Lucene search
K
GithubMost viewed

33181 matches found

Github Security Blog
Github Security Blog
added 2022/04/22 8:15 p.m.42 views

Missing input validation can lead to command execution in composer

The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...

8.8CVSS4.9AI score0.01857EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/08 10:0 p.m.42 views

Unauthenticated user can list hidden document from multiple velocity templates in XWiki

Impact A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. Patches The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. Workarounds There is no known workaround for this problem. References...

5.3CVSS0.1AI score0.00985EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/26 12:15 a.m.42 views

Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

9.8CVSS9.6AI score0.55084EPSS
Exploits4References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/26 12:0 a.m.42 views

SQL Injection in Moodle

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default...

8.8CVSS4.5AI score0.00898EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/18 5:57 p.m.42 views

Deserialization of Untrusted Data in Apache Dubbo

Apache Dubbo prior to 2.6.9 and 2.7.10 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection AP...

9.8CVSS1.8AI score0.04197EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.42 views

Cross-site Scripting in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS2.3AI score0.00479EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.42 views

Command injection in simple-git

The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...

9.8CVSS5.8AI score0.03499EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/11 12:2 a.m.42 views

Command Injection in CasaOS

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api...

9.8CVSS3AI score0.05967EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/10 10:7 p.m.42 views

Arbitrary file write in nats-server

This document is canonically: Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. JetStream is the optional RAFT-based resilient persistent feature of NATS. Problem Description The JetStream...

6.5CVSS0.1AI score0.02251EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2022/02/16 11:2 p.m.42 views

open redirect in pollbot

From https://bugzilla.mozilla.org/showbug.cgi?id=1753838 Summary: There was an open redirection vulnerability in the path of: https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ Description: An attacker can redirect anyone to malicious sites. Steps To Reproduce: Type in th...

6.1CVSS0.5AI score0.00426EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.42 views

Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin

Jenkins Pipeline: Groovy Plugin prior to 2656.vf7ae7b75a457, 2.94.1, and 2.92.1 uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controlle...

8.8CVSS8.4AI score0.01444EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 1:37 a.m.42 views

Improper Input Validation in Xerces

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This iss...

5.3CVSS3.1AI score0.01292EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/12 12:1 a.m.42 views

"catalog's registry v2 api exposed on unauthenticated path in Harbor"

Impact Javier Provecho, member of the TCCT Telefonica Cloud & Cybersecurity Tech better known as ElevenPaths SRE team discovered a vulnerability regarding Harbor’s v2 API. The catalog’s registry v2 api is exposed on an unauthenticated path. The current catalog API path is served at the following...

5.3CVSS5.5AI score0.00722EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/11 11:43 p.m.42 views

Nil dereference in NATS JWT, DoS of nats-server

Problem Description The NATS account system has an Operator trusted by the servers, which signs Accounts, and each Account can then create and sign Users within their account. The Operator should be able to safely issue Accounts to other entities which it does not fully trust. A malicious Account...

7.5CVSS7.5AI score0.0209EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:46 p.m.42 views

OS Command Injection in node-key-sender

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

9.8CVSS9.2AI score0.04118EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 8:22 p.m.42 views

Improper Validation of Specified Quantity in Input in Eclipse Hono

In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP...

7.5CVSS7.1AI score0.01289EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 8:19 p.m.42 views

Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

6.5CVSS6.2AI score0.01346EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 12:31 a.m.42 views

Incorrect Authorization in Apache Solr

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS5.5AI score0.78874EPSS
Exploits1References25Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/10 12:21 a.m.42 views

Division by zero in Tensorflow

Impact The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0: python import tensorflow as tf import numpy as np tf.rawops.FractionalMaxPool value=tf.constantvalue=1, 4, 2, 3, dtype=tf.int64, poolingratio=1.0, 1.44, 1.73, 1.0, pseudorandom=False,...

6.5CVSS1.9AI score0.00783EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/09 11:20 p.m.42 views

Improper Input Validation in Apache Unomi

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

10CVSS4AI score0.29885EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:59 a.m.42 views

Generation of Error Message Containing Sensitive Information in Keycloak

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack...

4CVSS3.5AI score0.00766EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:19 p.m.42 views

Memory leak in micronaut-core

Impact Sending an invalid Content Type header leads to memory leak in DefaultArgumentConversionContext as this type is erroneously used in static state. Patches The problem is patched in Micronaut 3.2.7 and above. Workarounds The default content type binder can be replaced in an existing Micronau...

5.3CVSS2.5AI score0.0115EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/14 9:4 p.m.42 views

Inefficient Regular Expression Complexity in marked

Impact What kind of vulnerability is it? Denial of service. The regular expression block.def may cause catastrophic backtracking against some strings. PoC is the following. javascript import as marked from "marked"; marked.parsex:$' '.repeat1500x $' '.repeat1500 x; Who is impacted? Anyone who run...

7.5CVSS1.1AI score0.02828EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/08 12:46 a.m.42 views

Cross-site Scripting in Apache Pluto

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...

6.1CVSS5.7AI score0.02327EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/07 12:20 a.m.42 views

Open Redirect in Grav

Common/Grav.php in Grav before 1.6.23 has an Open Redirect...

