1518 matches found
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...
Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...
SaToken authentication bypass vulnerability
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
Allocation of Resources Without Limits or Throttling
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
Allocation of Resources Without Limits or Throttling
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
CefSharp affected by heap buffer overflow in WebP
Google is aware that an exploit for CVE-2023-4863 exists in the wild. Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. Chromium security severity: Critical References -...
Helm vulnerable to denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service atta...
Allocation of Resources Without Limits or Throttling
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
Missing Release of Memory after Effective Lifetime
DCMTK v3.6.7 was discovered to contain a memory leak via the TASCAssociation object...
Missing Release of Resource after Effective Lifetime
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
Insertion of Sensitive Information into Log File
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
Loop with Unreachable Exit Condition ('Infinite Loop')
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service infinite loop via crafted ParseFragment input...
Access control bypass in beego
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places e.g., p1.xml instead of p1...
Improper Encoding or Escaping of Output
Gitea before 1.16.7 does not escape git fetch remote...
Django cross-site request forgery (CSRF) vulnerability
The administration application in Django 0.91.x, 0.95.x, and 0.96.x stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified...
Use of a Broken or Risky Cryptographic Algorithm
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...
Improper Authentication
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once...
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting XSS vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page...
Use of a Broken or Risky Cryptographic Algorithm
The ElGamal implementation in Botan, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The media2click aka 2 Clicks for External Media extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to helm --help. This issu...
Improper Access Control
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the...
Observable Timing Discrepancy
The activerecord-sessionstore aka Active Record Session Store component for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a...
Improper Control of Generation of Code ('Code Injection')
The is a code injection vulnerability in versions of Rails that wouldallow an attacker who controlled the locals argument of a render call to perform a RCE...
Deserialization of Untrusted Data
A deserialization of untrusted data vulnernerability exists in rails, rails that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...
Improper Verification of Cryptographic Signature
golang.org/x/crypto allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...
Inadequate Encryption Strength
The strrotpass function in PHP-Proxy uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...
Insufficiently Protected Credentials
The Jenkins AWS CodeDeploy Plugin does not properly protect credentials in AWSCodeDeployPublisher...
Path Traversal
11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url...
Cross-site Scripting
ag-grid is vulnerable to Cross-site Scripting XSS via Angular Expressions, if AngularJS is used in combination with ag-grid...
Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...
Improper Restriction of XML External Entity Reference
XML external entity XXE vulnerability in the SVG to PNG and JPG conversion classes in Apache Batik allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file...
Malformed URLs from user input incorrectly validated
The validation for redirects does not correctly validate some malformed URLs, which are accepted by some browsers. This allows a user to be redirected to an unsafe URL unexpectedly...
NULL Pointer Dereference
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONSetValuestring at cJSON.c...
Out-of-bounds Read
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read...
Uncontrolled Resource Consumption
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service...
Improper Validation of Array Index
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
KubeVirt vulnerable to arbitrary file read on host
As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the...
Improper Certificate Validation
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Duplicate of ./gem/activestorage/CVE-2022-21831.yml
The Active Storage module of Rails starting with version 5.2.0 are possibly vulnerable to code injection. This issue was patched in versions 5.2.6.2, 6.0.4.7, 6.1.4.7, and 7.0.2.3. To work around this issue, applications should implement a strict allow-list on accepted transformation methods or...
Improper Certificate Validation
Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...
Out-of-bounds Write
GDAL has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment...
Excessive Platform Resource Consumption within a Loop in Kubernetes
Abusively constructed YAML payload can significantly reduce parsing performance potentially leading to DoS...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to helm --help. This issu...
Incorrect Conversion between Numeric Types
An issue was discovered in GNOME GLib If gbytearraynewtake was called with a buffer of 4GB or more on a platform, the length would be truncated modulo 232, causing unintended length truncation...
Integer Overflow or Wraparound
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
Access of Resource Using Incompatible Type ('Type Confusion')
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...