Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...

SwiftTerm Code Injection vulnerability

Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands...

Improper Neutralization of Special Elements used in a Command ('Command Injection')

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...

jsonij vulnerable to stack exhaustion

An issue was discovered jmarsden/jsonij through 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

Uncontrolled Resource Consumption in LengthPrefixedMessageReader

Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service...

Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift standard...

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...

Out-of-bounds Read

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3decodeblock out-of-bounds read...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

Missing Authorization

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

Memory Allocation with Excessive Size Value

A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is...

Insufficient Session Expiration

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The aimeos aka Aimeos shop and e-commerce framework extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account...

FormEncode Access Restrictions Bypass

schema.py in FormEncode for Python python-formencode 1.0 does not apply the chainedvalidators feature, which allows attackers to bypass intended access restrictions via unknown vectors...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the Apache Solr Search solr extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Django cross-site request forgery (CSRF) vulnerability

The administration application in Django 0.91.x, 0.95.x, and 0.96.x stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified...

Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket

If no TLS configuration is provided by the user, the websocket package constructs its own TLS configuration using recommended defaults...

Incomplete Cleanup

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in AjaxNetProfessional...

Cross-Site Request Forgery (CSRF)

twill is vulnerable to Cross-Site Request Forgery CSRF...

Path Traversal

bblfshd is an open source self-hosted server for source code parsing. In bblfshd there is a zipslip vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may le...

Improper Restriction of XML External Entity Reference

The package glances are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

Improper Authentication

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within the app, as well as any...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The media2click aka 2 Clicks for External Media extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account...

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

Release of Invalid Pointer or Reference

An issue was discovered in USC iLab cereal. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if a std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same address...

XML Entity Expansion

go-yaml is vulnerable to a Billion Laughs Attack...

CoAPthon DoS due to Exceptions

The Serialize.deserialize method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client when they receive...

Insufficiently Protected Credentials

The Jenkins AWS CodeDeploy Plugin does not properly protect credentials in AWSCodeDeployPublisher...

Path Traversal

node module suffers from a Path Traversal vulnerability due to lack of validation of files, which allows a malicious user to read content of any file with known path...

Improper Link Resolution Before File Access ('Link Following')

lib/vlad/dba/mysql.rb in the VladTheEnterprising gem for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.targethost...

swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability

The HTTP/2 MadeYouReset vulnerability has a mild effect on swift-nio-http2. swift-nio-http2 mostly protects against MadeYouReset by using a number of existing denial-of-service prevention patterns that we added in response to the RapidReset vulnerabilities. The result is that servers are not...

Flask-AppBuilder open redirect vulnerability using HTTP host injection

Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests...

Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

Admidio Vulnerable to HTML Injection In The Messages Section

An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server...

Adguard Home arbitrary file read vulnerability

An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory...

frappejs was discovered to contain a prototype pollution via the function registerView

airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability

An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...

CasaOS Username Enumeration

Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error "User does not exist", If the...

Incorrect Resource Transfer Between Spheres

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

Gitea allowed assignment of private issues

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea there was no permission check for fetching the issue. As a result, the attacker would get access to private issue title...

Authentication Bypass Using an Alternate Path or Channel

The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places e.g., p1.xml instead of p1...

Arbitrary file deletion in gitea

An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service DoS via deleting the configuration file...

Authorization bypass in Istio

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...

Improper Neutralization

Improper Neutralization in github.com/aws/aws-sdk-go/service/s3/s3crypto...

Improper Authentication

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross Site Scripting XSS vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page...