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

8.8CVSS4.4AI score0.01878EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/25 12:0 a.m.•43 views

Rails::Html::Sanitizer vulnerable to Cross-site Scripting

Versions of Rails::Html::Sanitizer prior to version 1.4.3 are vulnerable to XSS with certain configurations of Rails::Html::Sanitizer which allows an attacker to inject content when the application developer has overridden the sanitizer's allowed tags to allow both select and style elements. Code...

6.1CVSS6.3AI score0.2914EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/24 12:0 a.m.•43 views

SpEL Injection in Spring Data MongoDB

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9.8CVSS3.9AI score0.16903EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/03 12:0 a.m.•43 views

Server-Side Template Injection in formio

A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and on...

9.8CVSS9.9AI score0.02177EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 10:16 p.m.•43 views

Core dump when loading TFLite models with quantization in TensorFlow

Impact Certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling...

5.5CVSS6.3AI score0.00316EPSS
Exploits1References10Affected Software3
Github Security Blog
Github Security Blog
•added 2022/05/24 10:11 p.m.•43 views

Integer overflow in `SpaceToBatchND`

Impact The implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: python import tensorflow as tf input = tf.constant-3.5e+35, shape=10,19,22, dtype=tf.float32 blockshape = tf.constant-1879048192, shape=2, dtype=tf.int64...

5.5CVSS6.3AI score0.00332EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
•added 2022/05/24 5:48 p.m.•43 views

Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds

Jenkins CloudBees CD Plugin does not perform a permission check in an HTTP endpoint. This allows attackers with Item/Read permission to schedule builds of projects without having Item/Build permission. Jenkins CloudBees CD Plugin requires Item/Build permission to schedule builds via its HTTP...

4.3CVSS4.8AI score0.01456EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 5:7 p.m.•43 views

Undertow vulnerable to Uncontrolled Resource Consumption

A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

7.5CVSS2.5AI score0.0212EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 4:51 p.m.•43 views

Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user...

5.9CVSS6.2AI score0.01008EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/17 5:17 a.m.•43 views

User confusion in IronJacamar

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS7AI score0.0141EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/17 4:45 a.m.•43 views

Pillow command injection

Python Image Library PIL 1.1.7 and earlier and Pillow before 2.5.0 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py...

10CVSS7.9AI score0.12055EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/17 4:12 a.m.•43 views

Improper Input Validation in Drools and jBPM

XML external entity XXE vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file...

7.5CVSS6.8AI score0.02655EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
•added 2022/05/14 3:10 a.m.•43 views

Cross-site Scripting in JavaMelody

JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...

6.1CVSS3.3AI score0.00707EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:53 a.m.•43 views

Apache XML-RPC XXE Vulnerability

XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD...

9.3CVSS6.9AI score0.08275EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:37 a.m.•43 views

Missing Cryptographic Step in OWASP Enterprise Security API for Java

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

5.8CVSS4.8AI score0.01655EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:10 a.m.•43 views

Uncontrolled Resource Consumption in Apache Tomcat

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service thread consumption via a series of aborted uploa...

7.8CVSS6.1AI score0.20318EPSS
Exploits0References45Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:4 a.m.•43 views

Improper Input Validation in Jenkins

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...

7.8CVSS5.4AI score0.35927EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:0 a.m.•43 views

Improper Neutralization of Special Elements used in an LDAP Query in Jenkins

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...

9.8CVSS7.6AI score0.96943EPSS
Exploits5References16Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:47 a.m.•43 views

Cross-origin Resource Sharing bypass in ASP.NET Core

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing CORS configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability"...

7.5CVSS3.8AI score0.10485EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2022/05/13 1:42 a.m.•43 views

Contao Core directory traversal vulnerability

A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server...

8.8CVSS7AI score0.01962EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
•added 2022/05/13 1:38 a.m.•43 views

Keycloak CSRF Vulnerability

It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks...

7.5CVSS6.5AI score0.02405EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:22 a.m.•43 views

Improper Access Control in MySQL Connector Python

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connector...

8.1CVSS5.8AI score0.02518EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:14 a.m.•43 views

Improper Restriction of XML External Entity Reference in Apache Batik

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...

7.9CVSS7.1AI score0.04118EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:2 a.m.•43 views

Cross-Site Request Forgery in Spring Framework

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS6.4AI score0.90455EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:1 a.m.•43 views

Deserialization of Untrusted Data in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...

