1518 matches found
Use of a Broken or Risky Cryptographic Algorithm
golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey...
Improper Authentication in FreeTAKServer
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...
Protection Mechanism Failure in Jenkins Doktor Plugin
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...
Vulnerability in Istio
Istio 1.1.x through 1.1.6 has Incorrect Access Control...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...
Improper Input Validation
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
Sandbox Escape
In Pallets Jinja, str.formatmap allows a sandbox escape...
Improper Link Resolution Before File Access
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could r...
Deserialization of Untrusted Data
DISPUTED SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because denylisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t...
Improper Access Control
API Platform contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
active-support ruby gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
Session manipulation in Django
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...
Path Traversal
22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url...
Information Exposure
An issue was discovered in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as 'Too many connections' has occurred...
Strong Parameter bypass with create_with
The createwith functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection...
XSS Vulnerability in simple_format helper
The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass...
Incorrect Authorization
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Impact @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.1. Workarounds None References N/A...
hutool Buffer Overflow vulnerability
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
There is a potential denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter. In ActiveRecord 7.0.4.1 and 6.1.7.1, when a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory...
Out-of-bounds Read
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
hutool-json stack overflow vulnerability
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...
Weak Password Requirements
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...
RCE bug with Serialized Columns in Active Record
When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database via means like SQL injection, then it may be possible for the attacker to escalate to an RCE. There are no...
Relative Path Traversal
Relative Path Traversal in github.com/argoproj/argo-events...
Missing Release of Memory after Effective Lifetime
A memory leak out-of-memory in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file...
NULL Pointer Dereference
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers...
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...
Django is vulnerable to Denial of Service attack in formset
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...
Out-of-bounds Write
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB in gif2rgb.c:298:45...
Allocation of Resources Without Limits or Throttling in Apache Avro
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro and prior versions. Users should update to which addresses this issue...
Improper Restriction of Excessive Authentication Attempts
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...
Open redirect in Flask-Unchained
This affects the package Flask-Unchained before 0.9.0. When using the the validateredirecturl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only exploitable if an...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...
Stack-based Buffer Overflow
A flaw was found in cairo's image-compositor.c in all This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input to cause a stack...
Incorrect Permission Assignment for Critical Resource
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control to to, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP...
Integer Overflow or Wraparound
DISPUTED GNOME GLib has an integer overflow, that might lead to an out-of-bounds write, in goptiongroupaddentries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls ...
Inclusion of Sensitive Information in Log Files
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials...
Credentials Management
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver which make use of basic or bearer token authentication, and run at high verbosity...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
Directory traversal in Django
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / slash character in a key in a session cookie, related to session replays...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting XSS prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a...
Cross-site request forgery
Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf...
DOS via URL validation
django.core.validators.URLValidator includes a regular expression that was extremely slow to evaluate against certain inputs...
Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to...
Anki Latex Incomplete Blocklist Vulnerability
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...