33181 matches found
Missing permission check in Jenkins OpenShift Deployer Plugin
OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
KubeEdge CloudCore Router memory exhaustion vulnerability
Impact The CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes ...
Jetty invalid URI parsing may produce invalid HttpURI.authority
Description URI use within Jetty's HttpURI class can parse invalid URIs such as http://localhost;/path as having an authority with a host of localhost;. A URIs of the type http://localhost;/path should be interpreted to be either invalid or as localhost; to be the userinfo and no host. However,...
Apache Tika contains incomplete fix for regex DoS
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1...
Salt's PAM auth fails to reject locked accounts
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Versions of Rails::Html::Sanitizer prior to version 1.4.3 are vulnerable to XSS with certain configurations of Rails::Html::Sanitizer which allows an attacker to inject content when the application developer has overridden the sanitizer's allowed tags to allow both select and style elements. Code...
SpEL Injection in Spring Data MongoDB
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...
Server-Side Template Injection in formio
A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and on...
Core dump when loading TFLite models with quantization in TensorFlow
Impact Certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling...
Integer overflow in `SpaceToBatchND`
Impact The implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: python import tensorflow as tf input = tf.constant-3.5e+35, shape=10,19,22, dtype=tf.float32 blockshape = tf.constant-1879048192, shape=2, dtype=tf.int64...
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds
Jenkins CloudBees CD Plugin does not perform a permission check in an HTTP endpoint. This allows attackers with Item/Read permission to schedule builds of projects without having Item/Build permission. Jenkins CloudBees CD Plugin requires Item/Build permission to schedule builds via its HTTP...
Undertow vulnerable to Uncontrolled Resource Consumption
A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...
Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user...
User confusion in IronJacamar
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...
Pillow command injection
Python Image Library PIL 1.1.7 and earlier and Pillow before 2.5.0 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py...
Improper Input Validation in Drools and jBPM
XML external entity XXE vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file...
Cross-site Scripting in JavaMelody
JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...
Apache XML-RPC XXE Vulnerability
XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD...
Missing Cryptographic Step in OWASP Enterprise Security API for Java
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...
Uncontrolled Resource Consumption in Apache Tomcat
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service thread consumption via a series of aborted uploa...
Improper Input Validation in Jenkins
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
Cross-origin Resource Sharing bypass in ASP.NET Core
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing CORS configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability"...
Contao Core directory traversal vulnerability
A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server...
Keycloak CSRF Vulnerability
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks...
Improper Access Control in MySQL Connector Python
Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connector...
Improper Restriction of XML External Entity Reference in Apache Batik
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...
Cross-Site Request Forgery in Spring Framework
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...
Deserialization of Untrusted Data in Jenkins
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...
Features file injection vulnerability
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...
GeoServer allows SSRF via the option for setting a proxy host
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
Impact Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. Patches This issue has been patched ...
Smokescreen SSRF via deny list bypass
The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional e.g., external URLs by way of...
Path Traversal in Caucho Resin
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request...
Open Redirect in Flask-AppBuilder
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 3.4.5 contain an open redirect vulnerability when using the database authentication login page. There are no known workarounds. Users are recommended to upgrade to version 3.4.5 or later. For more...
Missing Authentication for Critical Function in Foreman Ansible
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Impact In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While...
Leaking of user information on Cross-Domain communication in sysend
Impact Users that use Cross-Origin communication and send sensitive information make it possible for this data to be intercepted. This is not a big impact because it happens only on the same browser. Patches It has been patched in version 1.10.0 Workarounds The only workaround is to not send...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component
This is an XSS vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display. Versions 2.29.1 and 2.49.1 have been released...
OS Command injection in Apache Airflow
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...
Open Redirect in AllTube
Impact Releases prior to 3.0.1 are vulnerable to an open redirect vulnerability that allows an attacker to construct a URL that redirects to an arbitrary external domain. Patches 3.0.1 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. References...
MCMS Arbitrary File Deletion vulnerability
net.mingsoft:ms-basic is used for plugin management for applications built with Maven for the Mingfei Content Management System MCMS. ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to /template/writeFileContent via the oldFileName parameter. MCMS before 5.2.11...
url-parse Incorrectly parses URLs that include an '@'
A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, url-parse will return the incorrect href. In particular, js parse"http://@/127.0.0.1" Will return: yaml slashes: true, protocol: 'http:', hash: '', query: '', pathname: '/127.0.0.1', auth:...
containernetworking/cni improper limitation of path name
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...
Improper input validation in umoci
Impact umoci 0.4.6 and earlier can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/". Because umoci deletes inodes if they change types, this results in the rootfs directory being replaced with an attacker-controlled symlink. Subsequent...
Cross-site Scripting in pimcore
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1...
Request logging bypass in Jenkins Audit Trail Plugin
Audit Trail Plugin logs requests whose URL path matches an admin-configured regular expression. A discrepancy between the behavior of the plugin and the Stapler web framework in parsing URL paths allows attackers to craft URLs that would bypass request logging in Audit Trail Plugin 3.6 and earlie...
ua-parser-js Regular Expression Denial of Service vulnerability
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...
Upload of file to arbitrary path in Apache Flink
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...