9.8CVSS3.4AI score0.99686EPSS
Exploits36References10Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/05 12:29 a.m.•43 views

Features file injection vulnerability

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

5.4CVSS3.9AI score0.0081EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/03 12:0 a.m.•44 views

GeoServer allows SSRF via the option for setting a proxy host

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

7.5CVSS3.1AI score0.18925EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/01 6:32 p.m.•43 views

JULI logging component in Apache Tomcat does not restrict certain permissions for web applications

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...

6.4CVSS7AI score0.05156EPSS
Exploits1References39Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/08 9:59 p.m.•43 views

Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx

Impact Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. Patches This issue has been patched ...

8.1CVSS1.3AI score0.00792EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/07 10:10 p.m.•43 views

Smokescreen SSRF via deny list bypass

The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional e.g., external URLs by way of...

5.8CVSS2.8AI score0.00894EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/05 12:0 a.m.•43 views

Path Traversal in Caucho Resin

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request...

7.5CVSS5.4AI score0.14115EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/25 7:27 p.m.•43 views

Open Redirect in Flask-AppBuilder

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 3.4.5 contain an open redirect vulnerability when using the database authentication login page. There are no known workarounds. Users are recommended to upgrade to version 3.4.5 or later. For more...

6.1CVSS3.1AI score0.00923EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/24 12:0 a.m.•43 views

Missing Authentication for Critical Function in Foreman Ansible

An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8CVSS7.5AI score0.01031EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/22 7:22 p.m.•43 views

Insufficient Protection against HTTP Request Smuggling in mitmproxy

Impact In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While...

9.8CVSS9.4AI score0.01582EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/14 10:43 p.m.•43 views

Leaking of user information on Cross-Domain communication in sysend

Impact Users that use Cross-Origin communication and send sensitive information make it possible for this data to be intercepted. This is not a big impact because it happens only on the same browser. Patches It has been patched in version 1.10.0 Workarounds The only workaround is to not send...

6.5CVSS2.4AI score0.00673EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/02 10:24 p.m.•43 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component

This is an XSS vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display. Versions 2.29.1 and 2.49.1 have been released...

8.1CVSS2.5AI score0.01075EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/26 12:0 a.m.•43 views

OS Command injection in Apache Airflow

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

8.8CVSS3.8AI score0.7788EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/23 9:15 p.m.•43 views

Open Redirect in AllTube

Impact Releases prior to 3.0.1 are vulnerable to an open redirect vulnerability that allows an attacker to construct a URL that redirects to an arbitrary external domain. Patches 3.0.1 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. References...

6.1CVSS1.7AI score0.03378EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/19 12:1 a.m.•43 views

MCMS Arbitrary File Deletion vulnerability

net.mingsoft:ms-basic is used for plugin management for applications built with Maven for the Mingfei Content Management System MCMS. ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to /template/writeFileContent via the oldFileName parameter. MCMS before 5.2.11...

7.1CVSS6.9AI score0.00755EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
•added 2022/02/18 12:0 a.m.•43 views

url-parse Incorrectly parses URLs that include an '@'

A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, url-parse will return the incorrect href. In particular, js parse"http://@/127.0.0.1" Will return: yaml slashes: true, protocol: 'http:', hash: '', query: '', pathname: '/127.0.0.1', auth:...

6.5CVSS6.7AI score0.01535EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/15 1:57 a.m.•44 views

containernetworking/cni improper limitation of path name

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

7.2CVSS7.1AI score0.01525EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/15 1:17 a.m.•43 views

Improper input validation in umoci

Impact umoci 0.4.6 and earlier can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/". Because umoci deletes inodes if they change types, this results in the rootfs directory being replaced with an attacker-controlled symlink. Subsequent...

5.5CVSS5.5AI score0.00344EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/15 12:2 a.m.•43 views

Cross-site Scripting in pimcore

Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1...

7.6CVSS6.9AI score0.01102EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/10 8:29 p.m.•43 views

Request logging bypass in Jenkins Audit Trail Plugin

Audit Trail Plugin logs requests whose URL path matches an admin-configured regular expression. A discrepancy between the behavior of the plugin and the Stapler web framework in parsing URL paths allows attackers to craft URLs that would bypass request logging in Audit Trail Plugin 3.6 and earlie...

5.3CVSS5.2AI score0.01169EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/09 10:46 p.m.•43 views

ua-parser-js Regular Expression Denial of Service vulnerability

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

7.5CVSS7.5AI score0.03878EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/09 10:29 p.m.•43 views

Upload of file to arbitrary path in Apache Flink

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

7.5CVSS7.4AI score0.50038EPSS
Exploits1References28Affected Software1
Total number of security vulnerabilities5000