1518 matches found
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...
Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/categories/delete/2...
Exposure of Sensitive Information to an Unauthorized Actor
Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL...
Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...
Improper Input Validation
Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...
LeafKit allows XSS with untrusted user input
This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an attacker managed to find a variable that was rendered with their unsanitised data, they could inject scripts into a generated Leaf page, whic...
Uncontrolled Resource Consumption
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...
golang.org/x/net/http2 Denial of Service vulnerability
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
Missing Release of Memory after Effective Lifetime
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...
Allocation of Resources Without Limits or Throttling
Some HTTP/2 implementations is vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the RSTSTRE...
Cross site scripting in actionpack Rubygem
A cross-site scripting vulnerability flaw was found in the autolink function in Rails before version 3.0.6...
Deserialization of Untrusted Data
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...
Improper Authorization in cobbler
If PAM is correctly configured and a user account is set to expired, the expired user-account is still able to successfully log into Cobbler in all places Web UI, CLI & XMLRPC-API. The same applies to user accounts with passwords set to be expired...
Deserialization of Untrusted Data
In logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...
Files or Directories Accessible to External Parties
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...
Inclusion of Functionality from Untrusted Control Sphere
The 1 createbranch, 2 createtag, 3 importproject, and 4 forkproject functions in lib/gitlabprojects.rb allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface...
Allocation of Resources Without Limits or Throttling
There is a possible denial of service vulnerability in Action View Rails where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive...
Cross-site Scripting
PHP-Proxy has Cross-Site Scripting XSS via the URL field in index.php...
Cross-site scripting in django
Cross-site scripting XSS vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload...
Path Traversal
360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing .. in the url...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in the striptags helper in actionpack/lib/actioncontroller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an inval...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
Cross-Site Request Forgery (CSRF)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...
Settings leak in date template filter
If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format. e.g. SECRETKEY instead of j/m/Y...
Incorrect Default Permissions
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
Caches may be allowed to store and serve private data
Django contains a flaw that is triggered as the program improperly removes Vary and Cache-Control headers from HTTP responses during a reply to a request from some older versions of Internet Explorer or the Chrome Frame client. This may allow a context-dependent attacker to gain access to...
MySQL typecasting
When using a MySQL database, Django don't perform explicit conversion of the fields: FilePathField GenericIPAddressField IPAddressField If a query is performed without first converting values to the appropriate type, this can produce unexpected results, similar to what would occur if the query...
DOS via large passwords
The authentication framework django.contrib.auth computes the hash of a password each time a user attempts to log in, no matter the length of the password. Thus, a remote attacker can cause a denial of service CPU consumption by repeatedly submitting long passwords...
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities...
XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated select tag options upon submission to actionpack/lib/actionview/helpers/formoptionshelper.rb. This may allow a user to create a specially crafted request that would execute...
Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length
The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...
Rails has possible Sensitive Session Information Leak in Active Storage
Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...
NULL Pointer Dereference
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONInsertItemInArray at cJSON.c...
Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...
Out-of-bounds Write
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting XSS - Stored in GitHub repository admidio/admidio prior to 4.2.8...
Improper Authentication
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function...
CairoSVG improperly processes SVG files loaded from external resources
When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. When CairoSVG processes an SVG file, it can send requests to external hosts and wait for a response from the external server after a successful TCP handshake. This will cause the server to han...
Inefficient Regular Expression Complexity
A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
MITM can enable Zip-Slip...
Uncontrolled Resource Consumption
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
Use of Insufficiently Random Values
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...
Improper Input Validation
The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...
Improper Input Validation
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // slash slash in a URL, which triggers a scheme-relative URL...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...
Use after free in Animation
The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue...