1518 matches found
Allocation of Resources Without Limits or Throttling
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
Prevent logging invalid header values
Impact What kind of vulnerability is it? Apollo Server can log sensitive information Studio API keys if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Who is impacted? Users who all of the below: use either t...
Improper Authentication
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function...
Uncontrolled Resource Consumption
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...
Deserialization of Untrusted Data
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
Out-of-bounds Read
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 is vulnerable to out-of-bounds read due to logic error handli...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...
Missing Release of Memory after Effective Lifetime
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack...
Server-Side Request Forgery (SSRF)
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services...
Incorrect Permission Assignment for Critical Resource
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...
Use after free in Animation
The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue...
Uncontrolled Resource Consumption
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
Improper Input Validation
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address...
Incorrect Authorization
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook.Validating Admission Webhook does not observe some previous fields...
Weak Password Recovery Mechanism for Forgotten Password
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...
Use of Multiple Resources with Duplicate Identifier
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker...
Integer Overflow or Wraparound
An integer overflow issue exists in Godot Engine that can be triggered when loading specially crafted TGA image files...
Out-of-bounds Write
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Information Exposure
Nacos suffers from a flaw where users can access service details when unauthenticated. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged...
Allocation of Resources Without Limits or Throttling
The Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests...
Improper Input Validation
Istio mishandles certain access tokens, leading to Epoch 0 terminated with an error in Envoy. This is related to a jwtauthenticator.cc segmentation fault...
Path Traversal in Action View
File Content Disclosure in Action View Impact ------ There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents. Th...
Information Exposure
The Jenkins AWS CodeDeploy Plugin contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher...
Command injection vulnerability
VladTheEnterprising Gem for Ruby contains a flaw as the program creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/my.cnf.targethost file they can overwrite arbitrary files, gain access to the MySQL root password, or inject arbitrary...
XSS vulnerability in old test script
Cross-site scripting vulnerability in ADOdb allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Possible Information Leak Vulnerability
Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: def index; render params:id; end Carefully crafted requests can cause the above code to render files from unexpect...
Possible Input Validation Circumvention
Code that uses Active Model based models including Active Record models and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacte...
nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields
In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoint also...
Dragonfly incorrectly handles a task structure’s usedTrac field
The processPieceFromSource method figure 4.1 is part of a task processing mechanism. The method writes pieces of data to storage, updating a Task structure along the way. The method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to the...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
Remote code execution in web server context
User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server...
Use of Insufficiently Random Values
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
Uncontrolled Resource Consumption
This advisory has been marked as a false positive...
Exposure of Sensitive Information to an Unauthorized Actor
Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine...
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
Out-of-bounds Read
Open Asset Import Library assimp commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes...
Exposure of Resource to Wrong Sphere
Ethermint is an Ethereum library. In Ethermint running versions before v0.17.2, the contract selfdestruct invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the DeleteAccountfunction, all contracts that used the identical bytecod...
NULL Pointer Dereference
OFFIS DCMTK's All versions prior to 3.6.7 has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public, any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account...
Django Allows Arbitrary URL Generation
The django.http.HttpRequest.gethost function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values...
Django Vulnerable to Cache Poisoning
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...
NULL Pointer Dereference
The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...
Exposed Dangerous Method or Function
An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context...
Use after free in Animation
Use after free in Animation. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other publi...
Improper Input Validation
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...
Information Exposure
An issue was discovered in in HyperKitty When importing a private mailing list's archives, these archives are publicly visible for the duration of the import...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...