Lucene search
K
GithubMost viewed

33181 matches found

Github Security Blog
Github Security Blog
added 2024/11/12 7:53 p.m.42 views

Denial of Service attack on windows app using netty

Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. Details When the library netty is...

5.5CVSS5.9AI score0.00408EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/16 2:37 p.m.42 views

Ansible vulnerable to Insertion of Sensitive Information into Log File

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

5.5CVSS6.3AI score0.00269EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/15 5:55 p.m.42 views

ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http

Summary Applications using the zitadel-go v3 library next branch might be impacted by package vulnerabilities. The output of govulncheck suggests that only example code seems to be impacted, based on 1 of the 3 potential vulnerabilities. This vulnerability is located in the transitive dependency...

7.5CVSS7.3AI score0.91969EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/22 6:30 a.m.42 views

SQL injection in opencart

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed it does not have ...

8.1CVSS8.8AI score0.1908EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 10:26 p.m.42 views

Grafana Race condition allowing privilege escalation

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes critical security fixes for CVE-2022-39328. Release 9.2.4, latest patch, also containing security fix: - Download Grafana 9.2.4 Appropriate patches have been applied to Grafana Cloud and as always, we...

9.8CVSS6.8AI score0.00922EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/24 5:2 p.m.42 views

Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881

Impact The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for 6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881 Patches The package should be updated to at least 6.8.1 to avoid XSS vulnerability. Workarounds Upgrade...

6.1CVSS4.2AI score0.00722EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/23 10:36 p.m.42 views

Drupal Core Remote Code Execution Vulnerability

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical -...

9.8CVSS7.7AI score0.99236EPSS
Exploits14References10Affected Software2
Github Security Blog
Github Security Blog
added 2024/04/22 6:45 p.m.42 views

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during...

5.9CVSS7.5AI score0.00492EPSS
Exploits0References21Affected Software2
Github Security Blog
Github Security Blog
added 2024/04/17 6:25 p.m.42 views

Keycloak path traversal vulnerability in redirection validation

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. Thi...

8.1CVSS7.9AI score0.01552EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/28 5:7 p.m.42 views

ZITADEL's actions can overload reserved claims

Impact Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim urn:zitadel:iam:user:resourceowner:name json "urn:zitadel:iam:user:resourceowner:name": "ACME" if it was not set by ZITADEL itself. To compensate for this w...

6.1CVSS6.7AI score0.00767EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/15 6:44 p.m.42 views

Nuclei allows unsigned code template execution through workflows

Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...

7.4CVSS7.1AI score0.00411EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/15 4:33 p.m.42 views

Users with `create` but not `override` privileges can perform local sync

Impact "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper...

6.4CVSS7.1AI score0.00532EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2024/03/13 6:31 p.m.42 views

Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7.5CVSS7.8AI score0.23072EPSS
Exploits1References12Affected Software2
Github Security Blog
Github Security Blog
added 2024/02/26 5:19 p.m.42 views

Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field

TL;DR This vulnerability affects Kirby sites that use the URL field in any blueprint. A successful attack commonly requires knowledge of the content structure by the attacker as well as social engineering of a user with access to the Panel. The attack cannot be automated. The vulnerability is als...

4.7CVSS6.3AI score0.00405EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/08 6:46 p.m.42 views

Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...

8.3CVSS6.1AI score0.00342EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/02 6:11 p.m.42 views

Talos Linux ships runc vulnerable to the escape to the host attack

Impact Snyk has discovered a vulnerability in all versions of runc =1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes. Exploitation of this issue can result in container escape to the underlying host OS, either through executing a malicious...

8.6CVSS9.3AI score0.18087EPSS
Exploits18References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/01 12:16 a.m.42 views

Grafana path traversal

Today we are releasing Grafana 8.3.1, 8.2.7, 8.1.8, 8.0.7. This patch release includes a high severity security fix that affects Grafana versions from v8.0.0-beta1 through v8.3.0. Release v8.3.1, only containing a security fix: - Download Grafana 8.3.1 - Release notes Release v8.2.7, only...

7.5CVSS8.2AI score0.88849EPSS
Exploits44References11Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/31 12:21 a.m.42 views

HashiCorp Vault Authentication bypass

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

8.2CVSS6.8AI score0.02963EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/30 11:47 p.m.42 views

Grafana XSS in Dashboard Text Panel

Grafana 5.3.1 has XSS via the "Dashboard Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099...

6.1CVSS6.1AI score0.01762EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/12 5:35 p.m.42 views

Minor fix to previous patch for CVE-2022-35918

Impact The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific condition...

6.5CVSS7AI score0.01292EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/03 9:50 p.m.42 views

Craft CMS Privilege Escalation

Impact This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups. Patches This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. References...

8.8CVSS7.4AI score0.00588EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/14 6:30 p.m.42 views

Allocation of Resources Without Limits in Keycloak

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...

7.7CVSS7.6AI score0.01239EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/13 9:26 p.m.42 views

Withdrawn Advisory: Prometheus XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references. Original Description A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version...

6.1CVSS6.4AI score0.02736EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/13 1:35 p.m.42 views

Unauthenticated db-file-storage views

Impact In Nautobot 1.x and 2.0.x, the URLs /files/get/?name=... and /files/download/?name=... are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job...

5.3CVSS7.3AI score0.00748EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/29 9:33 p.m.42 views

CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS

Impact CarrierWave::Uploader::ContentTypeAllowlist has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the contenttype argument of allowlistedcontenttype? is...

6.8CVSS6.1AI score0.00613EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/27 6:31 p.m.42 views

Duplicate Advisory: phpseclib vulnerable to denial of service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f25-pfq3-c7h8. This link is maintained to preserve external references. Original Description In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees in binary fields can lead to a denial...

7.5CVSS7AI score0.00762EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/15 12:30 p.m.42 views

In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...

7.5CVSS6.9AI score0.01124EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/12 3:51 p.m.42 views

Symfony possible session fixation vulnerability

Description SessionStrategyListener does not always migrate the session after a successful login. It only migrate the session when the logged-in user identifier changes. In some use cases, the user identifier doesn't change between the verification phase and the successful login, while the token...

6.5CVSS6.9AI score0.00689EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/11/07 9:46 p.m.42 views

capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name

Summary A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. Details - Tenant solar, owned by a ServiceAccount named tenant-owner in the Namespace solar - Tenant wind, owne...

4.3CVSS7.1AI score0.00415EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/11/01 2:35 p.m.42 views

Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Proof of Concept Step 1. Go to /admin and login. Step 2. In Documents, go to home - click on Sample Conten...

6.1CVSS6.5AI score0.00496EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 9:30 p.m.42 views

Ingress nginx annotation injection causes arbitrary command execution

Issue Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx...

8.8CVSS7.4AI score0.02234EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.42 views

SaToken privilege escalation vulnerability

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...

9.8CVSS6.8AI score0.00964EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/22 9:36 p.m.42 views

Django Grappelli Open Redirect vulnerability

views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...

6.1CVSS6.2AI score0.0047EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/08 9:30 p.m.42 views

Jeecg boot SQL Injection vulnerability

Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show...

9.8CVSS8.3AI score0.00745EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/25 7:45 p.m.42 views

OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. This means that the API sometimes returns more objects than it should. Am I Affected? The vulnerability affects customers using ListObjects with specific models. The...

6.5CVSS6.5AI score0.00451EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/21 7:58 p.m.42 views

Craft CMS vulnerable to Remote Code Execution via validatePath bypass

Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...

7.2CVSS7AI score0.01909EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/16 3:30 p.m.42 views

Jenkins NodeJS Plugin improper credential masking vulnerability

Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in...

7.5CVSS7.5AI score0.0053EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/04 5:26 p.m.42 views

matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms

Impact It was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Patches Please upgrade to 1.0.1. Workarounds You can set the matrixHandler.eventCacheSize config value to 0 to workaround this...

3.7CVSS6.4AI score0.00485EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/30 10:17 p.m.42 views

PyPDF2 quadratic runtime with malformed PDF missing xref marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. Patches https://github.com/py-pdf/pypdf/pull/808 Workarounds ...

6.5CVSS6.7AI score0.00625EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/30 8:41 p.m.42 views

org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted

Impact The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add ...

9CVSS7.6AI score0.01021EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/27 12:30 p.m.42 views

Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...

4.3CVSS6.9AI score0.01263EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/05/08 12:30 p.m.42 views

Apache Airflow vulnerable to Privilege Context Switching Error

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow. This issue affects Apache Airflow: before 2.6.0...

9.8CVSS9.4AI score0.0228EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/05 2:25 a.m.42 views

Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Impact Mutagen command line operations, as well as the log output from mutagen daemon run, are susceptible to control characters that could be provided by remote endpoints. This can cause terminal corruption, either intentional or unintentional, if these characters are present in error messages,...

8.8CVSS6.7AI score0.0074EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/05/04 6:30 a.m.42 views

Improper input validation in github.com/gin-gonic/gin

Versions of the package github.com/gin-gonic/gin before version 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a...

7.3CVSS8.9AI score0.00905EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/25 7:48 p.m.42 views

Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer

Impact There is an ext4 use-after-free flaw described in CVE-2022-1184 that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10...

7.8CVSS7.4AI score0.00369EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/25 7:47 p.m.42 views

Possible XSS injection through Validate::isCleanHTML method

Impact ValidateCore::isCleanHTML method of Prestashop misses hijickable events which can lead to XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS which hijacks HTML attributes will be triggered without any interaction of the visitor/administrator which makes it as...

9.9CVSS8.4AI score0.01037EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/03 6:30 a.m.42 views

configobj ReDoS exploitable by developer using values in a server-side configuration file

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

5.9CVSS5.6AI score0.01259EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/23 8:10 p.m.42 views

Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip

Summary When a Graphite data source is added, one can use this data source in a dashboard. This contains a feature to use Functions. Once a function is selected, a small tooltip will be shown when hovering over the name of the function. This tooltip will allow you to delete the selected Function...

6.2CVSS5.1AI score0.00954EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/23 7:58 p.m.42 views

Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules. Affected platforms: FreeBSD Patched Tailscale client versions: v1.38.2 or later What happened? A difference i...

8CVSS7.6AI score0.0046EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/22 12:30 p.m.42 views

Apache Tomcat vulnerable to Unprotected Transport of Credentials

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...

4.3CVSS5.2AI score0.01831EPSS
Exploits0References13Affected Software1
Total number of security vulnerabilities5000