6.1CVSS0.8AI score0.10879EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 6:32 p.m.42 views

Improper Authorization in Keycloak

A incorrect authorization flaw was found in Keycloak 12.0.0, the flaw allows an attacker with any existing user account to create new default user accounts via the administrative REST API even where new user registration is disabled...

8.8CVSS5.3AI score0.01347EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/20 4:57 p.m.42 views

Authelia vulnerable to an authentication bypassed with malformed request URI on nginx

Impact This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect other proxy servers, but all of the ones we officially suppo...

10CVSS9.8AI score0.01868EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/16 2:29 p.m.42 views

Improper Restriction of XML External Entity Reference in com.h2database:h2.

H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it...

9.1CVSS9.3AI score0.03284EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/15 12:0 a.m.42 views

Invalid handling of `X509_verify_cert()` internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

7.5CVSS1AI score0.50099EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/23 9:58 p.m.42 views

Path traversal in Matrix Synapse

Impact Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. The last two directories and file name of the path are chosen randomly by Synapse and cannot be...

7.5CVSS2.1AI score0.01514EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/23 6:18 p.m.42 views

Exposure of sensitive information in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

9.1CVSS8.8AI score0.02296EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/23 6:17 p.m.42 views

Incorrect permissions in Apache Ozone

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...

6.5CVSS6.4AI score0.01501EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/10 8:41 p.m.42 views

Improper Verification of Cryptographic Signature in starkbank-ecdsa

The verify function in the Stark Bank Python ECDSA library starkbank-ecdsa 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS5AI score0.01198EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/10 7:2 p.m.42 views

FPE in convolutions with zero size filters

Impact The implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. Patches We have patched the issue in GitHub commit f2c3931113eaafe9ef558faaddd48e00a6606235. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...

5.5CVSS3.4AI score0.00136EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/11/08 5:44 p.m.42 views

Prototype Pollution in node-jsonpointer

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays...

9.8CVSS3.2AI score0.02539EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/10/22 4:20 p.m.42 views

Arbitrary command execution on Windows via qutebrowserurl: URL handler

Impact Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers it as a handler for certain URL schemes. With some applications such as Outlook Desktop, opening a specially crafted URL can lead to argument injection, allowing execution of qutebrowser commands, which in tu...

8.8CVSS2.1AI score0.01448EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/21 5:48 p.m.42 views

Cross-site Scripting in snipe-it

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.8CVSS5.6AI score0.00803EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/21 5:46 p.m.42 views

Authz Module Non-Determinism

Impact Consensus failure for 0.43.x and 0.44.0,1 users. Funds and balances are safe. Patches 0.44.2 Workarounds Manually patch the code. --- Full details posted in https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349...

6.5CVSS1.9AI score0.01658EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/19 3:28 p.m.42 views

Nameko Arbitrary code execution due to YAML deserialization

Impact Nameko can be tricked to perform arbitrary code execution when deserialising a YAML config file. Example: yaml malicious.yaml !!python/object/new:type args: 'z', !!python/tuple , 'extend': !!python/name:exec listitems: "import'os'.system'cat /etc/passwd'" shell $ nameko run --config...

7.8CVSS7.8AI score0.01488EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/04 8:13 p.m.42 views

Cross-site Scripting in LaraCMS

LaraCMS contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...

5.4CVSS5.1AI score0.00576EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/04 8:12 p.m.42 views

CSV injection in Craft CMS

Withdrawn Duplicate of GHSA-h7vq-5qgw-jwwq...

8.8CVSS1.3AI score0.01329EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/30 5:13 p.m.42 views

Cross-site Scripting in GilaCMS

A cross-site scripting XSS vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field...

5.4CVSS5.1AI score0.00477EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/30 5:10 p.m.42 views

Inefficient Regular Expression Complexity in handsontable

The package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service ReDoS in Handsontable.helper.isNumeric function...

7.5CVSS7.3AI score0.02751EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/30 5:9 p.m.42 views

LiveQuery publishes user session tokens in parse-server

Impact For regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery...

7.5CVSS1.2AI score0.01206EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/29 5:15 p.m.42 views

Regular Expression Denial of Service in jsoneditor

JSON Editor is a web-based tool to view, edit, format, and validate JSON. It has various modes such as a tree editor, a code editor, and a plain text editor. The jsoneditor package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted element a...

7.5CVSS7.2AI score0.01372EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 10:0 p.m.42 views

Traefik has an Improper Certificate Handling issue

configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging...

7.5CVSS7.1AI score0.00721EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 5:7 p.m.42 views

Use of Cryptographically Weak Pseudo-Random Number Generator in showdoc

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG...

7.5CVSS5.8AI score0.01064EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/01 6:31 p.m.42 views

Malicious password-reset in Akaunting

Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...

8.1CVSS7.7AI score0.00957EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:13 p.m.42 views

Exposed phpinfo() leadked via documentation files

Impact The phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule .htaccess, etc. Patches Only the v6, v7 and v8 will be patched respectively in...

5.4CVSS5AI score0.06132EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:58 p.m.42 views

Data races in multiqueue

Affected versions of this crate unconditionally implemented Send for types used in queue implementations InnerSend, InnerRecv, FutInnerSend, FutInnerRecv. This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior...

8.1CVSS7.7AI score0.01098EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities5000