Lucene search
K
GithubMost viewed

33181 matches found

Github Security Blog
Github Security Blog
added 2022/02/09 9:21 p.m.43 views

Partial authorization bypass on document save in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with SCRIPT right EDIT right before XWiki 7.4 can save a document with the right of the current user which allow accessing API requiring programming right if the current user has...

5.5CVSS0.9AI score0.00684EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:33 a.m.43 views

Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

6.8CVSS3.1AI score0.01814EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:23 a.m.43 views

Insufficient Session Expiration in Apache NiFi Registry

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

6.5CVSS6.5AI score0.02607EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:36 p.m.43 views

Path traversal in Apache James

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based produc...

9.1CVSS2.6AI score0.03706EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/08 12:31 a.m.43 views

Missing Authorization in DayByDay CRM

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...

4.3CVSS5.1AI score0.0068EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 8:41 p.m.43 views

Inadequate Encryption Strength in Apache NiFi

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced...

7.5CVSS7.4AI score0.02871EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 8:35 p.m.43 views

Cross-site scripting in Apache NiFi

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers...

6.1CVSS5.7AI score0.02813EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 6:37 p.m.43 views

Infinite loop in Apache CFX

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior ...

7.5CVSS4.3AI score0.07024EPSS
Exploits0References17Affected Software2
Github Security Blog
Github Security Blog
added 2022/01/06 6:29 p.m.43 views

Client-Side JavaScript Prototype Pollution in oro/platform

Summary By sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. Workarounds Configure WAF to dro...

8.8CVSS2.8AI score0.01094EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/16 3:27 p.m.43 views

Duplicate Advisory: Remote Code Execution in AjaxNetProfessional

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references. Original Description All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of...

9.8CVSS8.8AI score0.88768EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/16 3:27 p.m.43 views

Cross Site Request Forgery in mailman

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request using that token to set a new admin password or make other changes...

8.8CVSS2.4AI score0.0073EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/06 6:17 p.m.43 views

Code injection in FreeIPA

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...

8.8CVSS4.5AI score0.06329EPSS
Exploits0References12Affected Software2
Github Security Blog
Github Security Blog
added 2021/11/24 8:5 p.m.43 views

Cookie persistence after password changes in symfony/security-bundle

Description ----------- Since the rework of the Remember me cookie in Symfony 5.3, the cookie is not invalidated anymore when the user changes its password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login on...

8.8CVSS1.4AI score0.01283EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2021/11/23 9:15 p.m.43 views

Prototype Pollution in algoliasearch-helper

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...

9.8CVSS5.1AI score0.01561EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/23 6:17 p.m.43 views

Apache Ozone exposes OM, SCM and Datanode metadata

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints...

5.3CVSS1.4AI score0.02315EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/23 5:56 p.m.43 views

Incorrect Authorization in Apache Ozone

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins...

8.8CVSS8.4AI score0.01632EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/18 8:9 p.m.43 views

Authentication Bypass by CSRF Weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...

9.3CVSS1.1AI score0.00609EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/10 6:46 p.m.43 views

Heap OOB in `FusedBatchNorm` kernels

Impact The implementation of FusedBatchNorm kernels is vulnerable to a heap OOB: python import tensorflow as tf tf.rawops.FusedBatchNormGrad ybackprop=tf.constanti for i in range9,shape=1,1,3,3,dtype=tf.float32 x=tf.constanti for i in range2,shape=1,1,1,2,dtype=tf.float32 scale=1,1,...

7.1CVSS1.6AI score0.00201EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/11/03 5:30 p.m.43 views

Missing Authorization with Default Settings in Dashboard UI

Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, LocalRequestsOnlyAuthorizationFilter filter is being used to allow only local requests and prohibit all the remote...

8.6CVSS1AI score0.00922EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/28 11:13 p.m.43 views

Improper Access Control in jupyterhub-firstuseauthenticator

Impact When JupyterHub is used with FirstUseAuthenticator, the vulnerability allows unauthorized access to any user's account if createusers=True and the username is known or guessed. Patches Upgrade to jupyterhub-firstuseauthenticator to 1.0, or apply patch...

9.8CVSS1.3AI score0.01323EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/06 12:23 a.m.43 views

ASP.NET Core Denial of Service Vulnerability

Withdrawn This advisory was initially published and mapped incorrectly to nuget Microsoft.NETCore.App.Ref. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package. Thus we have withdrawn this advisory. The underlying ASP.NET Core Denial of Service...

7.5CVSS0.4AI score0.05138EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/04 8:13 p.m.43 views

Cross-site scripting in demos/demo.mysqli.php in getID3

Cross-site scripting XSS vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter...

6.1CVSS4.1AI score0.00976EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 8:43 p.m.43 views

Exposure of Sensitive Information in keycloak

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events...

6.8CVSS5.8AI score0.01092EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/01 6:41 p.m.43 views

Use of a Broken or Risky Cryptographic Algorithm

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...

3.5CVSS3.9AI score0.00458EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/01 6:31 p.m.43 views

Deserialization of Untrusted Data in Neo4j

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

9.8CVSS9.6AI score0.13386EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/31 4:4 p.m.43 views

@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

8.2CVSS7AI score0.00576EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:50 p.m.43 views

Data races in concread

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync...

4.7CVSS5.2AI score0.00242EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:43 p.m.43 views

Heap OOB and CHECK fail in `ResourceGather`

Impact An attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build: python import tensorflow as tf tensor =...

7.3CVSS7AI score0.00167EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/25 2:41 p.m.43 views

Division by 0 in most convolution operators

Impact Most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash: python import tensorflow as tf tf.compat.v1.disablev2behavior tf.rawops.Conv2D input = tf.constant, shape=0, 0, 0, 0,...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/23 7:40 p.m.43 views

Special Element Injection in notebook

Impact Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook. Patches 5.7.11, 6.4.1 References OWASP Page on Injection Prevention For more information If you have any questions or comments about this advisory, or vulnerabilities ...

10CVSS1.9AI score0.02106EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:17 p.m.43 views

Archive package allows chmod of file outside of unpack target directory

Impact A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or s...

6.8CVSS6.5AI score0.01608EPSS
Exploits2References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 8:9 p.m.43 views

Access control flaw in Kiali

An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0. This flaw allows an attacker with a basic level of access to the cluster to deploy a kiali operand to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access ...

8.8CVSS8.1AI score0.00969EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 6:49 p.m.43 views

Insufficient Verification of Data Authenticity in Pillow

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

5.5CVSS2.4AI score0.00732EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:57 p.m.43 views

plugin.yaml file allows for duplicate entries in helm

Impact During a security audit of Helm's code base, Helm maintainers identified a bug in which a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install...

6.5CVSS3.1AI score0.01517EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.43 views

Invalid validation in `QuantizeAndDequantizeV2`

Impact The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument: python import tensorflow as tf inputtensor = tf.constant0.0, shape=1, dtype=float inputmin = tf.constant-10.0 inputmax = tf.constant-10.0 tf.rawops.QuantizeAndDequantizeV2 input=inputtensor,...

7.8CVSS2.6AI score0.00201EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:22 p.m.43 views

CHECK-fail in SparseConcat

Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat: python import tensorflow as tf import numpy as np indices1 = tf.constant514, 514, 514, 514, dtype=tf.int64 indices2 = tf.constant514, 530, 599, 877, dtype=tf.int64 indices = indices1, indices2 values1 =...

5.5CVSS2.3AI score0.00189EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/19 11:1 p.m.43 views

Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint

Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Patches The issue is fixed by https://github.com/matrix-org/synapse/pull/9855. Workarounds There are no...

2.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:35 p.m.43 views

Information Exposure in jaeger

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials...

7.1CVSS5.6AI score0.00427EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:27 p.m.43 views

Privilege Escalation in Cloud Native Computing Foundation Harbor

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform...

8.8CVSS2.6AI score0.01618EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:47 p.m.43 views

Cross-site Scripting in reveal.js

Insufficient validation in cross-origin communication postMessage in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks...

6.1CVSS5.8AI score0.01197EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:43 p.m.43 views

Authorization bypass in Strapi

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality...

9.8CVSS9AI score0.02264EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 3:17 p.m.43 views

Incorrect Authorization in Apache Solr

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts...

9.1CVSS3.7AI score0.05263EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 5:29 p.m.43 views

Prototype Pollution in templ8

All versions of package templ8 up to and including 0.0.44 are vulnerable to Prototype Pollution via the parse function...

9.8CVSS9AI score0.01933EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 5:28 p.m.43 views

Prototype Pollution in madlib-object-utils

madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue...

9.8CVSS8.5AI score0.02055EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 4:10 p.m.43 views

Regular Expression Denial of Service in hosted-git-info

The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...

5.3CVSS3.4AI score0.03612EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:51 p.m.43 views

Authenticated path traversal in Umbraco CMS

An authenticated path traversal vulnerability exists during package installation in Umbraco CMS = 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package...

6.5CVSS6.3AI score0.09369EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:19 p.m.43 views

Cross-site Scripting in vis-timeline

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application...

6.8CVSS6.5AI score0.01444EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:19 p.m.43 views

Command Injection in nuance-gulp-build-common

All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: js var a = require"nuance-gulp-build-common" a.run"touch JHU"...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/06 5:22 p.m.43 views

Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

5.3CVSS1.4AI score0.00489EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:59 p.m.43 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1107...

7.6CVSS2.6AI score0.09205EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities5000